Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

various and assorted problems, internet and system

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

various and assorted problems, internet and system

Unread postby cmili » January 28th, 2010, 7:48 pm

while a know a bit about what i do with computers, it's just a bit and nothing about malware, etc. I'm travelling now (in England) and don't have my usual experts/friends from whom I can get help, so if you guys can help (and over the weekend) it will really be great because I'm really in trouble.
I use Windows XP SP3 (I imagine you guys can figure that out from the log files, but might as weel write it)
Symptoms:
1. I use primarily IE7; suddenly (3 days ago) just after I checked into a hotel which gave free wireless, all sorts of unasked pages (pornography, gambling) would come up, not all the time, but more than enough to be very annoying.
2. TaskManager shows me at 20-35% when doing nothing at all.
3. System restore does not work.
4. System upgrades refuses to stay enabled and changes all the time to disabled.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:37, on 29/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\X1\X1FileMonitor.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\Tclock\tclock.exe
C:\Program Files\X1\X1Systray.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nuance OmniPage 17-reminder] "C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [mawozetaj] Rundll32.exe "c:\windows\system32\ziniguhe.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Kaluach3.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: X1.lnk = C:\Program Files\X1\X1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Kaluach3.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe (User 'Default user')
O4 - .DEFAULT Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'Default user')
O4 - .DEFAULT Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'Default user')
O4 - .DEFAULT Startup: X1.lnk = C:\Program Files\X1\X1.exe (User 'Default user')
O4 - Startup: Kaluach3.lnk = ?
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe
O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe
O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\wesofege.dll wipalego.dll c:\windows\system32\ziniguhe.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O21 - SSODL: tegoyihas - {7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll (file missing)
O21 - SSODL: yokebijan - {a2eaa3a6-ed54-4113-aa94-b98ecd8c039c} - c:\windows\system32\ziniguhe.dll
O22 - SharedTaskScheduler: mujuzedij - {7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {a2eaa3a6-ed54-4113-aa94-b98ecd8c039c} - c:\windows\system32\ziniguhe.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 16158 bytes

Access Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Reader 8.1.2
Ample Notice for Windows
Camera Center
Client Security - Password Manager
ClipCache Pro 3.1.0
CloneCD
Compare It!
Compare It!
Conexant HD Audio
DirectXInstallService
Drag-to-Disc
EASEUS Partition Master 4.1.1 Home Edition
GiPo@MoveOnBoot 1.9.5
HDD Health v3.3 Beta
Help Center
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Integrated Camera Driver Installer Package Ver.1.18.500.0
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel® Active Management Technology
Intel® Trusted Platform Module
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 16
Java(TM) 6 Update 17
Judaic Classics Library
KeyText v3
Lenovo Fingerprint Software
Lenovo Registration
Message Center
Michal
Micro Logic Info Select 2007
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 English User Interface Pack
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word Viewer 97
Mobile Broadband Connect
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nuance OmniPage 17
OGA Notifier 2.0.0048.0
On Screen Display
PC-Doctor 5 for Windows
Presentation Director
Productivity Center Supplement for ThinkPad
RealPlayer
Rescue and Recovery
Responsa CD9
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Creator Business Edition
Roxio Express Labeler 3
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype web features
Skype™ 4.1
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Sophos Anti-Rootkit 1.5.0
System Update
THE Rename 2.1.6
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Total Commander (Remove or Repair)
Ultralingua 5.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless BroadbandAccess Self Activation
Wallpapers
Windows Defender
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3)
Windows Imaging Component
Windows Live Toolbar
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
X1
XnView 1.95.4
XP Themes
חבילת תאימות עבור מהדורת 2007 של מערכת Office

Thanks so much for helping.
cmili
cmili
Active Member
 
Posts: 8
Joined: January 28th, 2010, 7:26 pm
Advertisement
Register to Remove

Re: various and assorted problems, internet and system

Unread postby MWR 3 day Mod » January 31st, 2010, 10:49 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: various and assorted problems, internet and system

Unread postby xixo_12 » February 4th, 2010, 7:18 am

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and I will guide you to encounter the problem that you have now.
  • We will work together and I need your attention to read all those instruction carefully.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • You may wish to print them off or copy the instruction into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Please post your replies to this thread only and keep interact with me until your computer is clean.

Everything I post to you will be review by MRU Teacher. This process will impact my response time to you. Be patient. ;)
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

Please make sure you have done your reading on this topic : How to get help at this forum

I will back to you soon. ;)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: various and assorted problems, internet and system

Unread postby xixo_12 » February 5th, 2010, 6:07 pm

Hi,
Let's proceed.

No Antivirus!.
  • Antivirus help you to give the maximum protection for the system.
  • You are advice to have only ONE antivirus running on the system.
  • Please consider one of this program and install it now:

Next,
Reboot into the usual account.

Next,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next,
Checklist.
Please post.
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: various and assorted problems, internet and system

Unread postby cmili » February 6th, 2010, 6:45 pm

Hi Xixo_12,

Thanks for helping me out!

First let me tell you what I have done since I originally posted on this forum on 29 January. (This is a laptob which I just started using for one trip before this trip, and had not yet set it up the way I wanted to). Once I saw that I was not getting a very quick reply from this forum (this is not a complaint, I realize that you people are all volunteers, and I really appeciate the work you are doing to help me and others, but the fact is that it took a lot of time -- many infected computers out there -- and so I had to look for some solution), I started looking for something that coould help me. I first downloaded Sophos ant-rootkit, but it did nothing. (I have since uninstalled it). I then tried to download malware bytes antimalware, and saw that the exe file was misisng in the install, and that was a good sign, since it meant that the malware on my computer knew the program would attack it. I managed to install MBAM and it did its tricks, and I no longer have redirection to not-requested-for internet sites and things like that, but I suspect that sme nasties are still in my computer. (My main reason to be suspicious is that the amount of data my computer is uploading is very large).

I also installed Security Essentials and Online Armour.

I downloaded RSIT and the logs are below.

GMER.NET cannot be accessed. I found a file called gmer.exe (1.0.15.15087) on a site called wareseeker.com, but did not run it, and will not until I hear from you.

info.txt logfile of random's system information tool 1.06 2010-02-06 22:51:41

======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Ample Notice for Windows-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ANW2\Uninst.isu"
Camera Center-->MsiExec.exe /X{668ACF05-E455-4932-A2D2-5822A8206FEB}
Client Security - Password Manager-->MsiExec.exe /I{44E9D4C2-946C-4378-9354-558803C47A68}
ClipCache Pro 3.1.0-->"C:\Program Files\ClipCache\unins000.exe"
CloneCD-->"C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
Compare It!-->"C:\Program Files\Compare It!\unins000.exe"
Compare It!-->"C:\Program Files\Compare It!\unins001.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ITPKDCHI5.INF
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
EASEUS Partition Master 4.1.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 4.1.1 Home Edition\unins000.exe"
GiPo@MoveOnBoot 1.9.5-->MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
HDD Health v3.3 Beta-->"C:\Program Files\HDD Health\unins000.exe"
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB949764)-->"C:\WINDOWS\$NtUninstallKB949764$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Integrated Camera Driver Installer Package Ver.1.18.500.0-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Integrated Camera TWAIN-->C:\Program Files\InstallShield Installation Information\{356C896A-6BE6-487D-AA37-C999F945E6CF}\setup.exe -runfromtemp -l0x0009 -removeonly
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel« Active Management Technology-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel« Trusted Platform Module-->C:\WINDOWS\system32\iTPMudlg.exe -uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 16-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150160}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Judaic Classics Library-->MsiExec.exe /I{5A46FE43-08E6-11D5-942B-0000E8932E05}
KeyText v3-->"C:\Program Files\KeyText\unins000.exe"
Lenovo Fingerprint Software-->MsiExec.exe /X{8EF140A7-B1D6-464E-82B4-C8925202FE54}
Lenovo Registration-->C:\Program Files\Lenovo Registration\uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\drek\unins000.exe"
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Michal-->C:\WINDOWS\unmichal.exe
Micro Logic Info Select 2007-->C:\PROGRA~1\INFOSE~1\UNWISE.EXE C:\PROGRA~1\INFOSE~1\install.dat
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 English User Interface Pack-->MsiExec.exe /I{901E0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word Viewer 97-->C:\Program Files\WordView\setup\setup.exe
Mobile Broadband Connect-->MsiExec.exe /I{08163A7B-A683-4201-9166-BA4E65D263ED}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nuance OmniPage 17-->MsiExec.exe /I{34AFE453-F544-4269-89C9-CAB7F0744963}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Online Armor 3.5-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Rescue and Recovery-->MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
Responsa CD9-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\RESPON~1\Uninst.isu
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Creator Business Edition-->C:\Documents and Settings\All Users\Application Data\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Business Edition-->MsiExec.exe /I{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
SkypeÖ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
THE Rename 2.1.6-->"C:\Program Files\THE Rename\unins000.exe"
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\Setup.exe" -l0x9 UNINSTALL
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\SETUP.EXE" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\Setup.exe" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Total Commander (Remove or Repair)-->c:\Program Files\Totalcmd\tcuninst.exe
Ultralingua 5.0-->"C:\Program Files\Ultralingua\Ultralingua 5\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Verizon Wireless BroadbandAccess Self Activation-->MsiExec.exe /I{3F963A06-7C18-4039-9789-9644B3266AE7}
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\atswpwdf_A57C5C0A17B945D4A0696BA72895CD59734EF6D9\atswpwdf.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar-->MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
X1-->MsiExec.exe /I{B59200E8-9283-41ED-B618-0B0DB06CDE8B}
XnView 1.95.4-->"C:\Program Files\XnView\unins000.exe"
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
τßΘ∞· ·αΘεσ· ≥ßσ° εΣπσ°· 2007 ∙∞ ε≥°δ· Office-->MsiExec.exe /X{90120000-0020-040D-0000-0000000FF1CE}

======Security center information======

AV: Microsoft Security Essentials
FW: Online Armor Firewall

======System event log======

Computer Name: LENOVO
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 1971
Source Name: Print
Time Written: 20100111165255.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO
Event Code: 3
Message: Printer Auto Microsoft Office Document Image Writer on CHAIM was deleted.

Record Number: 1970
Source Name: Print
Time Written: 20100111165254.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO
Event Code: 4
Message: Printer Auto Microsoft Office Document Image Writer on CHAIM is pending deletion.

Record Number: 1969
Source Name: Print
Time Written: 20100111165252.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.

Record Number: 1968
Source Name: Print
Time Written: 20100111165252.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.

Record Number: 1967
Source Name: Print
Time Written: 20100111165250.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: LENOVO-865825C6
Event Code: 5603
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 11
Source Name: WinMgmt
Time Written: 20090608142249.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO-865825C6
Event Code: 5603
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 10
Source Name: WinMgmt
Time Written: 20090608142249.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO-865825C6
Event Code: 5603
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 9
Source Name: WinMgmt
Time Written: 20090608142248.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO-865825C6
Event Code: 4354
Message: The COM+ Event System failed to fire the StartShell method on subscription {F6FE5592-FCBC-44AD-A836-D37F5085ED5B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 3
Source Name: EventSystem
Time Written: 20090608051809.000000+180
Event Type: warning
User:

Computer Name: LENOVO-865825C6
Event Code: 4354
Message: The COM+ Event System failed to fire the Logon method on subscription {F6FE5592-FCBC-44AD-A836-D37F5085ED5B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 1
Source Name: EventSystem
Time Written: 20090608051748.000000+180
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\;c:\Program Files\Common Files\Lenovo;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Lenovo\Client Security Solution
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=170a
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"SWSHARE"=C:\SWSHARE
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TPCCommon"=C:\PROGRA~1\THINKV~1\PrdCtr
"TVT"=C:\Program Files\Lenovo
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24
"windir"=%SystemRoot%

