Hi -
Here's what you asked for:
ComboFix 10-02-09.02 - owner 02/10/2010 9:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3032.2322 [GMT 2:00]
Running from: c:\documents and settings\owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\owner\Desktop\cfscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FILE ::
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1B145128-14CB-58E2-C64A-5C3AB2E9E493}-smss32.exe"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21C80C8D-4BD9-D325-AE25-42D02B33C5ED}-wipalego.dll"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{38BF7B5F-1F16-20E1-DD70-CDD61A7D3B95}-smss32.exe"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D1807EAC-DA88-CC19-55C9-BACF926BE420}-wipalego.dll"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D976C4CF-EA6D-4027-486F-8B8EA7431146}-smss32.exe"
"c:\windows\system32\dijuboru.dll.tmp"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\nepusenu.dll.tmp"
"c:\windows\system32\woyadolu.dll.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{1B145128-14CB-58E2-C64A-5C3AB2E9E493}-smss32.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21C80C8D-4BD9-D325-AE25-42D02B33C5ED}-wipalego.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{38BF7B5F-1F16-20E1-DD70-CDD61A7D3B95}-smss32.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D1807EAC-DA88-CC19-55C9-BACF926BE420}-wipalego.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D976C4CF-EA6D-4027-486F-8B8EA7431146}-smss32.exe
C:\LOG.TXT
c:\program files\Tclock
c:\program files\Tclock\lang\tclang-de.txt
c:\program files\Tclock\lang\tclang-el.txt
c:\program files\Tclock\lang\tclang-es.txt
c:\program files\Tclock\lang\tclang-fr.txt
c:\program files\Tclock\lang\tclang-it.txt
c:\program files\Tclock\lang\tclang-ja.txt
c:\program files\Tclock\lang\tclang-ko.txt
c:\program files\Tclock\lang\tclang-nl.txt
c:\program files\Tclock\lang\tclang-pl.txt
c:\program files\Tclock\lang\tclang-pt.txt
c:\program files\Tclock\lang\tclang-ru.txt
c:\program files\Tclock\lang\tclang-tr.txt
c:\program files\Tclock\lang\tclang-zh-cn.txt
c:\program files\Tclock\lang\tclang-zh-tw.txt
c:\program files\Tclock\lang\tclang.txt
c:\program files\Tclock\lang\tcmenu-de.txt
c:\program files\Tclock\lang\tcmenu-el.txt
c:\program files\Tclock\lang\tcmenu-es.txt
c:\program files\Tclock\lang\tcmenu-fr.txt
c:\program files\Tclock\lang\tcmenu-it.txt
c:\program files\Tclock\lang\tcmenu-ja.txt
c:\program files\Tclock\lang\tcmenu-ko.txt
c:\program files\Tclock\lang\tcmenu-nl.txt
c:\program files\Tclock\lang\tcmenu-pl.txt
c:\program files\Tclock\lang\tcmenu-pt.txt
c:\program files\Tclock\lang\tcmenu-ru.txt
c:\program files\Tclock\lang\tcmenu-tr.txt
c:\program files\Tclock\lang\tcmenu-zh-cn.txt
c:\program files\Tclock\lang\tcmenu-zh-tw.txt
c:\program files\Tclock\lang\tcmenu.txt
c:\program files\Tclock\readme.html
c:\program files\Tclock\source\common\alarmstruct.c
c:\program files\Tclock\source\common\autoformat.c
c:\program files\Tclock\source\common\bccexe.nas
c:\program files\Tclock\source\common\combobox.c
c:\program files\Tclock\source\common\command.h
c:\program files\Tclock\source\common\common.h
c:\program files\Tclock\source\common\exec.c
c:\program files\Tclock\source\common\font.c
c:\program files\Tclock\source\common\langcode.c
c:\program files\Tclock\source\common\localeinfo.c
c:\program files\Tclock\source\common\mousestruct.c
c:\program files\Tclock\source\common\nodeflib.c
c:\program files\Tclock\source\common\playfile.c
c:\program files\Tclock\source\common\reg.c
c:\program files\Tclock\source\common\selectfile.c
c:\program files\Tclock\source\common\soundselect.c
c:\program files\Tclock\source\common\tclang.c
c:\program files\Tclock\source\common\utl.c
c:\program files\Tclock\source\dll\bccdll.nas
c:\program files\Tclock\source\dll\bmp.c
c:\program files\Tclock\source\dll\dllutl.c