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by owner at 2010-02-06 22:51:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (37%) free of 108 GB
Total RAM: 3032 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:38, on 06/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\X1\X1FileMonitor.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Kaluach3\Kaluach3.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\Tclock\tclock.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\X1\X1.exe
C:\Program Files\X1\X1Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\X1\textExtractor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nuance OmniPage 17-reminder] "C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Kaluach3.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: X1.lnk = C:\Program Files\X1\X1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Kaluach3.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe (User 'Default user')
O4 - .DEFAULT Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'Default user')
O4 - .DEFAULT Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'Default user')
O4 - .DEFAULT Startup: X1.lnk = C:\Program Files\X1\X1.exe (User 'Default user')
O4 - Startup: Kaluach3.lnk = ?
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe
O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe
O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Θ÷α ∞- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ετ≈° - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buy-internet-security10.com
O15 - Trusted Zone: http://*.is-soft-download.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\wesofege.dll wipalego.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O21 - SSODL: tegoyihas - {7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel« PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel« PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel« PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 16797 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-10 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-14 808248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2008-05-29 367128]
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-06-08 60192]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-07 181536]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-04 242976]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-03-07 167936]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2008-05-10 9318400]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-15 487424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-06-08 165208]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-06-08 124248]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\amsg.exe [2007-02-01 419376]
"CameraApplicationLauncher"=C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [2008-07-10 16384]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-07-15 425984]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-07-15 143360]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2008-06-14 3073336]
"CloneCDElbyCDFL"=C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056]
"CloneCDTray"=C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [2002-12-02 73728]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-10 198160]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Nuance OmniPage 17-reminder"=C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe [2008-11-03 54560]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-07-11 2160840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"X1FileMonitor.exe"=C:\Program Files\X1\X1FileMonitor.exe [2007-05-14 428544]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"HDDHealth"=C:\Program Files\HDD Health\HDDHealth.exe [2008-06-15 1692672]
"OpAgent"=OpAgent.exe /agent []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Documents and Settings\owner\Start Menu\Programs\Startup
Kaluach3.lnk - C:\Program Files\Kaluach3\Kaluach3.exe
KeyText.lnk - C:\Program Files\KeyText\KeyText.exe
tclock.lnk - C:\Program Files\Tclock\tclock.exe
X1 System Tray.lnk - C:\Program Files\X1\X1Systray.exe
X1.lnk - C:\Program Files\X1\X1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\wesofege.dll wipalego.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-07-15 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ATFUS]
C:\WINDOWS\system32\FpWinLogonNp.dll [2008-05-10 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
tegoyihas - {7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
mujuzedij - {7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-07-11 336584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Info Select\is.exe"="C:\Program Files\Info Select\is.exe:*:Enabled:Info Select"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-06 22:51:16 ----D---- C:\rsit
2010-02-05 11:04:36 ----D---- C:\Documents and Settings\owner\Application Data\OnlineArmor
2010-02-05 11:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2010-02-05 11:03:38 ----D---- C:\Program Files\Tall Emu
2010-02-05 01:05:24 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-02-04 01:19:07 ----D---- C:\Outlook Express
2010-02-03 00:12:00 ----D---- C:\Documents and Settings\owner\Application Data\Malwarebytes
2010-02-03 00:05:26 ----D---- C:\Program Files\drek
2010-02-03 00:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-03 00:00:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-01 21:27:50 ----A---- C:\DREK.BAK
2010-02-01 01:24:23 ----D---- C:\WINDOWS\system32\org
2010-02-01 00:58:02 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-01-28 17:29:21 ----D---- C:\Program Files\Sophos
2010-01-28 15:59:36 ----D---- C:\WINDOWS\Sun
2010-01-19 11:36:24 ----D---- C:\Outlook Express import
2010-01-13 03:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 03:06:40 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-11 22:43:56 ----D---- C:\Program Files\Davka
2010-01-11 19:38:57 ----D---- C:\CloneCD Images
2010-01-11 19:30:09 ----D---- C:\Documents and Settings\owner\Application Data\FLEXnet
2010-01-11 19:30:01 ----D---- C:\Documents and Settings\owner\Application Data\Zeon
2010-01-11 19:29:58 ----D---- C:\Documents and Settings\owner\Application Data\ScanSoft
2010-01-11 19:05:29 ----D---- C:\Documents and Settings\owner\Application Data\Nuance
2010-01-11 19:05:23 ----A---- C:\WINDOWS\MAXLINK.INI
2010-01-11 19:04:39 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2010-01-11 19:03:28 ----D---- C:\Program Files\Nuance
2010-01-11 19:03:28 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2010-01-11 18:43:55 ----D---- C:\OmniPage Professional 17
2010-01-11 18:40:12 ----D---- C:\Program Files\Trend Micro
2010-01-11 18:39:43 ----D---- C:\Program Files\Common Files\Gibinsoft Shared
2010-01-11 18:39:42 ----D---- C:\Program Files\GiPo@Utilities
2010-01-11 18:37:33 ----D---- C:\Program Files\Compare It!
2010-01-11 18:20:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-11 18:20:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-11 18:20:27 ----A---- C:\WINDOWS\system32\java.exe
2010-01-11 18:17:45 ----A---- C:\WINDOWS\RESPONSA.INI
2010-01-11 18:16:53 ----D---- C:\Program Files\ResponsaCD9
2010-01-11 17:39:08 ----D---- C:\Program Files\MSECache
2010-01-11 17:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-01-11 17:37:17 ----D---- C:\Documents and Settings\owner\Application Data\Office Genuine Advantage
2010-01-11 16:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\zh-TW
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\zh-HK
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\tr-TR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\sv-SE
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\pt-BR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\nl-NL
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\nb-NO
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\ko-KR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\it-IT
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\he-IL
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\fr-FR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\fi-FI
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\es-ES
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\el-GR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\de-DE
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\da-DK
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\ar-SA
2010-01-11 15:31:52 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-11 15:31:52 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-11 15:31:52 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-11 00:16:29 ----D---- C:\Program Files\Microsoft Security Essentials
2010-01-10 23:56:20 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-01-10 23:56:15 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-01-10 23:56:15 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-01-10 23:56:14 ----D---- C:\Program Files\Common Files\xing shared
2010-01-10 23:55:55 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-10 23:55:54 ----D---- C:\Program Files\Real
2010-01-10 23:55:54 ----D---- C:\Program Files\Common Files\Real
2010-01-10 23:55:53 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-01-10 23:55:51 ----D---- C:\Documents and Settings\owner\Application Data\Real
2010-01-10 23:36:44 ----D---- C:\Documents and Settings\owner\Application Data\Roxio
2010-01-10 23:33:39 ----D---- C:\Program Files\HDD Health
2010-01-10 14:53:19 ----D---- C:\Program Files\Info Select

======List of files/folders modified in the last 1 months======

2010-02-06 22:51:38 ----D---- C:\WINDOWS\Prefetch
2010-02-06 22:49:40 ----D---- C:\WINDOWS\Temp
2010-02-06 20:48:59 ----A---- C:\WINDOWS\wincmd.ini
2010-02-06 18:49:04 ----SD---- C:\WINDOWS\Tasks
2010-02-06 18:48:47 ----AD---- C:\WINDOWS\system32
2010-02-06 18:48:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-06 18:45:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-06 18:45:32 ----D---- C:\Documents and Settings\owner\Application Data\Skype
2010-02-06 18:44:28 ----A---- C:\sysiclog.txt
2010-02-06 18:44:23 ----A---- C:\Log.txt
2010-02-06 18:44:11 ----A---- C:\WINDOWS\system32\log.txt
2010-02-06 18:44:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-06 18:43:47 ----A---- C:\WINDOWS\system32\ICAutoUpdate.log.bak
2010-02-06 18:42:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-05 11:04:12 ----HD---- C:\WINDOWS\inf
2010-02-05 11:03:56 ----D---- C:\WINDOWS\system32\drivers
2010-02-05 11:03:38 ----RD---- C:\Program Files
2010-02-05 08:51:25 ----D---- C:\WINDOWS\security
2010-02-05 08:22:32 ----SHD---- C:\WINDOWS\Installer
2010-02-05 08:22:31 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-05 08:22:04 ----D---- C:\Documents and Settings
2010-02-05 01:05:24 ----AD---- C:\WINDOWS
2010-02-03 10:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-02 01:38:41 ----RD---- C:\My Documents
2010-02-01 16:58:16 ----D---- C:\Program Files\KeyText
2010-02-01 01:25:50 ----A---- C:\WINDOWS\system32\command.com
2010-02-01 01:25:44 ----A---- C:\WINDOWS\system.ini
2010-01-31 13:06:57 ----D---- C:\Program Files\Michal
2010-01-31 12:38:44 ----A---- C:\WINDOWS\setuplog.txt
2010-01-29 17:02:43 ----A---- C:\WINDOWS\imsins.BAK
2010-01-29 17:02:28 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-29 00:29:43 ----SHD---- C:\System Volume Information
2010-01-29 00:29:43 ----D---- C:\WINDOWS\system32\Restore
2010-01-24 02:21:26 ----D---- C:\Program Files\Internet Explorer
2010-01-24 02:14:02 ----ASHD---- C:\WINDOWS\system32\dllcache
2010-01-24 02:13:55 ----D---- C:\WINDOWS\system32\en-US
2010-01-22 06:00:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-19 11:54:57 ----D---- C:\Programs
2010-01-19 11:54:57 ----D---- C:\Help
2010-01-19 11:35:52 ----D---- C:\My Downloads - pdf
2010-01-19 11:33:42 ----D---- C:\My Downloads - htm
2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-13 03:09:01 ----A---- C:\WINDOWS\win.ini
2010-01-13 03:08:09 ----RSD---- C:\WINDOWS\assembly
2010-01-11 22:44:01 ----RSD---- C:\WINDOWS\Fonts
2010-01-11 19:05:11 ----D---- C:\WINDOWS\WinSxS
2010-01-11 18:47:34 ----D---- C:\Program Files\Common Files\Installshield
2010-01-11 18:39:43 ----D---- C:\Program Files\Common Files
2010-01-11 18:20:14 ----D---- C:\Program Files\Java
2010-01-11 17:42:23 ----D---- C:\Program Files\Microsoft Office
2010-01-11 17:42:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-11 17:18:59 ----D---- C:\WINDOWS\AppPatch
2010-01-11 16:51:42 ----D---- C:\Program Files\Microsoft Works
2010-01-11 16:45:10 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-11 00:16:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-07-02 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-09 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-09 28120]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-07-13 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-06-08 4608]
R1 tvtumon;tvtumon; C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-05-09 46144]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2007-06-19 35064]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2007-06-19 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2007-06-19 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2007-06-19 105048]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2007-06-19 26744]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2007-06-19 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2007-06-19 98136]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2007-06-19 93752]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-03-20 11904]
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2009-06-08 33536]
R3 5U875UVC;Integrated Camera; C:\WINDOWS\system32\DRIVERS\5U875.sys [2008-04-22 72448]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-03-07 154672]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\WINDOWS\System32\Drivers\ATSwpWDF.sys [2008-05-10 475136]
R3 BTDriver;ε≡Σ∞ Σ·≈∩ ·≈∙σ°· σΘ°Φσα∞Θ· Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-03-27 990632]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2008-05-22 754176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-03-27 244368]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-02-20 22696]
R3 NETw5x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-05-01 3627776]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-08 30144]
R3 tpm;tpm; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-03-26 13824]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2008-02-23 37312]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 btaudio;Σ·≈∩ ∙ε≥ Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-03-10 534312]
S3 BTWDNDIS;∙°· ΓΘ∙Σ LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\F6.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-07-15 90112]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-07-15 212992]
R2 astcc;AST Service; C:\WINDOWS\system32\ASTSRV.EXE [2009-08-24 61760]
R2 ATService;AuthenTec Fingerprint Service; C:\WINDOWS\system32\AtService.exe [2008-05-10 1160440]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-03-28 342624]
R2 EvtEng;Intel« PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-06 815104]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-02-20 36128]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-05-29 174616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-07-11 362184]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-07-13 94208]
R2 RegSrvc;Intel« PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-06 466944]
R2 S24EventMonitor;Intel« PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-05-06 901120]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-05-25 32768]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-07-11 3285704]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2008-06-14 746808]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-15 37416]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2008-06-14 779576]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-15 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-05-15 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-05-15 1155072]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 253952]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FingerprintServer;Fingerprint Server; C:\WINDOWS\system32\FpLogonServ.exe [2008-05-10 102400]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-07 855552]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Thanks,
cmili
cmili
Active Member
 
Posts: 8
Joined: January 28th, 2010, 7:26 pm

Re: various and assorted problems, internet and system

Unread postby xixo_12 » February 7th, 2010, 7:49 am

Hi,

First,
***Important :
  • You're advised to reply one log per post.
    Please have a look on the Checklist. area to know what is the logs that I'm looking for.
  • While I am helping you with your computer, please don't Install, Uninstall, remove or change anything unless I ask.


Next,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Online Armor 3.5 <<You can reinstall after the system is clean

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next,
ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links)
Save as Combo-Fix.exe <<Please have a look on file name. You have to change.
Link 1
Link 2

**IMPORTANT !!! Save Combo-Fix.exe to your Desktop**

  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    WINDOWS DEFENDER and MICROSOFT SECURITY ESSENTIALS

    A guide to do this can be found here
  • Double click on Combo-Fix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Analyze file(s).
Please visit Jotti.
Click on browse > copy below link (one by one) and paste on the File name box > Click Open:
C:\WINDOWS\wincmd.ini
C:\Log.txt
C:\WINDOWS\system32\log.txt
C:\WINDOWS\system32\ICAutoUpdate.log.bak

  • Press Submit file - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next,
Checklist.
Please post.
  • Content of ComboFix.txt
  • 4 Web links for my reference
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: various and assorted problems, internet and system

Unread postby cmili » February 9th, 2010, 6:05 pm

Again, thanks for you help. Here are the things you asked for.