c:\program files\Tclock\source\dll\draw.c
c:\program files\Tclock\source\dll\format.c
c:\program files\Tclock\source\dll\formattime.c
c:\program files\Tclock\source\dll\main.c
c:\program files\Tclock\source\dll\main2.c
c:\program files\Tclock\source\dll\newapi.c
c:\program files\Tclock\source\dll\newapi.h
c:\program files\Tclock\source\dll\startbtn.c
c:\program files\Tclock\source\dll\startmenu.c
c:\program files\Tclock\source\dll\taskbar.c
c:\program files\Tclock\source\dll\taskswitch.c
c:\program files\Tclock\source\dll\tcdll.def
c:\program files\Tclock\source\dll\tcdll.h
c:\program files\Tclock\source\dll\tcdll.mak
c:\program files\Tclock\source\dll\tcdll.rc
c:\program files\Tclock\source\dll\tooltip.c
c:\program files\Tclock\source\dll\traynotify.c
c:\program files\Tclock\source\dll\userstr.c
c:\program files\Tclock\source\dll\wndproc.c
c:\program files\Tclock\source\exe\about.c
c:\program files\Tclock\source\exe\alarm.c
c:\program files\Tclock\source\exe\cmdopt.c
c:\program files\Tclock\source\exe\command.c
c:\program files\Tclock\source\exe\main.c
c:\program files\Tclock\source\exe\main2.c
c:\program files\Tclock\source\exe\menu.c
c:\program files\Tclock\source\exe\mouse.c
c:\program files\Tclock\source\exe\mouse2.c
c:\program files\Tclock\source\exe\tclock.h
c:\program files\Tclock\source\exe\tclock.ico
c:\program files\Tclock\source\exe\tclock.mak
c:\program files\Tclock\source\exe\tclock.rc
c:\program files\Tclock\source\exe\wndproc.c
c:\program files\Tclock\source\license.txt
c:\program files\Tclock\source\Makefile
c:\program files\Tclock\source\player\dialog.c
c:\program files\Tclock\source\player\main.c
c:\program files\Tclock\source\player\player.c
c:\program files\Tclock\source\player\resource.h
c:\program files\Tclock\source\player\tclock.ico
c:\program files\Tclock\source\player\tclock.manifest
c:\program files\Tclock\source\player\tcplayer.h
c:\program files\Tclock\source\player\tcplayer.ico
c:\program files\Tclock\source\player\tcplayer.mak
c:\program files\Tclock\source\player\tcplayer.rc
c:\program files\Tclock\source\property\alarmday.c
c:\program files\Tclock\source\property\main.c
c:\program files\Tclock\source\property\pagealarm.c
c:\program files\Tclock\source\property\pagecolor.c
c:\program files\Tclock\source\property\pagecuckoo.c
c:\program files\Tclock\source\property\pageformat.c
c:\program files\Tclock\source\property\pageformat2.c
c:\program files\Tclock\source\property\pagemisc.c
c:\program files\Tclock\source\property\pagemouse.c
c:\program files\Tclock\source\property\pagemouse2.c
c:\program files\Tclock\source\property\pagesize.c
c:\program files\Tclock\source\property\pagestartbtn.c
c:\program files\Tclock\source\property\pagestartmenu.c
c:\program files\Tclock\source\property\pagetaskbar.c
c:\program files\Tclock\source\property\pagetooltip.c
c:\program files\Tclock\source\property\play.ico
c:\program files\Tclock\source\property\resource.h
c:\program files\Tclock\source\property\selecticon.c
c:\program files\Tclock\source\property\stop.ico
c:\program files\Tclock\source\property\tclock.ico
c:\program files\Tclock\source\property\tclock.manifest
c:\program files\Tclock\source\property\tcprop.h
c:\program files\Tclock\source\property\tcprop.ico
c:\program files\Tclock\source\property\tcprop.mak
c:\program files\Tclock\source\property\tcprop.rc
c:\program files\Tclock\source\readme.txt
c:\program files\Tclock\source\sntp\dialog.c
c:\program files\Tclock\source\sntp\main.c
c:\program files\Tclock\source\sntp\play.ico
c:\program files\Tclock\source\sntp\resource.h
c:\program files\Tclock\source\sntp\sntp.c
c:\program files\Tclock\source\sntp\stop.ico
c:\program files\Tclock\source\sntp\tclock.ico
c:\program files\Tclock\source\sntp\tclock.manifest
c:\program files\Tclock\source\sntp\tcsntp.h
c:\program files\Tclock\source\sntp\tcsntp.ico
c:\program files\Tclock\source\sntp\tcsntp.mak
c:\program files\Tclock\source\sntp\tcsntp.rc
c:\program files\Tclock\source\timer\dialog.c
c:\program files\Tclock\source\timer\main.c
c:\program files\Tclock\source\timer\play.ico
c:\program files\Tclock\source\timer\resource.h
c:\program files\Tclock\source\timer\stop.ico
c:\program files\Tclock\source\timer\tclock.ico
c:\program files\Tclock\source\timer\tclock.manifest
c:\program files\Tclock\source\timer\tctimer.h
c:\program files\Tclock\source\timer\tctimer.ico
c:\program files\Tclock\source\timer\tctimer.mak
c:\program files\Tclock\source\timer\tctimer.rc
c:\program files\Tclock\source\timer\timer.c
c:\program files\Tclock\tcdll.tclock
c:\program files\Tclock\TClock Light Home.url
c:\program files\Tclock\tclock.exe
c:\program files\Tclock\tclock.ini
c:\program files\Tclock\tcplayer.exe
c:\program files\Tclock\tcprop.exe
c:\program files\Tclock\tcsntp.exe
c:\program files\Tclock\tctimer.exe
c:\windows\system32\dijuboru.dll.tmp
c:\windows\system32\ezsidmv.dat
c:\windows\system32\nepusenu.dll.tmp
c:\windows\system32\woyadolu.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-06 21:53 . 2010-02-06 21:53 -------- d-----w- c:\program files\CCleaner
2010-02-06 21:04 . 2010-02-06 21:05 -------- d-----w- C:\gmer
2010-02-06 20:51 . 2010-02-06 22:19 -------- d-----w- C:\rsit
2010-02-03 23:19 . 2010-02-04 13:42 -------- d-----w- C:\Outlook Express
2010-02-02 22:12 . 2010-02-02 22:12 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- c:\program files\drek
2010-02-02 22:00 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 22:00 . 2010-02-02 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 22:00 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 22:00 . 2010-02-02 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 23:24 . 2010-02-01 14:46 -------- d-----w- c:\windows\system32\org
2010-01-31 22:58 . 2010-01-31 22:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-31 17:48 . 2010-01-31 17:48 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\PCHealth
2010-01-28 15:29 . 2010-02-06 20:22 -------- d-----w- c:\program files\Sophos
2010-01-28 13:59 . 2010-01-28 13:59 -------- d-----w- c:\windows\Sun
2010-01-19 09:36 . 2010-01-19 22:20 -------- d-----w- C:\Outlook Express import
2010-01-14 17:54 . 2010-01-14 17:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-13 01:06 . 2010-01-13 01:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-11 20:44 . 2010-01-11 20:44 667648 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{5A46FE43-08E6-11D5-942B-0000E8932E05}\Jcl.exe
2010-01-11 20:43 . 2010-01-11 20:43 -------- d-----w- c:\program files\Davka
2010-01-11 17:38 . 2010-01-19 09:09 -------- d-----w- C:\CloneCD Images
2010-01-11 17:30 . 2010-01-11 17:30 -------- d-----w- c:\documents and settings\owner\Application Data\FLEXnet
2010-01-11 17:30 . 2010-01-11 17:30 -------- d-----w- c:\documents and settings\owner\Application Data\Zeon
2010-01-11 17:29 . 2010-01-11 17:29 -------- d-----w- c:\documents and settings\owner\Application Data\ScanSoft
2010-01-11 17:05 . 2010-01-11 17:05 -------- d-----w- c:\documents and settings\owner\Application Data\Nuance
2010-01-11 17:04 . 2010-01-11 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-01-11 17:03 . 2010-01-11 17:03 -------- d-----w- c:\program files\Nuance
2010-01-11 17:03 . 2010-01-11 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-11 16:43 . 2010-01-11 16:45 -------- d-----w- C:\OmniPage Professional 17
2010-01-11 16:40 . 2010-01-11 16:40 -------- d-----w- c:\program files\Trend Micro
2010-01-11 16:39 . 2010-01-11 16:39 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2010-01-11 16:39 . 2010-01-11 16:39 -------- d-----w- c:\program files\GiPo@Utilities
2010-01-11 16:37 . 2010-01-11 16:38 -------- d-----w- c:\program files\Compare It!