ComboFix 10-02-09.02 - owner 02/09/2010 23:46:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3032.2389 [GMT 2:00]
Running from: c:\documents and settings\owner\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\owner\Desktop\Internet Security 2010.lnk
C:\LOG.TXT
c:\recycler\S-1-5-21-3684950286-131330544-825657260-500
c:\windows\system32\command.pif
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-06 21:53 . 2010-02-06 21:53 -------- d-----w- c:\program files\CCleaner
2010-02-06 21:04 . 2010-02-06 21:05 -------- d-----w- C:\gmer
2010-02-06 20:51 . 2010-02-06 22:19 -------- d-----w- C:\rsit
2010-02-03 23:19 . 2010-02-04 13:42 -------- d-----w- C:\Outlook Express
2010-02-02 22:12 . 2010-02-02 22:12 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- c:\program files\drek
2010-02-02 22:00 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 22:00 . 2010-02-02 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 22:00 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 22:00 . 2010-02-02 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 23:24 . 2010-02-01 14:46 -------- d-----w- c:\windows\system32\org
2010-01-31 22:58 . 2010-01-31 22:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-31 17:48 . 2010-01-31 17:48 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\PCHealth
2010-01-31 12:40 . 2010-01-31 12:40 34304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1B145128-14CB-58E2-C64A-5C3AB2E9E493}-smss32.exe
2010-01-31 12:36 . 2010-01-31 12:36 34304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{38BF7B5F-1F16-20E1-DD70-CDD61A7D3B95}-smss32.exe
2010-01-31 12:35 . 2010-01-31 12:35 52224 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D1807EAC-DA88-CC19-55C9-BACF926BE420}-wipalego.dll
2010-01-31 12:35 . 2010-01-31 12:35 34304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D976C4CF-EA6D-4027-486F-8B8EA7431146}-smss32.exe
2010-01-31 12:35 . 2010-01-31 12:35 52224 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21C80C8D-4BD9-D325-AE25-42D02B33C5ED}-wipalego.dll
2010-01-28 15:29 . 2010-02-06 20:22 -------- d-----w- c:\program files\Sophos
2010-01-28 13:59 . 2010-01-28 13:59 -------- d-----w- c:\windows\Sun
2010-01-19 09:36 . 2010-01-19 22:20 -------- d-----w- C:\Outlook Express import
2010-01-14 17:54 . 2010-01-14 17:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-13 01:06 . 2010-01-13 01:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-11 20:44 . 2010-01-11 20:44 667648 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{5A46FE43-08E6-11D5-942B-0000E8932E05}\Jcl.exe
2010-01-11 20:43 . 2010-01-11 20:43 -------- d-----w- c:\program files\Davka
2010-01-11 17:38 . 2010-01-19 09:09 -------- d-----w- C:\CloneCD Images
2010-01-11 17:30 . 2010-01-11 17:30 -------- d-----w- c:\documents and settings\owner\Application Data\FLEXnet
2010-01-11 17:30 . 2010-01-11 17:30 -------- d-----w- c:\documents and settings\owner\Application Data\Zeon
2010-01-11 17:29 . 2010-01-11 17:29 -------- d-----w- c:\documents and settings\owner\Application Data\ScanSoft
2010-01-11 17:05 . 2010-01-11 17:05 -------- d-----w- c:\documents and settings\owner\Application Data\Nuance
2010-01-11 17:04 . 2010-01-11 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-01-11 17:03 . 2010-01-11 17:03 -------- d-----w- c:\program files\Nuance
2010-01-11 17:03 . 2010-01-11 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-11 16:43 . 2010-01-11 16:45 -------- d-----w- C:\OmniPage Professional 17
2010-01-11 16:40 . 2010-01-11 16:40 -------- d-----w- c:\program files\Trend Micro
2010-01-11 16:39 . 2010-01-11 16:39 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2010-01-11 16:39 . 2010-01-11 16:39 -------- d-----w- c:\program files\GiPo@Utilities
2010-01-11 16:37 . 2010-01-11 16:38 -------- d-----w- c:\program files\Compare It!
2010-01-11 16:18 . 2010-01-11 16:18 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-11 16:16 . 2010-01-11 16:17 -------- d-----w- c:\program files\ResponsaCD9
2010-01-11 15:39 . 2010-01-11 15:39 -------- d-----w- c:\program files\MSECache
2010-01-11 15:37 . 2010-01-11 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-11 15:37 . 2010-01-11 15:37 -------- d-----w- c:\documents and settings\owner\Application Data\Office Genuine Advantage
2010-01-11 14:48 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 13:31 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-11 13:31 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-10 22:16 . 2010-01-10 22:16 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-10 21:56 . 2010-01-10 21:56 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-10 21:55 . 2010-01-10 21:56 -------- d-----w- c:\program files\Common Files\Real
2010-01-10 21:55 . 2010-01-10 21:55 -------- d-----w- c:\program files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 21:51 . 2009-12-09 07:38 -------- d-----w- c:\documents and settings\owner\Application Data\Skype
2010-02-09 21:51 . 2009-12-07 12:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-03 08:05 . 2010-01-10 12:53 -------- d-----w- c:\program files\Info Select
2010-02-01 14:58 . 2009-12-07 12:55 -------- d-----w- c:\program files\KeyText
2010-01-31 23:25 . 2006-04-30 06:55 50620 ----a-w- c:\windows\system32\command.com
2010-01-31 11:06 . 2009-12-07 12:50 -------- d-----w- c:\program files\Michal
2010-01-14 09:12 . 2009-12-09 03:39 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 05:53 . 2009-06-08 01:35 114096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-11 16:47 . 2009-06-08 01:29 -------- d-----w- c:\program files\Common Files\Installshield
2010-01-11 16:20 . 2009-06-08 01:43 -------- d-----w- c:\program files\Java
2010-01-11 16:18 . 2009-12-19 22:38 79488 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 14:51 . 2009-06-08 11:22 -------- d-----w- c:\program files\Microsoft Works
2010-01-10 21:36 . 2010-01-10 21:36 -------- d-----w- c:\documents and settings\owner\Application Data\Roxio
2010-01-10 21:33 . 2010-01-10 21:33 -------- d-----w- c:\program files\HDD Health
2010-01-05 10:00 . 2006-04-30 06:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll
2009-12-12 23:41 . 2009-12-12 21:14 -------- d-----w- c:\program files\Tclock
2009-12-12 20:58 . 2009-12-12 20:58 -------- d-----w- c:\documents and settings\owner\Application Data\DefenseWall HIPS
2009-12-12 20:55 . 2009-12-09 07:48 -------- d-----w- c:\documents and settings\owner\Application Data\skypePM
2009-12-09 08:08 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-09 07:48 . 2009-12-09 07:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-06 15:48 . 2009-12-06 15:48 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-11-21 15:51 . 2006-04-30 06:55 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 09:18 . 2009-12-04 18:55 1673216 ----a-w- c:\windows\system32\BootMan.exe
1601-01-01 00:03 . 1601-01-01 00:03 55808 --sha-w- c:\windows\system32\dijuboru.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 55808 --sha-w- c:\windows\system32\nepusenu.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 55808 --sha-w- c:\windows\system32\woyadolu.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2007-05-14 428544]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-06-08 60192]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-07-10 16384]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-13 339968]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-13 208896]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-07-15 143360]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-10 198160]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\owner\Start Menu\Programs\Startup\
Kaluach3.lnk - c:\program files\Kaluach3\Kaluach3.exe [2008-7-11 1331200]
KeyText.lnk - c:\program files\KeyText\KeyText.exe [2009-12-7 1303200]
tclock.lnk - c:\program files\Tclock\tclock.exe [2009-12-12 44544]
X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2007-5-14 345088]
X1.lnk - c:\program files\X1\X1.exe [2007-5-14 4965888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-05-10 14:24 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Info Select\\is.exe"=

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28/11/2002 12:43 22016]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [15/05/2008 01:21 19496]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [09/05/2008 14:50 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/05/2008 16:11 1160440]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [08/06/2009 03:49 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [15/05/2008 01:25 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09/05/2008 14:50 253952]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [08/06/2009 03:33 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [08/06/2009 03:35 72448]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [08/06/2009 03:39 475136]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [08/06/2009 03:21 244368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [23/02/2008 00:54 37312]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [04/12/2009 20:55 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [04/12/2009 20:55 8456]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/05/2008 16:24 102400]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2010 00:00 19160]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F6.tmp --> c:\windows\system32\F6.tmp [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 17:15 1120752]
.
Contents of the 'Scheduled Tasks' folder

2010-02-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 12:54]

2010-02-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 15:36]

2010-02-09 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-08 16:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Θ÷α ∞- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: buy-internet-security10.com
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: buy-internet-security10.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OpAgent - OpAgent.exe
SharedTaskScheduler-{7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
SSODL-tegoyihas-{7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll
Notify-ACNotify - ACNotify.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 23:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\ATGinaHook.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(4812)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\X1\X1Service.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Completion time: 2010-02-09 23:53:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 21:53

Pre-Run: 42,654,281,728 bytes free
Post-Run: 42,534,850,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6AC65BF278B79D19E1894A7108948BAE





Jotti web links

http://virusscan.jotti.org/en/scanresul ... ecbebc2383

http://virusscan.jotti.org/en/scanresul ... c1177321a4

http://virusscan.jotti.org/en/scanresul ... 8fa73555ac

regarding C:\WINDOWS\system32\log.txt Jotti reported it was empty and so there was no result

cmili
cmili
Active Member
 
Posts: 8
Joined: January 28th, 2010, 7:26 pm

Re: various and assorted problems, internet and system

Unread postby xixo_12 » February 9th, 2010, 10:13 pm

Hi,
Let's proceed.

First,
CFScript
  • Close any open browsers.
  • Open notepad and copy/paste the text in the code box below into it:
    Code: Select all
    File::
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1B145128-14CB-58E2-C64A-5C3AB2E9E493}-smss32.exe
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{38BF7B5F-1F16-20E1-DD70-CDD61A7D3B95}-smss32.exe
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D1807EAC-DA88-CC19-55C9-BACF926BE420}-wipalego.dll
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D976C4CF-EA6D-4027-486F-8B8EA7431146}-smss32.exe
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21C80C8D-4BD9-D325-AE25-42D02B33C5ED}-wipalego.dll
    c:\windows\system32\ezsidmv.dat
    c:\windows\system32\dijuboru.dll.tmp
    c:\windows\system32\nepusenu.dll.tmp
    c:\windows\system32\woyadolu.dll.tmp
    
    Folder::
    c:\program files\Tclock
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{7425b55a-41f2-4534-a14b-cba47f91fe81}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    "{7425b55a-41f2-4534-a14b-cba47f91fe81}"=-
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. A guide to do this can be found here
    Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Fix entries.
  • Run the HiJack This.
  • Click on Do a system scan only button.
  • Search the entries as below and tick at the small box.
    O4 - S-1-5-18 Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'Default user')
    O4 - Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe
    O15 - Trusted Zone: http://*.buy-internet-security10.com
    O15 - Trusted Zone: http://*.is-soft-download.com
    O15 - Trusted Zone: http://*.is-software-download.com
    O15 - Trusted Zone: http://*.is-software-download25.com
    O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM)
    O20 - AppInit_DLLs: c:\windows\system32\wesofege.dll wipalego.dll
    O21 - SSODL: tegoyihas - {7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll (file missing)
    O22 - SharedTaskScheduler: mujuzedij - {7425b55a-41f2-4534-a14b-cba47f91fe81} - c:\windows\system32\wesofege.dll (file missing)
  • Close any other program and leave HiJackThis program alone.
  • Click Fix checked.

Next,
Reboot into the usual account.

Next,
RSIT.
  • Copy the code as below by highlight > right click > copy:
    Code: Select all
    "%userprofile%\desktop\rsit.exe" /info
  • Click on start > Run....
  • Paste the code into the box and click OK.
  • Click on Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
Checklist.
Please post.
  • Content of ComboFix.txt
  • Content of log.txt and info.txt (Find both in c:\rsit)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: various and assorted problems, internet and system

Unread postby cmili » February 10th, 2010, 4:13 am

Hi -

Here's what you asked for:

ComboFix 10-02-09.02 - owner 02/10/2010 9:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3032.2322 [GMT 2:00]
Running from: c:\documents and settings\owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\owner\Desktop\cfscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1B145128-14CB-58E2-C64A-5C3AB2E9E493}-smss32.exe"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21C80C8D-4BD9-D325-AE25-42D02B33C5ED}-wipalego.dll"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{38BF7B5F-1F16-20E1-DD70-CDD61A7D3B95}-smss32.exe"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D1807EAC-DA88-CC19-55C9-BACF926BE420}-wipalego.dll"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D976C4CF-EA6D-4027-486F-8B8EA7431146}-smss32.exe"
"c:\windows\system32\dijuboru.dll.tmp"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\nepusenu.dll.tmp"
"c:\windows\system32\woyadolu.dll.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1B145128-14CB-58E2-C64A-5C3AB2E9E493}-smss32.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21C80C8D-4BD9-D325-AE25-42D02B33C5ED}-wipalego.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{38BF7B5F-1F16-20E1-DD70-CDD61A7D3B95}-smss32.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D1807EAC-DA88-CC19-55C9-BACF926BE420}-wipalego.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D976C4CF-EA6D-4027-486F-8B8EA7431146}-smss32.exe
C:\LOG.TXT
c:\program files\Tclock
c:\program files\Tclock\lang\tclang-de.txt
c:\program files\Tclock\lang\tclang-el.txt
c:\program files\Tclock\lang\tclang-es.txt
c:\program files\Tclock\lang\tclang-fr.txt
c:\program files\Tclock\lang\tclang-it.txt
c:\program files\Tclock\lang\tclang-ja.txt
c:\program files\Tclock\lang\tclang-ko.txt
c:\program files\Tclock\lang\tclang-nl.txt
c:\program files\Tclock\lang\tclang-pl.txt
c:\program files\Tclock\lang\tclang-pt.txt
c:\program files\Tclock\lang\tclang-ru.txt
c:\program files\Tclock\lang\tclang-tr.txt
c:\program files\Tclock\lang\tclang-zh-cn.txt
c:\program files\Tclock\lang\tclang-zh-tw.txt
c:\program files\Tclock\lang\tclang.txt
c:\program files\Tclock\lang\tcmenu-de.txt
c:\program files\Tclock\lang\tcmenu-el.txt
c:\program files\Tclock\lang\tcmenu-es.txt
c:\program files\Tclock\lang\tcmenu-fr.txt
c:\program files\Tclock\lang\tcmenu-it.txt
c:\program files\Tclock\lang\tcmenu-ja.txt
c:\program files\Tclock\lang\tcmenu-ko.txt
c:\program files\Tclock\lang\tcmenu-nl.txt
c:\program files\Tclock\lang\tcmenu-pl.txt
c:\program files\Tclock\lang\tcmenu-pt.txt
c:\program files\Tclock\lang\tcmenu-ru.txt
c:\program files\Tclock\lang\tcmenu-tr.txt
c:\program files\Tclock\lang\tcmenu-zh-cn.txt
c:\program files\Tclock\lang\tcmenu-zh-tw.txt
c:\program files\Tclock\lang\tcmenu.txt
c:\program files\Tclock\readme.html
c:\program files\Tclock\source\common\alarmstruct.c
c:\program files\Tclock\source\common\autoformat.c
c:\program files\Tclock\source\common\bccexe.nas
c:\program files\Tclock\source\common\combobox.c
c:\program files\Tclock\source\common\command.h
c:\program files\Tclock\source\common\common.h
c:\program files\Tclock\source\common\exec.c
c:\program files\Tclock\source\common\font.c
c:\program files\Tclock\source\common\langcode.c
c:\program files\Tclock\source\common\localeinfo.c
c:\program files\Tclock\source\common\mousestruct.c
c:\program files\Tclock\source\common\nodeflib.c
c:\program files\Tclock\source\common\playfile.c
c:\program files\Tclock\source\common\reg.c
c:\program files\Tclock\source\common\selectfile.c
c:\program files\Tclock\source\common\soundselect.c
c:\program files\Tclock\source\common\tclang.c
c:\program files\Tclock\source\common\utl.c
c:\program files\Tclock\source\dll\bccdll.nas
c:\program files\Tclock\source\dll\bmp.c
c:\program files\Tclock\source\dll\dllutl.c
c:\program files\Tclock\source\dll\draw.c
c:\program files\Tclock\source\dll\format.c
c:\program files\Tclock\source\dll\formattime.c
c:\program files\Tclock\source\dll\main.c
c:\program files\Tclock\source\dll\main2.c
c:\program files\Tclock\source\dll\newapi.c
c:\program files\Tclock\source\dll\newapi.h
c:\program files\Tclock\source\dll\startbtn.c
c:\program files\Tclock\source\dll\startmenu.c
c:\program files\Tclock\source\dll\taskbar.c
c:\program files\Tclock\source\dll\taskswitch.c
c:\program files\Tclock\source\dll\tcdll.def
c:\program files\Tclock\source\dll\tcdll.h
c:\program files\Tclock\source\dll\tcdll.mak
c:\program files\Tclock\source\dll\tcdll.rc
c:\program files\Tclock\source\dll\tooltip.c
c:\program files\Tclock\source\dll\traynotify.c
c:\program files\Tclock\source\dll\userstr.c
c:\program files\Tclock\source\dll\wndproc.c
c:\program files\Tclock\source\exe\about.c
c:\program files\Tclock\source\exe\alarm.c
c:\program files\Tclock\source\exe\cmdopt.c
c:\program files\Tclock\source\exe\command.c
c:\program files\Tclock\source\exe\main.c
c:\program files\Tclock\source\exe\main2.c
c:\program files\Tclock\source\exe\menu.c
c:\program files\Tclock\source\exe\mouse.c
c:\program files\Tclock\source\exe\mouse2.c
c:\program files\Tclock\source\exe\tclock.h
c:\program files\Tclock\source\exe\tclock.ico
c:\program files\Tclock\source\exe\tclock.mak
c:\program files\Tclock\source\exe\tclock.rc
c:\program files\Tclock\source\exe\wndproc.c
c:\program files\Tclock\source\license.txt
c:\program files\Tclock\source\Makefile
c:\program files\Tclock\source\player\dialog.c
c:\program files\Tclock\source\player\main.c
c:\program files\Tclock\source\player\player.c
c:\program files\Tclock\source\player\resource.h
c:\program files\Tclock\source\player\tclock.ico
c:\program files\Tclock\source\player\tclock.manifest
c:\program files\Tclock\source\player\tcplayer.h
c:\program files\Tclock\source\player\tcplayer.ico
c:\program files\Tclock\source\player\tcplayer.mak
c:\program files\Tclock\source\player\tcplayer.rc
c:\program files\Tclock\source\property\alarmday.c
c:\program files\Tclock\source\property\main.c
c:\program files\Tclock\source\property\pagealarm.c
c:\program files\Tclock\source\property\pagecolor.c
c:\program files\Tclock\source\property\pagecuckoo.c
c:\program files\Tclock\source\property\pageformat.c
c:\program files\Tclock\source\property\pageformat2.c
c:\program files\Tclock\source\property\pagemisc.c
c:\program files\Tclock\source\property\pagemouse.c
c:\program files\Tclock\source\property\pagemouse2.c
c:\program files\Tclock\source\property\pagesize.c
c:\program files\Tclock\source\property\pagestartbtn.c
c:\program files\Tclock\source\property\pagestartmenu.c
c:\program files\Tclock\source\property\pagetaskbar.c
c:\program files\Tclock\source\property\pagetooltip.c
c:\program files\Tclock\source\property\play.ico
c:\program files\Tclock\source\property\resource.h
c:\program files\Tclock\source\property\selecticon.c
c:\program files\Tclock\source\property\stop.ico
c:\program files\Tclock\source\property\tclock.ico
c:\program files\Tclock\source\property\tclock.manifest
c:\program files\Tclock\source\property\tcprop.h
c:\program files\Tclock\source\property\tcprop.ico
c:\program files\Tclock\source\property\tcprop.mak
c:\program files\Tclock\source\property\tcprop.rc
c:\program files\Tclock\source\readme.txt
c:\program files\Tclock\source\sntp\dialog.c
c:\program files\Tclock\source\sntp\main.c
c:\program files\Tclock\source\sntp\play.ico
c:\program files\Tclock\source\sntp\resource.h
c:\program files\Tclock\source\sntp\sntp.c
c:\program files\Tclock\source\sntp\stop.ico
c:\program files\Tclock\source\sntp\tclock.ico
c:\program files\Tclock\source\sntp\tclock.manifest
c:\program files\Tclock\source\sntp\tcsntp.h
c:\program files\Tclock\source\sntp\tcsntp.ico
c:\program files\Tclock\source\sntp\tcsntp.mak
c:\program files\Tclock\source\sntp\tcsntp.rc
c:\program files\Tclock\source\timer\dialog.c
c:\program files\Tclock\source\timer\main.c
c:\program files\Tclock\source\timer\play.ico
c:\program files\Tclock\source\timer\resource.h
c:\program files\Tclock\source\timer\stop.ico
c:\program files\Tclock\source\timer\tclock.ico
c:\program files\Tclock\source\timer\tclock.manifest
c:\program files\Tclock\source\timer\tctimer.h
c:\program files\Tclock\source\timer\tctimer.ico
c:\program files\Tclock\source\timer\tctimer.mak
c:\program files\Tclock\source\timer\tctimer.rc
c:\program files\Tclock\source\timer\timer.c
c:\program files\Tclock\tcdll.tclock
c:\program files\Tclock\TClock Light Home.url
c:\program files\Tclock\tclock.exe
c:\program files\Tclock\tclock.ini
c:\program files\Tclock\tcplayer.exe
c:\program files\Tclock\tcprop.exe
c:\program files\Tclock\tcsntp.exe
c:\program files\Tclock\tctimer.exe
c:\windows\system32\dijuboru.dll.tmp
c:\windows\system32\ezsidmv.dat
c:\windows\system32\nepusenu.dll.tmp
c:\windows\system32\woyadolu.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-02-06 21:53 . 2010-02-06 21:53 -------- d-----w- c:\program files\CCleaner
2010-02-06 21:04 . 2010-02-06 21:05 -------- d-----w- C:\gmer
2010-02-06 20:51 . 2010-02-06 22:19 -------- d-----w- C:\rsit
2010-02-03 23:19 . 2010-02-04 13:42 -------- d-----w- C:\Outlook Express
2010-02-02 22:12 . 2010-02-02 22:12 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- c:\program files\drek
2010-02-02 22:00 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 22:00 . 2010-02-02 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 22:00 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 22:00 . 2010-02-02 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 23:24 . 2010-02-01 14:46 -------- d-----w- c:\windows\system32\org
2010-01-31 22:58 . 2010-01-31 22:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-31 17:48 . 2010-01-31 17:48 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\PCHealth
2010-01-28 15:29 . 2010-02-06 20:22 -------- d-----w- c:\program files\Sophos
2010-01-28 13:59 . 2010-01-28 13:59 -------- d-----w- c:\windows\Sun
2010-01-19 09:36 . 2010-01-19 22:20 -------- d-----w- C:\Outlook Express import
2010-01-14 17:54 . 2010-01-14 17:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-13 01:06 . 2010-01-13 01:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-11 20:44 . 2010-01-11 20:44 667648 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{5A46FE43-08E6-11D5-942B-0000E8932E05}\Jcl.exe
2010-01-11 20:43 . 2010-01-11 20:43 -------- d-----w- c:\program files\Davka
2010-01-11 17:38 . 2010-01-19 09:09 -------- d-----w- C:\CloneCD Images
2010-01-11 17:30 . 2010-01-11 17:30 -------- d-----w- c:\documents and settings\owner\Application Data\FLEXnet
2010-01-11 17:30 . 2010-01-11 17:30 -------- d-----w- c:\documents and settings\owner\Application Data\Zeon
2010-01-11 17:29 . 2010-01-11 17:29 -------- d-----w- c:\documents and settings\owner\Application Data\ScanSoft
2010-01-11 17:05 . 2010-01-11 17:05 -------- d-----w- c:\documents and settings\owner\Application Data\Nuance
2010-01-11 17:04 . 2010-01-11 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-01-11 17:03 . 2010-01-11 17:03 -------- d-----w- c:\program files\Nuance
2010-01-11 17:03 . 2010-01-11 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-11 16:43 . 2010-01-11 16:45 -------- d-----w- C:\OmniPage Professional 17
2010-01-11 16:40 . 2010-01-11 16:40 -------- d-----w- c:\program files\Trend Micro
2010-01-11 16:39 . 2010-01-11 16:39 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2010-01-11 16:39 . 2010-01-11 16:39 -------- d-----w- c:\program files\GiPo@Utilities
2010-01-11 16:37 . 2010-01-11 16:38 -------- d-----w- c:\program files\Compare It!
2010-01-11 16:18 . 2010-01-11 16:18 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-11 16:16 . 2010-01-11 16:17 -------- d-----w- c:\program files\ResponsaCD9
2010-01-11 15:39 . 2010-01-11 15:39 -------- d-----w- c:\program files\MSECache
2010-01-11 15:37 . 2010-01-11 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-11 15:37 . 2010-01-11 15:37 -------- d-----w- c:\documents and settings\owner\Application Data\Office Genuine Advantage
2010-01-11 14:48 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 13:31 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-11 13:31 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 06:39 . 2009-12-07 12:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-10 06:39 . 2009-12-09 07:38 -------- d-----w- c:\documents and settings\owner\Application Data\Skype
2010-02-03 08:05 . 2010-01-10 12:53 -------- d-----w- c:\program files\Info Select
2010-02-01 14:58 . 2009-12-07 12:55 -------- d-----w- c:\program files\KeyText
2010-01-31 23:25 . 2006-04-30 06:55 50620 ----a-w- c:\windows\system32\command.com
2010-01-31 11:06 . 2009-12-07 12:50 -------- d-----w- c:\program files\Michal
2010-01-14 09:12 . 2009-12-09 03:39 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 05:53 . 2009-06-08 01:35 114096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-11 16:47 . 2009-06-08 01:29 -------- d-----w- c:\program files\Common Files\Installshield
2010-01-11 16:20 . 2009-06-08 01:43 -------- d-----w- c:\program files\Java
2010-01-11 16:18 . 2009-12-19 22:38 79488 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 14:51 . 2009-06-08 11:22 -------- d-----w- c:\program files\Microsoft Works
2010-01-10 22:16 . 2010-01-10 22:16 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-10 21:56 . 2010-01-10 21:55 -------- d-----w- c:\program files\Common Files\Real
2010-01-10 21:56 . 2010-01-10 21:56 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-10 21:55 . 2010-01-10 21:55 -------- d-----w- c:\program files\Real
2010-01-10 21:36 . 2010-01-10 21:36 -------- d-----w- c:\documents and settings\owner\Application Data\Roxio
2010-01-10 21:33 . 2010-01-10 21:33 -------- d-----w- c:\program files\HDD Health
2010-01-05 10:00 . 2006-04-30 06:56 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll
2009-12-12 20:58 . 2009-12-12 20:58 -------- d-----w- c:\documents and settings\owner\Application Data\DefenseWall HIPS
2009-12-12 20:55 . 2009-12-09 07:48 -------- d-----w- c:\documents and settings\owner\Application Data\skypePM
2009-12-09 08:08 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-06 15:48 . 2009-12-06 15:48 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-11-21 15:51 . 2006-04-30 06:55 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 09:18 . 2009-12-04 18:55 1673216 ----a-w- c:\windows\system32\BootMan.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-09_21.51.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-10 06:44 . 2010-02-10 06:44 16384 c:\windows\Temp\Perflib_Perfdata_d88.dat
+ 2010-02-10 06:38 . 2010-02-10 06:38 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2007-05-14 428544]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-06-08 60192]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-07-10 16384]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-13 339968]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-13 208896]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-07-15 143360]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-10 198160]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\owner\Start Menu\Programs\Startup\
Kaluach3.lnk - c:\program files\Kaluach3\Kaluach3.exe [2008-7-11 1331200]
KeyText.lnk - c:\program files\KeyText\KeyText.exe [2009-12-7 1303200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-05-10 14:24 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Info Select\\is.exe"=