2010-01-11 16:18 . 2010-01-11 16:18 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-11 16:16 . 2010-01-11 16:17 -------- d-----w- c:\program files\ResponsaCD9
2010-01-11 15:39 . 2010-01-11 15:39 -------- d-----w- c:\program files\MSECache
2010-01-11 15:37 . 2010-01-11 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-11 15:37 . 2010-01-11 15:37 -------- d-----w- c:\documents and settings\owner\Application Data\Office Genuine Advantage
2010-01-11 14:48 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 13:31 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-11 13:31 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 06:39 . 2009-12-07 12:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-10 06:39 . 2009-12-09 07:38 -------- d-----w- c:\documents and settings\owner\Application Data\Skype
2010-02-03 08:05 . 2010-01-10 12:53 -------- d-----w- c:\program files\Info Select
2010-02-01 14:58 . 2009-12-07 12:55 -------- d-----w- c:\program files\KeyText
2010-01-31 23:25 . 2006-04-30 06:55 50620 ----a-w- c:\windows\system32\command.com
2010-01-31 11:06 . 2009-12-07 12:50 -------- d-----w- c:\program files\Michal
2010-01-14 09:12 . 2009-12-09 03:39 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 05:53 . 2009-06-08 01:35 114096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-11 16:47 . 2009-06-08 01:29 -------- d-----w- c:\program files\Common Files\Installshield
2010-01-11 16:20 . 2009-06-08 01:43 -------- d-----w- c:\program files\Java
2010-01-11 16:18 . 2009-12-19 22:38 79488 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 14:51 . 2009-06-08 11:22 -------- d-----w- c:\program files\Microsoft Works
2010-01-10 22:16 . 2010-01-10 22:16 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-10 21:56 . 2010-01-10 21:55 -------- d-----w- c:\program files\Common Files\Real
2010-01-10 21:56 . 2010-01-10 21:56 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-10 21:55 . 2010-01-10 21:55 -------- d-----w- c:\program files\Real
2010-01-10 21:36 . 2010-01-10 21:36 -------- d-----w- c:\documents and settings\owner\Application Data\Roxio
2010-01-10 21:33 . 2010-01-10 21:33 -------- d-----w- c:\program files\HDD Health
2010-01-05 10:00 . 2006-04-30 06:56 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll
2009-12-12 20:58 . 2009-12-12 20:58 -------- d-----w- c:\documents and settings\owner\Application Data\DefenseWall HIPS
2009-12-12 20:55 . 2009-12-09 07:48 -------- d-----w- c:\documents and settings\owner\Application Data\skypePM
2009-12-09 08:08 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-06 15:48 . 2009-12-06 15:48 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-11-21 15:51 . 2006-04-30 06:55 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 09:18 . 2009-12-04 18:55 1673216 ----a-w- c:\windows\system32\BootMan.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-09_21.51.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-10 06:44 . 2010-02-10 06:44 16384 c:\windows\Temp\Perflib_Perfdata_d88.dat
+ 2010-02-10 06:38 . 2010-02-10 06:38 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2007-05-14 428544]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-06-08 60192]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-07-10 16384]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-13 339968]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-13 208896]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-07-15 143360]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-10 198160]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
c:\documents and settings\owner\Start Menu\Programs\Startup\
Kaluach3.lnk - c:\program files\Kaluach3\Kaluach3.exe [2008-7-11 1331200]
KeyText.lnk - c:\program files\KeyText\KeyText.exe [2009-12-7 1303200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-05-10 14:24 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Info Select\\is.exe"=
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28/11/2002 12:43 22016]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [15/05/2008 01:21 19496]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [09/05/2008 14:50 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/05/2008 16:11 1160440]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [08/06/2009 03:49 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [15/05/2008 01:25 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09/05/2008 14:50 253952]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [08/06/2009 03:33 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [08/06/2009 03:35 72448]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [08/06/2009 03:39 475136]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [08/06/2009 03:21 244368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [23/02/2008 00:54 37312]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [04/12/2009 20:55 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [04/12/2009 20:55 8456]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/05/2008 16:24 102400]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2010 00:00 19160]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F6.tmp --> c:\windows\system32\F6.tmp [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 17:15 1120752]
.
Contents of the 'Scheduled Tasks' folder
2010-02-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 12:54]
2010-02-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 15:36]
2010-02-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-08 16:41]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/ncrIE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Θ÷α ∞- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: buy-internet-security10.com
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: buy-internet-security10.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-10 10:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\ATGinaHook.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2010-02-10 10:03:03
ComboFix-quarantined-files.txt 2010-02-10 08:03
ComboFix2.txt 2010-02-09 21:53
Pre-Run: 42,541,748,224 bytes free
Post-Run: 42,500,812,800 bytes free
- - End Of File - - 2B073E84FA28797A155A48928C7F3067
Logfile of random's system information tool 1.06 (written by random/random)
Run by owner at 2010-02-10 10:12:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (37%) free of 108 GB
Total RAM: 3032 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:32, on 10/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\X1\X1FileMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\Kaluach3\Kaluach3.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\X1\X1.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\X1\X1Service.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\owner\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nuance OmniPage 17-reminder] "C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
O4 - HKCU\..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Kaluach3.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: X1.lnk = C:\Program Files\X1\X1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Kaluach3.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe (User 'Default user')
O4 - .DEFAULT Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'Default user')
O4 - .DEFAULT Startup: X1.lnk = C:\Program Files\X1\X1.exe (User 'Default user')
O4 - Startup: Kaluach3.lnk = ?
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe
O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Θ÷α ∞- Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ετ≈° - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/get/s ... wflash.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel« PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel« PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel« PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
--
End of file - 15171 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-10 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-14 808248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2008-05-29 367128]
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-06-08 60192]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-07 181536]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-04 242976]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-03-07 167936]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2008-05-10 9318400]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-15 487424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-06-08 165208]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-06-08 124248]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\amsg.exe [2007-02-01 419376]
"CameraApplicationLauncher"=C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [2008-07-10 16384]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-07-15 143360]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2008-06-14 3073336]
"CloneCDElbyCDFL"=C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056]
"CloneCDTray"=C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [2002-12-02 73728]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-10 198160]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Nuance OmniPage 17-reminder"=C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe [2008-11-03 54560]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"=C:\Program Files\X1\X1FileMonitor.exe [2007-05-14 428544]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"HDDHealth"=C:\Program Files\HDD Health\HDDHealth.exe [2008-06-15 1692672]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\owner\Start Menu\Programs\Startup
Kaluach3.lnk - C:\Program Files\Kaluach3\Kaluach3.exe
KeyText.lnk - C:\Program Files\KeyText\KeyText.exe
X1 System Tray.lnk - C:\Program Files\X1\X1Systray.exe
X1.lnk - C:\Program Files\X1\X1.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ATFUS]
C:\WINDOWS\system32\FpWinLogonNp.dll [2008-05-10 180224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Info Select\is.exe"="C:\Program Files\Info Select\is.exe:*:Enabled:Info Select"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-10 10:03:04 ----A---- C:\ComboFix.txt
2010-02-10 10:02:01 ----A---- C:\Log.txt
2010-02-09 23:45:30 ----A---- C:\Boot.bak
2010-02-09 23:45:28 ----RASHD---- C:\cmdcons
2010-02-09 23:44:50 ----A---- C:\WINDOWS\zip.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\SWSC.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\SWREG.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\sed.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\PEV.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\MBR.exe
2010-02-09 23:44:50 ----A---- C:\WINDOWS\grep.exe
2010-02-09 23:44:44 ----D---- C:\WINDOWS\ERDNT
2010-02-09 23:44:08 ----D---- C:\Qoobox
2010-02-06 23:53:27 ----D---- C:\Program Files\CCleaner
2010-02-06 23:04:49 ----D---- C:\gmer
2010-02-06 22:51:16 ----D---- C:\rsit
2010-02-04 01:19:07 ----D---- C:\Outlook Express
2010-02-03 00:12:00 ----D---- C:\Documents and Settings\owner\Application Data\Malwarebytes
2010-02-03 00:05:26 ----D---- C:\Program Files\drek
2010-02-03 00:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-03 00:00:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-01 21:27:50 ----A---- C:\DREK.BAK
2010-02-01 01:24:23 ----D---- C:\WINDOWS\system32\org
2010-02-01 00:58:02 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-01-28 17:29:21 ----D---- C:\Program Files\Sophos
2010-01-28 15:59:36 ----D---- C:\WINDOWS\Sun
2010-01-19 11:36:24 ----D---- C:\Outlook Express import
2010-01-13 03:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 03:06:40 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-11 22:43:56 ----D---- C:\Program Files\Davka
2010-01-11 19:38:57 ----D---- C:\CloneCD Images
2010-01-11 19:30:09 ----D---- C:\Documents and Settings\owner\Application Data\FLEXnet
2010-01-11 19:30:01 ----D---- C:\Documents and Settings\owner\Application Data\Zeon
2010-01-11 19:29:58 ----D---- C:\Documents and Settings\owner\Application Data\ScanSoft
2010-01-11 19:05:29 ----D---- C:\Documents and Settings\owner\Application Data\Nuance
2010-01-11 19:05:23 ----A---- C:\WINDOWS\MAXLINK.INI
2010-01-11 19:04:39 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2010-01-11 19:03:28 ----D---- C:\Program Files\Nuance
2010-01-11 19:03:28 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2010-01-11 18:43:55 ----D---- C:\OmniPage Professional 17
2010-01-11 18:40:12 ----D---- C:\Program Files\Trend Micro
2010-01-11 18:39:43 ----D---- C:\Program Files\Common Files\Gibinsoft Shared
2010-01-11 18:39:42 ----D---- C:\Program Files\GiPo@Utilities
2010-01-11 18:37:33 ----D---- C:\Program Files\Compare It!
2010-01-11 18:20:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-11 18:20:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-11 18:20:27 ----A---- C:\WINDOWS\system32\java.exe
2010-01-11 18:17:45 ----A---- C:\WINDOWS\RESPONSA.INI
2010-01-11 18:16:53 ----D---- C:\Program Files\ResponsaCD9
2010-01-11 17:39:08 ----D---- C:\Program Files\MSECache
2010-01-11 17:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-01-11 17:37:17 ----D---- C:\Documents and Settings\owner\Application Data\Office Genuine Advantage
2010-01-11 16:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\zh-TW
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\zh-HK
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\tr-TR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\sv-SE
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\pt-BR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\nl-NL
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\nb-NO
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\ko-KR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\it-IT
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\he-IL
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\fr-FR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\fi-FI
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\es-ES
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\el-GR
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\de-DE
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\da-DK
2010-01-11 16:54:30 ----D---- C:\WINDOWS\system32\ar-SA
2010-01-11 15:31:52 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-11 15:31:52 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-11 15:31:52 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-11 00:16:29 ----D---- C:\Program Files\Microsoft Security Essentials
======List of files/folders modified in the last 1 months======
2010-02-10 10:11:23 ----D---- C:\WINDOWS\Prefetch
2010-02-10 10:11:14 ----D---- C:\WINDOWS\Temp
2010-02-10 10:10:59 ----D---- C:\Documents and Settings\owner\Application Data\Skype
2010-02-10 10:10:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-10 10:10:47 ----A---- C:\sysiclog.txt
2010-02-10 10:10:46 ----AD---- C:\WINDOWS\system32
2010-02-10 10:10:37 ----A---- C:\WINDOWS\system32\log.txt
2010-02-10 10:10:24 ----A---- C:\WINDOWS\system32\ICAutoUpdate.log.bak
2010-02-10 10:09:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-10 10:08:27 ----A---- C:\WINDOWS\wincmd.ini
2010-02-10 10:01:21 ----AD---- C:\WINDOWS
2010-02-10 10:01:21 ----A---- C:\WINDOWS\system.ini
2010-02-10 10:00:51 ----RD---- C:\Program Files
2010-02-10 09:59:00 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 09:59:00 ----D---- C:\WINDOWS\AppPatch
2010-02-10 09:58:59 ----D---- C:\Program Files\Common Files
2010-02-10 09:51:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-10 08:44:04 ----SD---- C:\WINDOWS\Tasks
2010-02-09 23:50:05 ----D---- C:\WINDOWS\system32\config
2010-02-09 23:45:30 ----RASH---- C:\boot.ini
2010-02-07 09:24:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-07 00:09:08 ----D---- C:\WINDOWS\Debug
2010-02-06 23:05:43 ----D---- C:\WINDOWS\Help
2010-02-05 11:04:12 ----HD---- C:\WINDOWS\inf
2010-02-05 08:51:25 ----D---- C:\WINDOWS\security
2010-02-05 08:22:32 ----SHD---- C:\WINDOWS\Installer
2010-02-05 08:22:04 ----D---- C:\Documents and Settings
2010-02-03 10:05:58 ----D---- C:\Program Files\Info Select
2010-02-03 10:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-02 01:38:41 ----RD---- C:\My Documents
2010-02-01 16:58:16 ----D---- C:\Program Files\KeyText
2010-02-01 01:25:50 ----A---- C:\WINDOWS\system32\command.com
2010-01-31 13:06:57 ----D---- C:\Program Files\Michal
2010-01-29 17:02:28 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-29 00:29:43 ----SHD---- C:\System Volume Information
2010-01-29 00:29:43 ----D---- C:\WINDOWS\system32\Restore
2010-01-24 02:21:26 ----D---- C:\Program Files\Internet Explorer
2010-01-24 02:14:02 ----ASHD---- C:\WINDOWS\system32\dllcache
2010-01-24 02:13:55 ----D---- C:\WINDOWS\system32\en-US
2010-01-22 06:00:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-19 11:54:57 ----D---- C:\Programs
2010-01-19 11:54:57 ----D---- C:\Help
2010-01-19 11:35:52 ----D---- C:\My Downloads - pdf
2010-01-19 11:33:42 ----D---- C:\My Downloads - htm
2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-13 03:09:01 ----A---- C:\WINDOWS\win.ini
2010-01-13 03:08:09 ----RSD---- C:\WINDOWS\assembly
2010-01-11 22:44:01 ----RSD---- C:\WINDOWS\Fonts
2010-01-11 19:05:11 ----D---- C:\WINDOWS\WinSxS
2010-01-11 18:47:34 ----D---- C:\Program Files\Common Files\Installshield
2010-01-11 18:20:14 ----D---- C:\Program Files\Java
2010-01-11 17:42:23 ----D---- C:\Program Files\Microsoft Office
2010-01-11 17:42:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-11 16:51:42 ----D---- C:\Program Files\Microsoft Works
2010-01-11 16:45:10 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-11 00:16:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-07-02 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-09 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-09 28120]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-07-13 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-06-08 4608]
R1 tvtumon;tvtumon; C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-05-09 46144]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2007-06-19 35064]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2007-06-19 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2007-06-19 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2007-06-19 105048]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2007-06-19 26744]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2007-06-19 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2007-06-19 98136]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2007-06-19 93752]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-03-20 11904]
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2009-06-08 33536]
R3 5U875UVC;Integrated Camera; C:\WINDOWS\system32\DRIVERS\5U875.sys [2008-04-22 72448]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-03-07 154672]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\WINDOWS\System32\Drivers\ATSwpWDF.sys [2008-05-10 475136]
R3 BTDriver;ε≡Σ∞ Σ·≈∩ ·≈∙σ°· σΘ°Φσα∞Θ· Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-03-27 990632]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2008-05-22 754176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-03-27 244368]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-02-20 22696]
R3 NETw5x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-05-01 3627776]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-08 30144]
R3 tpm;tpm; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-03-26 13824]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2008-02-23 37312]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 btaudio;Σ·≈∩ ∙ε≥ Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-03-10 534312]
S3 BTWDNDIS;∙°· ΓΘ∙Σ LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 catchme;catchme; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\F6.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-07-15 90112]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-07-15 212992]
R2 astcc;AST Service; C:\WINDOWS\system32\ASTSRV.EXE [2009-08-24 61760]
R2 ATService;AuthenTec Fingerprint Service; C:\WINDOWS\system32\AtService.exe [2008-05-10 1160440]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-03-28 342624]
R2 EvtEng;Intel« PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-06 815104]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-02-20 36128]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-05-29 174616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-07-13 94208]
R2 RegSrvc;Intel« PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-06 466944]
R2 S24EventMonitor;Intel« PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-05-06 901120]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-05-25 32768]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2008-06-14 746808]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-15 37416]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2008-06-14 779576]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-15 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-05-15 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-05-15 1155072]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 253952]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FingerprintServer;Fingerprint Server; C:\WINDOWS\system32\FpLogonServ.exe [2008-05-10 102400]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-07 855552]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-02-10 10:12:34
======Uninstall list======
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Ample Notice for Windows-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ANW2\Uninst.isu"
Camera Center-->MsiExec.exe /X{668ACF05-E455-4932-A2D2-5822A8206FEB}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Client Security - Password Manager-->MsiExec.exe /I{44E9D4C2-946C-4378-9354-558803C47A68}
ClipCache Pro 3.1.0-->"C:\Program Files\ClipCache\unins000.exe"
CloneCD-->"C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
Compare It!-->"C:\Program Files\Compare It!\unins000.exe"
Compare It!-->"C:\Program Files\Compare It!\unins001.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ITPKDCHI5.INF
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
EASEUS Partition Master 4.1.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 4.1.1 Home Edition\unins000.exe"
GiPo@MoveOnBoot 1.9.5-->MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
HDD Health v3.3 Beta-->"C:\Program Files\HDD Health\unins000.exe"
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB949764)-->"C:\WINDOWS\$NtUninstallKB949764$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Integrated Camera Driver Installer Package Ver.1.18.500.0-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Integrated Camera TWAIN-->C:\Program Files\InstallShield Installation Information\{356C896A-6BE6-487D-AA37-C999F945E6CF}\setup.exe -runfromtemp -l0x0009 -removeonly
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel« Active Management Technology-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel« Trusted Platform Module-->C:\WINDOWS\system32\iTPMudlg.exe -uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 16-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150160}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Judaic Classics Library-->MsiExec.exe /I{5A46FE43-08E6-11D5-942B-0000E8932E05}
KeyText v3-->"C:\Program Files\KeyText\unins000.exe"
Lenovo Fingerprint Software-->MsiExec.exe /X{8EF140A7-B1D6-464E-82B4-C8925202FE54}
Lenovo Registration-->C:\Program Files\Lenovo Registration\uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\drek\unins000.exe"
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Michal-->C:\WINDOWS\unmichal.exe
Micro Logic Info Select 2007-->C:\PROGRA~1\INFOSE~1\UNWISE.EXE C:\PROGRA~1\INFOSE~1\install.dat
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 English User Interface Pack-->MsiExec.exe /I{901E0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word Viewer 97-->C:\Program Files\WordView\setup\setup.exe
Mobile Broadband Connect-->MsiExec.exe /I{08163A7B-A683-4201-9166-BA4E65D263ED}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nuance OmniPage 17-->MsiExec.exe /I{34AFE453-F544-4269-89C9-CAB7F0744963}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Rescue and Recovery-->MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
Responsa CD9-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\RESPON~1\Uninst.isu
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Creator Business Edition-->C:\Documents and Settings\All Users\Application Data\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Business Edition-->MsiExec.exe /I{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
SkypeÖ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
THE Rename 2.1.6-->"C:\Program Files\THE Rename\unins000.exe"
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\Setup.exe" -l0x9 UNINSTALL
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\SETUP.EXE" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\Setup.exe" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Total Commander (Remove or Repair)-->c:\Program Files\Totalcmd\tcuninst.exe
Ultralingua 5.0-->"C:\Program Files\Ultralingua\Ultralingua 5\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Verizon Wireless BroadbandAccess Self Activation-->MsiExec.exe /I{3F963A06-7C18-4039-9789-9644B3266AE7}
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\atswpwdf_A57C5C0A17B945D4A0696BA72895CD59734EF6D9\atswpwdf.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar-->MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
X1-->MsiExec.exe /I{B59200E8-9283-41ED-B618-0B0DB06CDE8B}
XnView 1.95.4-->"C:\Program Files\XnView\unins000.exe"
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
τßΘ∞· ·αΘεσ· ≥ßσ° εΣπσ°· 2007 ∙∞ ε≥°δ· Office-->MsiExec.exe /X{90120000-0020-040D-0000-0000000FF1CE}
=====HijackThis Backups=====
O15 - Trusted Zone:
http://*.is-software-download.com [2010-02-10]
O4 - .DEFAULT Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'Default user') [2010-02-10]
O15 - Trusted Zone:
http://*.is-software-download25.com [2010-02-10]
O15 - Trusted Zone:
http://*.is-soft-download.com [2010-02-10]
O15 - Trusted Zone:
http://*.buy-internet-security10.com (HKLM) [2010-02-10]
O4 - S-1-5-18 Startup: tclock.lnk = C:\Program Files\Tclock\tclock.exe (User 'SYSTEM') [2010-02-10]
O15 - Trusted Zone:
http://*.buy-internet-security10.com [2010-02-10]
======Security center information======
AV: Microsoft Security Essentials (disabled)
======System event log======
Computer Name: LENOVO
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409 Scan ID: {ED23EA15-B96C-45B7-8923-A7CC8E7540D7}
User: LENOVO\owner
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: service:WAM
Alert Type: Unclassified software
Detection Type:
Record Number: 2210
Source Name: WinDefend
Time Written: 20100113075428.000000+120
Event Type: warning
User:
Computer Name: LENOVO
Event Code: 7000
Message: The SessionLauncher service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 2190
Source Name: Service Control Manager
Time Written: 20100113075325.000000+120
Event Type: error
User:
Computer Name: LENOVO
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.
Record Number: 2174
Source Name: Print
Time Written: 20100113030909.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: LENOVO
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.
Record Number: 2173
Source Name: Print
Time Written: 20100113030908.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: LENOVO
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.
Record Number: 2172
Source Name: Print
Time Written: 20100113030906.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
Record Number: 132
Source Name: crypt32
Time Written: 20090805192331.000000+180
Event Type: error
User:
Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
Record Number: 129
Source Name: crypt32
Time Written: 20090805192329.000000+180
Event Type: error
User:
Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
Record Number: 128
Source Name: crypt32
Time Written: 20090805192326.000000+180
Event Type: error
User:
Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
Record Number: 125
Source Name: crypt32
Time Written: 20090805192325.000000+180
Event Type: error
User:
Computer Name: LENOVO-865825C6
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
Record Number: 124
Source Name: crypt32
Time Written: 20090805192325.000000+180
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Intel\WiFi\bin;c:\Program Files\Common Files\Lenovo;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Lenovo\Client Security Solution
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=170a
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"SWSHARE"=C:\SWSHARE
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TPCCommon"=C:\PROGRA~1\THINKV~1\PrdCtr
"TVT"=C:\Program Files\Lenovo
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24
"windir"=%SystemRoot%
-----------------EOF-----------------
Thanks
cmili