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28/11/2002 12:43 22016]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [15/05/2008 01:21 19496]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [09/05/2008 14:50 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/05/2008 16:11 1160440]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [08/06/2009 03:49 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [15/05/2008 01:25 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09/05/2008 14:50 253952]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [08/06/2009 03:33 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [08/06/2009 03:35 72448]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [08/06/2009 03:39 475136]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [08/06/2009 03:21 244368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [23/02/2008 00:54 37312]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [04/12/2009 20:55 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [04/12/2009 20:55 8456]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/05/2008 16:24 102400]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2010 00:00 19160]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F6.tmp --> c:\windows\system32\F6.tmp [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 17:15 1120752]
.
Contents of the 'Scheduled Tasks' folder

2010-02-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 12:54]

2010-02-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 15:36]

2010-02-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-08 16:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Θ÷α ∞- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: buy-internet-security10.com
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: buy-internet-security10.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 10:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\ATGinaHook.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2010-02-10 10:03:03
ComboFix-quarantined-files.txt 2010-02-10 08:03
ComboFix2.txt 2010-02-09 21:53

Pre-Run: 42,541,748,224 bytes free
Post-Run: 42,500,812,800 bytes free

- - End Of File - - 2B073E84FA28797A155A48928C7F3067

Logfile of random's system information tool 1.06 (written by random/random)
Run by owner at 2010-02-10 10:12:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (37%) free of 108 GB
Total RAM: 3032 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:32, on 10/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\X1\X1FileMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\Kaluach3\Kaluach3.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\X1\X1.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\X1\X1Service.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\owner\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nuance OmniPage 17-reminder] "C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
O4 - HKCU\..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Kaluach3.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: X1.lnk = C:\Program Files\X1\X1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Kaluach3.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe (User 'Default user')
O4 - .DEFAULT Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'Default user')
O4 - .DEFAULT Startup: X1.lnk = C:\Program Files\X1\X1.exe (User 'Default user')
O4 - Startup: Kaluach3.lnk = ?
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe
O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Θ÷α ∞- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ετ≈° - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel« PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel« PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel« PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 15171 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-10 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-14 808248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2008-05-29 367128]
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-06-08 60192]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-07 181536]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-04 242976]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-03-07 167936]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2008-05-10 9318400]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-15 487424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-06-08 165208]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-06-08 124248]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\amsg.exe [2007-02-01 419376]
"CameraApplicationLauncher"=C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [2008-07-10 16384]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-07-15 143360]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2008-06-14 3073336]
"CloneCDElbyCDFL"=C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056]
"CloneCDTray"=C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [2002-12-02 73728]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-10 198160]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Nuance OmniPage 17-reminder"=C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe [2008-11-03 54560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"=C:\Program Files\X1\X1FileMonitor.exe [2007-05-14 428544]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"HDDHealth"=C:\Program Files\HDD Health\HDDHealth.exe [2008-06-15 1692672]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\owner\Start Menu\Programs\Startup
Kaluach3.lnk - C:\Program Files\Kaluach3\Kaluach3.exe
KeyText.lnk - C:\Program Files\KeyText\KeyText.exe
X1 System Tray.lnk - C:\Program Files\X1\X1Systray.exe
X1.lnk - C:\Program Files\X1\X1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ATFUS]
C:\WINDOWS\system32\FpWinLogonNp.dll [2008-05-10 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Info Select\is.exe"="C:\Program Files\Info Select\is.exe:*:Enabled:Info Select"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-10 10:03:04 ----A---- C:\ComboFix.txt
2010-02-10 10:02:01 ----A---- C:\Log.txt
2010-02-09 23:45:30 ----A---- C:\Boot.bak
2010-02-09 23:45:28 ----RASHD---- C:\cmdcons
2010-02-09 23:44:50 ----A---- C:\WINDOWS\zip.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\SWSC.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\SWREG.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\sed.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\PEV.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\MBR.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\grep.exe
2010-02-09 23:44:44 ----D---- C:\WINDOWS\ERDNT
2010-02-09 23:44:08 ----D---- C:\Qoobox
2010-02-06 23:53:27 ----D---- C:\Program Files\CCleaner
2010-02-06 23:04:49 ----D---- C:\gmer
2010-02-06 22:51:16 ----D---- C:\rsit
2010-02-04 01:19:07 ----D---- C:\Outlook Express
2010-02-03 00:12:00 ----D---- C:\Documents and Settings\owner\Application Data\Malwarebytes
2010-02-03 00:05:26 ----D---- C:\Program Files\drek
2010-02-03 00:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-03 00:00:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-01 21:27:50 ----A---- C:\DREK.BAK
2010-02-01 01:24:23 ----D---- C:\WINDOWS\system32\org
2010-02-01 00:58:02 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-01-28 17:29:21 ----D---- C:\Program Files\Sophos
2010-01-28 15:59:36 ----D---- C:\WINDOWS\Sun
2010-01-19 11:36:24 ----D---- C:\Outlook Express import
2010-01-13 03:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 03:06:40 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-11 22:43:56 ----D---- C:\Program Files\Davka
2010-01-11 19:38:57 ----D---- C:\CloneCD Images
2010-01-11 19:30:09 ----D---- C:\Documents and Settings\owner\Application Data\FLEXnet
2010-01-11 19:30:01 ----D---- C:\Documents and Settings\owner\Application Data\Zeon
2010-01-11 19:29:58 ----D---- C:\Documents and Settings\owner\Application Data\ScanSoft
2010-01-11 19:05:29 ----D---- C:\Documents and Settings\owner\Application Data\Nuance
2010-01-11 19:05:23 ----A---- C:\WINDOWS\MAXLINK.INI
2010-01-11 19:04:39 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2010-01-11 19:03:28 ----D---- C:\Program Files\Nuance
2010-01-11 19:03:28 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2010-01-11 18:43:55 ----D---- C:\OmniPage Professional 17
2010-01-11 18:40:12 ----D---- C:\Program Files\Trend Micro
2010-01-11 18:39:43 ----D---- C:\Program Files\Common Files\Gibinsoft Shared
2010-01-11 18:39:42 ----D---- C:\Program Files\GiPo@Utilities
2010-01-11 18:37:33 ----D---- C:\Program Files\Compare It!
2010-01-11 18:20:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-11 18:20:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-11 18:20:27 ----A---- C:\WINDOWS\system32\java.exe
2010-01-11 18:17:45 ----A---- C:\WINDOWS\RESPONSA.INI
2010-01-11 18:16:53 ----D---- C:\Program Files\ResponsaCD9
2010-01-11 17:39:08 ----D---- C:\Program Files\MSECache
2010-01-11 17:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-01-11 17:37:17 ----D---- C:\Documents and Settings\owner\Application Data\Office Genuine Advantage
2010-01-11 16:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\zh-TW
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\zh-HK
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\tr-TR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\sv-SE
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\pt-BR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\nl-NL
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\nb-NO
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\ko-KR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\it-IT
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\he-IL
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\fr-FR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\fi-FI
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\es-ES
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\el-GR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\de-DE
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\da-DK
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\ar-SA
2010-01-11 15:31:52 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-11 15:31:52 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-11 15:31:52 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-11 00:16:29 ----D---- C:\Program Files\Microsoft Security Essentials

======List of files/folders modified in the last 1 months======

2010-02-10 10:11:23 ----D---- C:\WINDOWS\Prefetch
2010-02-10 10:11:14 ----D---- C:\WINDOWS\Temp
2010-02-10 10:10:59 ----D---- C:\Documents and Settings\owner\Application Data\Skype
2010-02-10 10:10:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-10 10:10:47 ----A---- C:\sysiclog.txt
2010-02-10 10:10:46 ----AD---- C:\WINDOWS\system32
2010-02-10 10:10:37 ----A---- C:\WINDOWS\system32\log.txt
2010-02-10 10:10:24 ----A---- C:\WINDOWS\system32\ICAutoUpdate.log.bak
2010-02-10 10:09:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-10 10:08:27 ----A---- C:\WINDOWS\wincmd.ini
2010-02-10 10:01:21 ----AD---- C:\WINDOWS
2010-02-10 10:01:21 ----A---- C:\WINDOWS\system.ini
2010-02-10 10:00:51 ----RD---- C:\Program Files
2010-02-10 09:59:00 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 09:59:00 ----D---- C:\WINDOWS\AppPatch
2010-02-10 09:58:59 ----D---- C:\Program Files\Common Files
2010-02-10 09:51:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-10 08:44:04 ----SD---- C:\WINDOWS\Tasks
2010-02-09 23:50:05 ----D---- C:\WINDOWS\system32\config
2010-02-09 23:45:30 ----RASH---- C:\boot.ini
2010-02-07 09:24:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-07 00:09:08 ----D---- C:\WINDOWS\Debug
2010-02-06 23:05:43 ----D---- C:\WINDOWS\Help
2010-02-05 11:04:12 ----HD---- C:\WINDOWS\inf
2010-02-05 08:51:25 ----D---- C:\WINDOWS\security
2010-02-05 08:22:32 ----SHD---- C:\WINDOWS\Installer
2010-02-05 08:22:04 ----D---- C:\Documents and Settings
2010-02-03 10:05:58 ----D---- C:\Program Files\Info Select
2010-02-03 10:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-02 01:38:41 ----RD---- C:\My Documents
2010-02-01 16:58:16 ----D---- C:\Program Files\KeyText
2010-02-01 01:25:50 ----A---- C:\WINDOWS\system32\command.com
2010-01-31 13:06:57 ----D---- C:\Program Files\Michal
2010-01-29 17:02:28 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-29 00:29:43 ----SHD---- C:\System Volume Information
2010-01-29 00:29:43 ----D---- C:\WINDOWS\system32\Restore
2010-01-24 02:21:26 ----D---- C:\Program Files\Internet Explorer
2010-01-24 02:14:02 ----ASHD---- C:\WINDOWS\system32\dllcache
2010-01-24 02:13:55 ----D---- C:\WINDOWS\system32\en-US
2010-01-22 06:00:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-19 11:54:57 ----D---- C:\Programs
2010-01-19 11:54:57 ----D---- C:\Help
2010-01-19 11:35:52 ----D---- C:\My Downloads - pdf
2010-01-19 11:33:42 ----D---- C:\My Downloads - htm
2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-13 03:09:01 ----A---- C:\WINDOWS\win.ini
2010-01-13 03:08:09 ----RSD---- C:\WINDOWS\assembly
2010-01-11 22:44:01 ----RSD---- C:\WINDOWS\Fonts
2010-01-11 19:05:11 ----D---- C:\WINDOWS\WinSxS
2010-01-11 18:47:34 ----D---- C:\Program Files\Common Files\Installshield
2010-01-11 18:20:14 ----D---- C:\Program Files\Java
2010-01-11 17:42:23 ----D---- C:\Program Files\Microsoft Office
2010-01-11 17:42:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-11 16:51:42 ----D---- C:\Program Files\Microsoft Works
2010-01-11 16:45:10 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-11 00:16:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-07-02 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-09 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-09 28120]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-07-13 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-06-08 4608]
R1 tvtumon;tvtumon; C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-05-09 46144]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2007-06-19 35064]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2007-06-19 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2007-06-19 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2007-06-19 105048]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2007-06-19 26744]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2007-06-19 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2007-06-19 98136]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2007-06-19 93752]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-03-20 11904]
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2009-06-08 33536]
R3 5U875UVC;Integrated Camera; C:\WINDOWS\system32\DRIVERS\5U875.sys [2008-04-22 72448]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-03-07 154672]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\WINDOWS\System32\Drivers\ATSwpWDF.sys [2008-05-10 475136]
R3 BTDriver;ε≡Σ∞ Σ·≈∩ ·≈∙σ°· σΘ°Φσα∞Θ· Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-03-27 990632]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2008-05-22 754176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-03-27 244368]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-02-20 22696]
R3 NETw5x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-05-01 3627776]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-08 30144]
R3 tpm;tpm; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-03-26 13824]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2008-02-23 37312]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 btaudio;Σ·≈∩ ∙ε≥ Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-03-10 534312]
S3 BTWDNDIS;∙°· ΓΘ∙Σ LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 catchme;catchme; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\F6.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-07-15 90112]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-07-15 212992]
R2 astcc;AST Service; C:\WINDOWS\system32\ASTSRV.EXE [2009-08-24 61760]
R2 ATService;AuthenTec Fingerprint Service; C:\WINDOWS\system32\AtService.exe [2008-05-10 1160440]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-03-28 342624]
R2 EvtEng;Intel« PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-06 815104]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-02-20 36128]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-05-29 174616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-07-13 94208]
R2 RegSrvc;Intel« PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-06 466944]
R2 S24EventMonitor;Intel« PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-05-06 901120]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-05-25 32768]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2008-06-14 746808]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-15 37416]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2008-06-14 779576]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-15 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-05-15 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-05-15 1155072]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 253952]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FingerprintServer;Fingerprint Server; C:\WINDOWS\system32\FpLogonServ.exe [2008-05-10 102400]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-07 855552]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-02-10 10:12:34

======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Ample Notice for Windows-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ANW2\Uninst.isu"
Camera Center-->MsiExec.exe /X{668ACF05-E455-4932-A2D2-5822A8206FEB}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Client Security - Password Manager-->MsiExec.exe /I{44E9D4C2-946C-4378-9354-558803C47A68}
ClipCache Pro 3.1.0-->"C:\Program Files\ClipCache\unins000.exe"
CloneCD-->"C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
Compare It!-->"C:\Program Files\Compare It!\unins000.exe"
Compare It!-->"C:\Program Files\Compare It!\unins001.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ITPKDCHI5.INF
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
EASEUS Partition Master 4.1.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 4.1.1 Home Edition\unins000.exe"
GiPo@MoveOnBoot 1.9.5-->MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
HDD Health v3.3 Beta-->"C:\Program Files\HDD Health\unins000.exe"
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB949764)-->"C:\WINDOWS\$NtUninstallKB949764$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Integrated Camera Driver Installer Package Ver.1.18.500.0-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Integrated Camera TWAIN-->C:\Program Files\InstallShield Installation Information\{356C896A-6BE6-487D-AA37-C999F945E6CF}\setup.exe -runfromtemp -l0x0009 -removeonly
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel« Active Management Technology-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel« Trusted Platform Module-->C:\WINDOWS\system32\iTPMudlg.exe -uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 16-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150160}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Judaic Classics Library-->MsiExec.exe /I{5A46FE43-08E6-11D5-942B-0000E8932E05}
KeyText v3-->"C:\Program Files\KeyText\unins000.exe"
Lenovo Fingerprint Software-->MsiExec.exe /X{8EF140A7-B1D6-464E-82B4-C8925202FE54}
Lenovo Registration-->C:\Program Files\Lenovo Registration\uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\drek\unins000.exe"
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Michal-->C:\WINDOWS\unmichal.exe
Micro Logic Info Select 2007-->C:\PROGRA~1\INFOSE~1\UNWISE.EXE C:\PROGRA~1\INFOSE~1\install.dat
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 English User Interface Pack-->MsiExec.exe /I{901E0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word Viewer 97-->C:\Program Files\WordView\setup\setup.exe
Mobile Broadband Connect-->MsiExec.exe /I{08163A7B-A683-4201-9166-BA4E65D263ED}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nuance OmniPage 17-->MsiExec.exe /I{34AFE453-F544-4269-89C9-CAB7F0744963}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Rescue and Recovery-->MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
Responsa CD9-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\RESPON~1\Uninst.isu
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Creator Business Edition-->C:\Documents and Settings\All Users\Application Data\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Business Edition-->MsiExec.exe /I{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
SkypeÖ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
THE Rename 2.1.6-->"C:\Program Files\THE Rename\unins000.exe"
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\Setup.exe" -l0x9 UNINSTALL
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\SETUP.EXE" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\Setup.exe" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Total Commander (Remove or Repair)-->c:\Program Files\Totalcmd\tcuninst.exe
Ultralingua 5.0-->"C:\Program Files\Ultralingua\Ultralingua 5\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Verizon Wireless BroadbandAccess Self Activation-->MsiExec.exe /I{3F963A06-7C18-4039-9789-9644B3266AE7}
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\atswpwdf_A57C5C0A17B945D4A0696BA72895CD59734EF6D9\atswpwdf.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar-->MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
X1-->MsiExec.exe /I{B59200E8-9283-41ED-B618-0B0DB06CDE8B}
XnView 1.95.4-->"C:\Program Files\XnView\unins000.exe"
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
τßΘ∞· ·αΘεσ· ≥ßσ° εΣπσ°· 2007 ∙∞ ε≥°δ· Office-->MsiExec.exe /X{90120000-0020-040D-0000-0000000FF1CE}

=====HijackThis Backups=====

O15 - Trusted Zone: http://*.is-software-download.com [2010-02-10]
O4 - .DEFAULT Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'Default user') [2010-02-10]
O15 - Trusted Zone: http://*.is-software-download25.com [2010-02-10]
O15 - Trusted Zone: http://*.is-soft-download.com [2010-02-10]
O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM) [2010-02-10]
O4 - S-1-5-18 Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'SYSTEM') [2010-02-10]
O15 - Trusted Zone: http://*.buy-internet-security10.com [2010-02-10]

======Security center information======

AV: Microsoft Security Essentials (disabled)

======System event log======

Computer Name: LENOVO
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {ED23EA15-B96C-45B7-8923-A7CC8E7540D7}

User: LENOVO\owner

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: service:WAM

Alert Type: Unclassified software

Detection Type:

Record Number: 2210
Source Name: WinDefend
Time Written: 20100113075428.000000+120
Event Type: warning
User:

Computer Name: LENOVO
Event Code: 7000
Message: The SessionLauncher service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 2190
Source Name: Service Control Manager
Time Written: 20100113075325.000000+120
Event Type: error
User:

Computer Name: LENOVO
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 2174
Source Name: Print
Time Written: 20100113030909.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.

Record Number: 2173
Source Name: Print
Time Written: 20100113030908.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.

Record Number: 2172
Source Name: Print
Time Written: 20100113030906.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


Record Number: 132
Source Name: crypt32
Time Written: 20090805192331.000000+180
Event Type: error
User:

Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


Record Number: 129
Source Name: crypt32
Time Written: 20090805192329.000000+180
Event Type: error
User:

Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


Record Number: 128
Source Name: crypt32
Time Written: 20090805192326.000000+180
Event Type: error
User:

Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


Record Number: 125
Source Name: crypt32
Time Written: 20090805192325.000000+180
Event Type: error
User:

Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


Record Number: 124
Source Name: crypt32
Time Written: 20090805192325.000000+180
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Intel\WiFi\bin;c:\Program Files\Common Files\Lenovo;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Lenovo\Client Security Solution
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=170a
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"SWSHARE"=C:\SWSHARE
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TPCCommon"=C:\PROGRA~1\THINKV~1\PrdCtr
"TVT"=C:\Program Files\Lenovo
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24
"windir"=%SystemRoot%

-----------------EOF-----------------

Thanks
cmili
cmili
Active Member
 
Posts: 8
Joined: January 28th, 2010, 7:26 pm

Re: various and assorted problems, internet and system

Unread postby xixo_12 » February 10th, 2010, 10:19 am

Hi,
Let's proceed.

First,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Adobe Reader 8.1.2


Next,
You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Next,
Java is out of date.
It can be updated by the Java control panel
  • Click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Follow the prompts.

Next,
ATF by Atribune
Please download HERE and save to the desktop. Double-click ATF Cleaner.exe to open it.
Under Main choose:
    choose: Select All
    Click the Empty Selected button.
if you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,
Kaspersky Online AV Scan
Note: Internet Explorer should be used.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next.

Next,
Checklist.
Please post.
  • Content of Kaspersky scan log
  • So far, how is your system? Running pretty well?
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: various and assorted problems, internet and system

Unread postby cmili » February 11th, 2010, 9:04 am

Hi,

My system is working well, and I have no VISIBLE problems for quite a while already.

Here is the Kapersky web site scan log file.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, February 11, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, February 11, 2010 07:39:26
Records in database: 3472817
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\

Scan statistics:
Objects scanned: 182686
Threats found: 6
Infected objects found: 23
Suspicious objects found: 0
Scan duration: 04:45:20


File name / Threat / Threats count
C:\Documents and Settings\owner\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\31F9F.cab Infected: Trojan-Downloader.Win32.FraudLoad.wxvl 1
C:\Outlook Express\saved 2004.dbx Infected: Trojan-Spy.HTML.Smitfraud.c 1
C:\Outlook Express import\org 2008 07 01\saved 2004.dbx Infected: Trojan-Spy.HTML.Smitfraud.c 1
C:\Outlook Express import\org 2008 08 04\deleted temp.dbx Infected: Trojan-Downloader.HTML.Agent.km 4
C:\Outlook Express import\org 2008 08 04\saved 2004.dbx Infected: Trojan-Spy.HTML.Smitfraud.c 1
C:\Outlook Express import\saved 2004.dbx Infected: Trojan-Spy.HTML.Smitfraud.c 1
C:\Programs\rmv275.zip Infected: Trojan-Downloader.Win32.Banload.apkq 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1B145128-14CB-58E2-C64A-5C3AB2E9E493}-smss32.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wxvl 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21C80C8D-4BD9-D325-AE25-42D02B33C5ED}-wipalego.dll.vir Infected: Trojan.Win32.Monder.cwsk 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{38BF7B5F-1F16-20E1-DD70-CDD61A7D3B95}-smss32.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wxvl 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D1807EAC-DA88-CC19-55C9-BACF926BE420}-wipalego.dll.vir Infected: Trojan.Win32.Monder.cwsk 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D976C4CF-EA6D-4027-486F-8B8EA7431146}-smss32.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wxvl 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP16\A0000751.exe Infected: Trojan-Downloader.Win32.FraudLoad.wxvl 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP16\A0000752.dll Infected: Trojan.Win32.Monder.cwsk 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP16\A0000753.exe Infected: Trojan-Downloader.Win32.FraudLoad.wxvl 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP16\A0000754.dll Infected: Trojan.Win32.Monder.cwsk 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP16\A0000755.exe Infected: Trojan-Downloader.Win32.FraudLoad.wxvl 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP4\A0000166.exe Infected: Trojan-Downloader.Win32.FraudLoad.wxvl 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP6\A0000181.dll Infected: Trojan.Win32.Monder.cwsk 1
E:\UTILS\run.exe Infected: not-a-virus:RiskTool.Win32.HideRun 1

Selected area has been scanned.

thanks
cmili
cmili
Active Member
 
Posts: 8
Joined: January 28th, 2010, 7:26 pm

Re: various and assorted problems, internet and system

Unread postby xixo_12 » February 11th, 2010, 5:59 pm

Hi,
***Important :
  • In the next instructions, I have to delete some files related with Outlook Express (Possibly, the E-mail is so important to you). Please be aware about it.


First,
CFScript
  • Close any open browsers.
  • Open notepad and copy/paste the text in the code box below into it:
    Code: Select all
    File::
    C:\Documents and Settings\owner\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\31F9F.cab
    C:\Outlook Express\saved 2004.dbx
    C:\Outlook Express import\org 2008 07 01\saved 2004.dbx
    C:\Outlook Express import\org 2008 08 04\deleted temp.dbx
    C:\Outlook Express import\org 2008 08 04\saved 2004.dbx
    C:\Outlook Express import\saved 2004.dbx
    C:\Programs\rmv275.zip
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. A guide to do this can be found here
    Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Discussion.
Please let me know if you're recognized this entry :
E:\UTILS\run.exe


Next,
Analyze file(s).
Please visit Jotti.
Click on browse > copy below link (one by one) and paste on the File name box > Click Open:
E:\UTILS\run.exe

  • Press Submit file - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next,
Checklist.
Please post.
  • Content of ComboFix.txt
  • Response to our discussion
  • Web link (analyse)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: various and assorted problems, internet and system

Unread postby cmili » February 12th, 2010, 10:07 am

HI,

Here is combofix.txt:

ComboFix 10-02-09.02 - owner 02/12/2010 15:50:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3032.2336 [GMT 2:00]
Running from: c:\documents and settings\owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\documents and settings\owner\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\31F9F.cab"
"c:\outlook express import\org 2008 07 01\saved 2004.dbx"
"c:\outlook express import\org 2008 08 04\deleted temp.dbx"
"c:\outlook express import\org 2008 08 04\saved 2004.dbx"
"c:\outlook express import\saved 2004.dbx"
"c:\outlook express\saved 2004.dbx"
"c:\programs\rmv275.zip"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\owner\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\31F9F.cab
C:\LOG.TXT
c:\outlook express import\org 2008 07 01\saved 2004.dbx
c:\outlook express import\org 2008 08 04\deleted temp.dbx
c:\outlook express import\org 2008 08 04\saved 2004.dbx
c:\outlook express import\saved 2004.dbx
c:\outlook express\saved 2004.dbx
c:\programs\rmv275.zip
c:\windows\system32\_000006_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 13:37 . 2010-02-12 13:37 -------- d-----w- c:\windows\LastGood
2010-02-11 06:59 . 2010-02-11 07:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-11 06:57 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-11 06:57 . 2010-02-11 06:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-11 06:56 . 2010-02-11 06:56 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-11 06:56 . 2010-02-12 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-06 21:53 . 2010-02-06 21:53 -------- d-----w- c:\program files\CCleaner
2010-02-06 21:04 . 2010-02-06 21:05 -------- d-----w- C:\gmer
2010-02-06 20:51 . 2010-02-06 22:19 -------- d-----w- C:\rsit
2010-02-03 23:19 . 2010-02-12 13:54 -------- d-----w- C:\Outlook Express
2010-02-02 22:12 . 2010-02-02 22:12 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- c:\program files\drek
2010-02-02 22:00 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 22:00 . 2010-02-02 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 22:00 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 22:00 . 2010-02-02 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 23:24 . 2010-02-01 14:46 -------- d-----w- c:\windows\system32\org
2010-01-31 22:58 . 2010-01-31 22:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-31 17:48 . 2010-01-31 17:48 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\PCHealth
2010-01-28 15:29 . 2010-02-06 20:22 -------- d-----w- c:\program files\Sophos
2010-01-28 13:59 . 2010-01-28 13:59 -------- d-----w- c:\windows\Sun
2010-01-19 09:36 . 2010-02-12 13:54 -------- d-----w- C:\Outlook Express import
2010-01-14 17:54 . 2010-01-14 17:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 13:35 . 2009-12-09 07:38 -------- d-----w- c:\documents and settings\owner\Application Data\Skype
2010-02-12 13:35 . 2009-12-07 12:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-03 08:05 . 2010-01-10 12:53 -------- d-----w- c:\program files\Info Select
2010-02-01 14:58 . 2009-12-07 12:55 -------- d-----w- c:\program files\KeyText
2010-01-31 23:25 . 2006-04-30 06:55 50620 ----a-w- c:\windows\system32\command.com
2010-01-31 11:06 . 2009-12-07 12:50 -------- d-----w- c:\program files\Michal
2010-01-14 09:12 . 2009-12-09 03:39 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 05:53 . 2009-06-08 01:35 114096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-13 01:06 . 2010-01-13 01:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-11 20:44 . 2010-01-11 20:44 667648 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{5A46FE43-08E6-11D5-942B-0000E8932E05}\Jcl.exe
2010-01-11 20:43 . 2010-01-11 20:43 -------- d-----w- c:\program files\Davka
2010-01-11 17:30 . 2010-01-11 17:30 -------- d-----w- c:\documents and settings\owner\Application Data\FLEXnet
2010-01-11 17:30 . 2010-01-11 17:30 -------- d-----w- c:\documents and settings\owner\Application Data\Zeon
2010-01-11 17:29 . 2010-01-11 17:29 -------- d-----w- c:\documents and settings\owner\Application Data\ScanSoft
2010-01-11 17:05 . 2010-01-11 17:05 -------- d-----w- c:\documents and settings\owner\Application Data\Nuance
2010-01-11 17:05 . 2010-01-11 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-01-11 17:03 . 2010-01-11 17:03 -------- d-----w- c:\program files\Nuance
2010-01-11 17:03 . 2010-01-11 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-11 16:47 . 2009-06-08 01:29 -------- d-----w- c:\program files\Common Files\Installshield
2010-01-11 16:40 . 2010-01-11 16:40 -------- d-----w- c:\program files\Trend Micro
2010-01-11 16:39 . 2010-01-11 16:39 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2010-01-11 16:39 . 2010-01-11 16:39 -------- d-----w- c:\program files\GiPo@Utilities
2010-01-11 16:38 . 2010-01-11 16:37 -------- d-----w- c:\program files\Compare It!
2010-01-11 16:20 . 2009-06-08 01:43 -------- d-----w- c:\program files\Java
2010-01-11 16:18 . 2010-01-11 16:18 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-11 16:18 . 2009-12-19 22:38 79488 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 16:17 . 2010-01-11 16:16 -------- d-----w- c:\program files\ResponsaCD9
2010-01-11 15:39 . 2010-01-11 15:39 -------- d-----w- c:\program files\MSECache
2010-01-11 15:37 . 2010-01-11 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-11 15:37 . 2010-01-11 15:37 -------- d-----w- c:\documents and settings\owner\Application Data\Office Genuine Advantage
2010-01-11 14:51 . 2009-06-08 11:22 -------- d-----w- c:\program files\Microsoft Works
2010-01-10 22:16 . 2010-01-10 22:16 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-10 21:56 . 2010-01-10 21:55 -------- d-----w- c:\program files\Common Files\Real
2010-01-10 21:56 . 2010-01-10 21:56 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-10 21:55 . 2010-01-10 21:55 -------- d-----w- c:\program files\Real
2010-01-10 21:36 . 2010-01-10 21:36 -------- d-----w- c:\documents and settings\owner\Application Data\Roxio
2010-01-10 21:33 . 2010-01-10 21:33 -------- d-----w- c:\program files\HDD Health
2010-01-05 10:00 . 2006-04-30 06:56 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-04-30 06:55 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2006-04-30 07:09 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-04-30 06:55 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 08:08 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-08 09:23 . 2009-12-08 09:23 474112 ----a-w- c:\windows\system32\SET47.tmp
2009-12-06 15:48 . 2009-12-06 15:48 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-12-04 18:22 . 2006-04-30 06:55 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-04-30 06:55 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-04-30 06:55 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-04-30 06:55 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2006-04-30 06:55 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2006-04-30 06:55 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 09:18 . 2009-12-04 18:55 1673216 ----a-w- c:\windows\system32\BootMan.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-09_21.51.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-12 13:35 . 2010-02-12 13:35 16384 c:\windows\Temp\Perflib_Perfdata_b20.dat
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2010-02-11 06:57 . 2010-02-11 06:57 24576 c:\windows\Installer\4e39f63.msi
+ 2010-02-11 06:57 . 2010-02-11 06:57 27648 c:\windows\Installer\4e39f5d.msi
- 2009-06-08 11:23 . 2010-01-13 01:10 23040 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 23040 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 61440 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 61440 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 27136 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 27136 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 11264 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 11264 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 86016 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 86016 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 12288 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 12288 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-06-08 11:23 . 2010-02-12 13:41 4096 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 4096 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2009-12-03 11:56 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2009-12-08 09:23 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-12-03 17:17 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-06-08 11:23 . 2010-02-12 13:41 409600 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 409600 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 286720 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 286720 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 249856 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 249856 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 794624 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 794624 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 135168 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 135168 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-08 11:23 . 2010-01-13 01:10 593920 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-06-08 11:23 . 2010-02-12 13:41 593920 c:\windows\Installer\{9011040D-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-12-03 17:17 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-06-03 19:09 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2010-02-11 07:01 . 2010-02-11 07:01 3940352 c:\windows\Installer\4e3a254.msi
+ 2010-01-19 15:51 . 2010-01-19 15:51 5524480 c:\windows\Installer\20dae.msp
+ 2010-01-19 16:29 . 2010-01-19 16:29 5050368 c:\windows\Installer\20d98.msp
+ 2010-02-12 13:38 . 2010-02-01 09:26 30364104 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2007-05-14 428544]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-06-08 60192]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-07-10 16384]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-13 339968]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-13 208896]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-07-15 143360]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-10 198160]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\owner\Start Menu\Programs\Startup\
Kaluach3.lnk - c:\program files\Kaluach3\Kaluach3.exe [2008-7-11 1331200]
KeyText.lnk - c:\program files\KeyText\KeyText.exe [2009-12-7 1303200]
X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2007-5-14 345088]
X1.lnk - c:\program files\X1\X1.exe [2007-5-14 4965888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-05-10 14:24 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Info Select\\is.exe"=

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28/11/2002 12:43 22016]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [15/05/2008 01:21 19496]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [09/05/2008 14:50 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/05/2008 16:11 1160440]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [08/06/2009 03:49 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [15/05/2008 01:25 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09/05/2008 14:50 253952]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [08/06/2009 03:33 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [08/06/2009 03:35 72448]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [08/06/2009 03:39 475136]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [08/06/2009 03:21 244368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [23/02/2008 00:54 37312]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [04/12/2009 20:55 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [04/12/2009 20:55 8456]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/05/2008 16:24 102400]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2010 00:00 19160]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F6.tmp --> c:\windows\system32\F6.tmp [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 17:15 1120752]
.
Contents of the 'Scheduled Tasks' folder

2010-02-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 12:54]

2010-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 15:36]

2010-02-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-08 16:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 15:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\ATGinaHook.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2010-02-12 15:56:11
ComboFix-quarantined-files.txt 2010-02-12 13:56
ComboFix2.txt 2010-02-10 08:03
ComboFix3.txt 2010-02-09 21:53

Pre-Run: 41,954,684,928 bytes free
Post-Run: 42,015,076,352 bytes free

- - End Of File - - 751108F10F2C38F31C28BEC3079531A2

Regarding run.exe

this is a very old DOS file which does something in the earliest Windows; I simply erased it, and so did not go to Jotti to check it out.

Thanks,
cmili
cmili
Active Member
 
Posts: 8
Joined: January 28th, 2010, 7:26 pm

Re: various and assorted problems, internet and system

Unread postby xixo_12 » February 12th, 2010, 10:12 pm

Hi,
Let's try this to fix the remaining and please provide the log as mentioned. :)

First,
Delete file.
  • Open Notepad.exe
  • Copy and paste below code into the notepad.
    Code: Select all
    del /q /f "c:\windows\system32\SET47.tmp"
    del %0
  • Click on File > Save As
    Save in : Desktop
    File name : xixo.bat
    Save as type : All Files
  • It will look like this :
    Image
  • Double click on xixo.bat and the batch file will perform the task and auto delete itself.

Next,
RSIT.
  • Copy the code as below by highlight > right click > copy:
    Code: Select all
    "%userprofile%\desktop\rsit.exe" /info
  • Click on start > Run....
  • Paste the code into the box and click OK.
  • Click on Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
Checklist.
Please post.
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Please give me an update if you have any problem left after all instructions.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: various and assorted problems, internet and system

Unread postby cmili » February 13th, 2010, 2:08 pm

Hi,

Here are the rsit logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by owner at 2010-02-13 20:05:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (37%) free of 108 GB
Total RAM: 3032 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:26, on 13/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\X1\X1FileMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\Kaluach3\Kaluach3.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\X1\X1.exe
C:\Program Files\X1\X1Service.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\X1\textExtractor.exe
C:\Documents and Settings\owner\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nuance OmniPage 17-reminder] "C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kaluach3.lnk = ?
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe
O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 14651 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-10 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-14 808248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2008-05-29 367128]
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-06-08 60192]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-07 181536]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-04 242976]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-03-07 167936]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2008-05-10 9318400]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-15 487424]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-06-08 165208]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-06-08 124248]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\amsg.exe [2007-02-01 419376]
"CameraApplicationLauncher"=C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [2008-07-10 16384]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-07-15 143360]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2008-06-14 3073336]
"CloneCDElbyCDFL"=C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056]
"CloneCDTray"=C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [2002-12-02 73728]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-10 198160]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Nuance OmniPage 17-reminder"=C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe [2008-11-03 54560]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"=C:\Program Files\X1\X1FileMonitor.exe [2007-05-14 428544]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"HDDHealth"=C:\Program Files\HDD Health\HDDHealth.exe [2008-06-15 1692672]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\owner\Start Menu\Programs\Startup
Kaluach3.lnk - C:\Program Files\Kaluach3\Kaluach3.exe
KeyText.lnk - C:\Program Files\KeyText\KeyText.exe
X1 System Tray.lnk - C:\Program Files\X1\X1Systray.exe
X1.lnk - C:\Program Files\X1\X1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ATFUS]
C:\WINDOWS\system32\FpWinLogonNp.dll [2008-05-10 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Info Select\is.exe"="C:\Program Files\Info Select\is.exe:*:Enabled:Info Select"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-12 16:10:09 ----SHD---- C:\RECYCLER
2010-02-12 15:56:13 ----A---- C:\ComboFix.txt
2010-02-12 15:55:12 ----A---- C:\Log.txt
2010-02-12 15:41:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-12 15:40:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-12 15:38:23 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-12 15:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-12 15:38:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-12 15:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-12 15:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-12 15:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-12 15:37:15 ----A---- C:\WINDOWS\imsins.BAK
2010-02-12 15:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 08:59:59 ----D---- C:\Program Files\Common Files\Adobe
2010-02-11 08:57:24 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-11 08:56:03 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-09 23:45:30 ----A---- C:\Boot.bak
2010-02-09 23:45:28 ----RASHD---- C:\cmdcons
2010-02-09 23:44:50 ----A---- C:\WINDOWS\zip.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\SWSC.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\SWREG.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\sed.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\PEV.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\MBR.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\grep.exe
2010-02-09 23:44:44 ----D---- C:\WINDOWS\ERDNT
2010-02-09 23:44:08 ----D---- C:\Qoobox
2010-02-06 23:53:27 ----D---- C:\Program Files\CCleaner
2010-02-06 23:04:49 ----D---- C:\gmer
2010-02-06 22:51:16 ----D---- C:\rsit
2010-02-04 01:19:07 ----D---- C:\Outlook Express
2010-02-03 00:12:00 ----D---- C:\Documents and Settings\owner\Application Data\Malwarebytes
2010-02-03 00:05:26 ----D---- C:\Program Files\drek
2010-02-03 00:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-03 00:00:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-01 21:27:50 ----A---- C:\DREK.BAK
2010-02-01 01:24:23 ----D---- C:\WINDOWS\system32\org
2010-02-01 00:58:02 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-01-28 17:29:21 ----D---- C:\Program Files\Sophos
2010-01-28 15:59:36 ----D---- C:\WINDOWS\Sun
2010-01-19 11:36:24 ----D---- C:\Outlook Express import

======List of files/folders modified in the last 1 months======

2010-02-13 20:05:19 ----D---- C:\WINDOWS\Prefetch
2010-02-13 19:57:53 ----D---- C:\WINDOWS\Temp
2010-02-13 19:56:28 ----SD---- C:\WINDOWS\Tasks
2010-02-13 19:38:21 ----A---- C:\WINDOWS\wincmd.ini
2010-02-13 19:20:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-13 19:20:18 ----D---- C:\Documents and Settings\owner\Application Data\Skype
2010-02-13 19:20:13 ----A---- C:\sysiclog.txt
2010-02-13 19:20:11 ----AD---- C:\WINDOWS\system32
2010-02-13 19:20:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-13 19:19:48 ----A---- C:\WINDOWS\system32\log.txt
2010-02-13 19:19:33 ----A---- C:\WINDOWS\system32\ICAutoUpdate.log.bak
2010-02-12 16:17:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 16:16:42 ----HD---- C:\WINDOWS\inf
2010-02-12 16:16:18 ----AD---- C:\WINDOWS
2010-02-12 15:54:34 ----A---- C:\WINDOWS\system.ini
2010-02-12 15:54:05 ----D---- C:\Programs
2010-02-12 15:52:43 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 15:52:43 ----D---- C:\WINDOWS\AppPatch
2010-02-12 15:52:40 ----D---- C:\Program Files\Common Files
2010-02-12 15:41:14 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-12 15:41:13 ----SHD---- C:\WINDOWS\Installer
2010-02-12 15:40:49 ----ASHD---- C:\WINDOWS\system32\dllcache
2010-02-12 15:38:24 ----D---- C:\WINDOWS\Debug
2010-02-12 15:35:30 ----RD---- C:\Program Files
2010-02-12 15:35:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-11 09:01:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-11 08:59:59 ----D---- C:\Program Files\Adobe
2010-02-11 08:59:44 ----D---- C:\WINDOWS\WinSxS
2010-02-09 23:50:05 ----D---- C:\WINDOWS\system32\config
2010-02-09 23:45:30 ----RASH---- C:\boot.ini
2010-02-07 09:24:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-06 23:05:43 ----D---- C:\WINDOWS\Help
2010-02-05 08:51:25 ----D---- C:\WINDOWS\security
2010-02-05 08:22:04 ----D---- C:\Documents and Settings
2010-02-03 10:05:58 ----D---- C:\Program Files\Info Select
2010-02-03 10:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-02 01:38:41 ----RD---- C:\My Documents
2010-02-01 16:58:16 ----D---- C:\Program Files\KeyText
2010-02-01 01:25:50 ----A---- C:\WINDOWS\system32\command.com
2010-01-31 13:06:57 ----D---- C:\Program Files\Michal
2010-01-29 17:02:28 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-29 00:29:43 ----SHD---- C:\System Volume Information
2010-01-29 00:29:43 ----D---- C:\WINDOWS\system32\Restore
2010-01-24 02:21:26 ----D---- C:\Program Files\Internet Explorer
2010-01-24 02:13:55 ----D---- C:\WINDOWS\system32\en-US
2010-01-19 11:54:57 ----D---- C:\Help
2010-01-19 11:35:52 ----D---- C:\My Downloads - pdf
2010-01-19 11:33:42 ----D---- C:\My Downloads - htm
2010-01-19 11:09:59 ----D---- C:\CloneCD Images
2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-07-02 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-09 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-09 28120]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-07-13 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-06-08 4608]
R1 tvtumon;tvtumon; C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-05-09 46144]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2007-06-19 35064]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2007-06-19 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2007-06-19 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2007-06-19 105048]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2007-06-19 26744]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2007-06-19 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2007-06-19 98136]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2007-06-19 93752]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-03-20 11904]
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2009-06-08 33536]
R3 5U875UVC;Integrated Camera; C:\WINDOWS\system32\DRIVERS\5U875.sys [2008-04-22 72448]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-03-07 154672]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\WINDOWS\System32\Drivers\ATSwpWDF.sys [2008-05-10 475136]
R3 BTDriver;מנהל התקן תקשורת וירטואלית Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-03-27 990632]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2008-05-22 754176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-03-27 244368]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-02-20 22696]
R3 NETw5x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-05-01 3627776]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-08 30144]
R3 tpm;tpm; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-03-26 13824]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2008-02-23 37312]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 btaudio;התקן שמע Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-03-10 534312]
S3 BTWDNDIS;שרת גישה LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 catchme;catchme; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\F6.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-07-15 90112]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-07-15 212992]
R2 astcc;AST Service; C:\WINDOWS\system32\ASTSRV.EXE [2009-08-24 61760]
R2 ATService;AuthenTec Fingerprint Service; C:\WINDOWS\system32\AtService.exe [2008-05-10 1160440]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-03-28 342624]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-06 815104]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-02-20 36128]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-05-29 174616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-07-13 94208]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-06 466944]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-05-06 901120]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-05-25 32768]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2008-06-14 746808]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-15 37416]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2008-06-14 779576]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-15 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-05-15 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-05-15 1155072]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 253952]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FingerprintServer;Fingerprint Server; C:\WINDOWS\system32\FpLogonServ.exe [2008-05-10 102400]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-07 855552]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-02-13 20:05:28

======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Ample Notice for Windows-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ANW2\Uninst.isu"
Camera Center-->MsiExec.exe /X{668ACF05-E455-4932-A2D2-5822A8206FEB}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Client Security - Password Manager-->MsiExec.exe /I{44E9D4C2-946C-4378-9354-558803C47A68}
ClipCache Pro 3.1.0-->"C:\Program Files\ClipCache\unins000.exe"
CloneCD-->"C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
Compare It!-->"C:\Program Files\Compare It!\unins000.exe"
Compare It!-->"C:\Program Files\Compare It!\unins001.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ITPKDCHI5.INF
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
EASEUS Partition Master 4.1.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 4.1.1 Home Edition\unins000.exe"
GiPo@MoveOnBoot 1.9.5-->MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
HDD Health v3.3 Beta-->"C:\Program Files\HDD Health\unins000.exe"
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB949764)-->"C:\WINDOWS\$NtUninstallKB949764$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Integrated Camera Driver Installer Package Ver.1.18.500.0-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Integrated Camera TWAIN-->C:\Program Files\InstallShield Installation Information\{356C896A-6BE6-487D-AA37-C999F945E6CF}\setup.exe -runfromtemp -l0x0009 -removeonly
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel® Active Management Technology-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel® Trusted Platform Module-->C:\WINDOWS\system32\iTPMudlg.exe -uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 16-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150160}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Judaic Classics Library-->MsiExec.exe /I{5A46FE43-08E6-11D5-942B-0000E8932E05}
KeyText v3-->"C:\Program Files\KeyText\unins000.exe"
Lenovo Fingerprint Software-->MsiExec.exe /X{8EF140A7-B1D6-464E-82B4-C8925202FE54}
Lenovo Registration-->C:\Program Files\Lenovo Registration\uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\drek\unins000.exe"
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Michal-->C:\WINDOWS\unmichal.exe
Micro Logic Info Select 2007-->C:\PROGRA~1\INFOSE~1\UNWISE.EXE C:\PROGRA~1\INFOSE~1\install.dat
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 English User Interface Pack-->MsiExec.exe /I{901E0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word Viewer 97-->C:\Program Files\WordView\setup\setup.exe
Mobile Broadband Connect-->MsiExec.exe /I{08163A7B-A683-4201-9166-BA4E65D263ED}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nuance OmniPage 17-->MsiExec.exe /I{34AFE453-F544-4269-89C9-CAB7F0744963}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Rescue and Recovery-->MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
Responsa CD9-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\RESPON~1\Uninst.isu
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Creator Business Edition-->C:\Documents and Settings\All Users\Application Data\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Business Edition-->MsiExec.exe /I{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
THE Rename 2.1.6-->"C:\Program Files\THE Rename\unins000.exe"
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\Setup.exe" -l0x9 UNINSTALL
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\SETUP.EXE" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\Setup.exe" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Total Commander (Remove or Repair)-->c:\Program Files\Totalcmd\tcuninst.exe
Ultralingua 5.0-->"C:\Program Files\Ultralingua\Ultralingua 5\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Verizon Wireless BroadbandAccess Self Activation-->MsiExec.exe /I{3F963A06-7C18-4039-9789-9644B3266AE7}
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\atswpwdf_A57C5C0A17B945D4A0696BA72895CD59734EF6D9\atswpwdf.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar-->MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
X1-->MsiExec.exe /I{B59200E8-9283-41ED-B618-0B0DB06CDE8B}
XnView 1.95.4-->"C:\Program Files\XnView\unins000.exe"
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
חבילת תאימות עבור מהדורת 2007 של מערכת Office-->MsiExec.exe /X{90120000-0020-040D-0000-0000000FF1CE}

=====HijackThis Backups=====

O15 - Trusted Zone: http://*.is-software-download.com [2010-02-10]
O4 - .DEFAULT Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'Default user') [2010-02-10]
O15 - Trusted Zone: http://*.is-software-download25.com [2010-02-10]
O15 - Trusted Zone: http://*.is-soft-download.com [2010-02-10]
O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM) [2010-02-10]
O4 - S-1-5-18 Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'SYSTEM') [2010-02-10]
O15 - Trusted Zone: http://*.buy-internet-security10.com [2010-02-10]

======Security center information======

AV: Microsoft Security Essentials

======System event log======

Computer Name: LENOVO
Event Code: 1000
Message: Your computer has lost the lease to its IP address 10.0.0.220 on the
Network Card with network address 00216A219F9A.

Record Number: 2363
Source Name: Dhcp
Time Written: 20100122054939.000000+120
Event Type: error
User:

Computer Name: LENOVO
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00216A219F9A. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2362
Source Name: Dhcp
Time Written: 20100122054939.000000+120
Event Type: warning
User:

Computer Name: LENOVO
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {ED38ED04-985D-4702-AE5C-24BD5EDBAA0E}

User: LENOVO\owner

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: service:WAM

Alert Type: Unclassified software

Detection Type:

Record Number: 2354
Source Name: WinDefend
Time Written: 20100121230526.000000+120
Event Type: warning
User:

Computer Name: LENOVO
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {9CA71321-4523-42D3-ACB3-64044A3117B7}

User: LENOVO\owner

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: driver:WAM

Alert Type: Unclassified software

Detection Type:

Record Number: 2353
Source Name: WinDefend
Time Written: 20100121230526.000000+120
Event Type: warning
User:

Computer Name: LENOVO
Event Code: 7000
Message: The SessionLauncher service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 2336
Source Name: Service Control Manager
Time Written: 20100121230424.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: LENOVO-865825C6
Event Code: 1517
Message: Windows saved user LENOVO-865825C6\owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 241
Source Name: Userenv
Time Written: 20091204192036.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO-865825C6
Event Code: 4354
Message: The COM+ Event System failed to fire the Logoff method on subscription {F6FE5592-FCBC-44AD-A836-D37F5085ED5B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 240
Source Name: EventSystem
Time Written: 20091204192035.000000+120
Event Type: warning
User:

Computer Name: LENOVO-865825C6
Event Code: 1517
Message: Windows saved user LENOVO-865825C6\owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 217
Source Name: Userenv
Time Written: 20091203192830.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO-865825C6
Event Code: 4354
Message: The COM+ Event System failed to fire the Logoff method on subscription {F6FE5592-FCBC-44AD-A836-D37F5085ED5B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 216
Source Name: EventSystem
Time Written: 20091203192829.000000+120
Event Type: warning
User:

Computer Name: LENOVO-865825C6
Event Code: 4354
Message: The COM+ Event System failed to fire the DisplayUnlock method on subscription {F6FE5592-FCBC-44AD-A836-D37F5085ED5B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 213
Source Name: EventSystem
Time Written: 20091203190305.000000+120
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Intel\WiFi\bin;c:\Program Files\Common Files\Lenovo;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Lenovo\Client Security Solution
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=170a
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"SWSHARE"=C:\SWSHARE
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TPCCommon"=C:\PROGRA~1\THINKV~1\PrdCtr
"TVT"=C:\Program Files\Lenovo
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24
"windir"=%SystemRoot%

-----------------EOF-----------------
I am having no visible signs of problems at all.


Thanks for your help.

cmili
cmili
Active Member
 
Posts: 8
Joined: January 28th, 2010, 7:26 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware