No themeface
ComboFix 11-08-18.01 - LENOVO 18/08/2011 23:28:07.6.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.1943.705 [GMT 1:00]
Running from: c:\users\LENOVO\Desktop\ComboFix.exe
Command switches used :: c:\users\LENOVO\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\roboot.exe"
"c:\windows\Tasks\RegClean Pro_DEFAULT.job"
"c:\windows\Tasks\RegClean Pro_UPDATES.job"
"c:\windows\TEMP\TMP0000007C8CF93F66D2BD0D6F"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\RegClean Pro
c:\program files\RegClean Pro\Chinese_rcp.ini
c:\program files\RegClean Pro\CleanSchedule.exe
c:\program files\RegClean Pro\Danish_rcp.ini
c:\program files\RegClean Pro\Dutch_rcp.ini
c:\program files\RegClean Pro\eng_rcp.ini
c:\program files\RegClean Pro\Finnish_rcp_fi.ini
c:\program files\RegClean Pro\French_rcp.ini
c:\program files\RegClean Pro\German_rcp.ini
c:\program files\RegClean Pro\greek_rcp_el.ini
c:\program files\RegClean Pro\install_left_image.bmp
c:\program files\RegClean Pro\isxdl.dll
c:\program files\RegClean Pro\Italian_rcp.ini
c:\program files\RegClean Pro\Japanese_rcp.ini
c:\program files\RegClean Pro\korean_rcp_ko.ini
c:\program files\RegClean Pro\Norwegian_rcp.ini
c:\program files\RegClean Pro\polish_rcp_pl.ini
c:\program files\RegClean Pro\portugese_rcp_pt.ini
c:\program files\RegClean Pro\Portuguese_rcp.ini
c:\program files\RegClean Pro\RCPUninstall.exe
c:\program files\RegClean Pro\RegCleanPro.dll
c:\program files\RegClean Pro\RegCleanPro.exe
c:\program files\RegClean Pro\russian_rcp_ru.ini
c:\program files\RegClean Pro\Spanish_rcp.ini
c:\program files\RegClean Pro\Swedish_rcp.ini
c:\program files\RegClean Pro\TraditionalCn_rcp_zh-tw.ini
c:\program files\RegClean Pro\turkish_rcp_tr.ini
c:\program files\RegClean Pro\unins000.dat
c:\program files\RegClean Pro\unins000.exe
c:\program files\RegClean Pro\unins000.msg
c:\program files\RegClean Pro\xmllite.dll
c:\program files\TeamViewer\Version5
c:\program files\TeamViewer\Version5\CopyRights.txt
c:\program files\TeamViewer\Version5\install.exe
c:\program files\TeamViewer\Version5\install64.exe
c:\program files\TeamViewer\Version5\Licence.txt
c:\program files\TeamViewer\Version5\Lizenz_TeamViewer_EN.txt
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\TeamViewer\Version5\TeamViewer_Desktop.exe
c:\program files\TeamViewer\Version5\TeamViewer_Resource_ar.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_cs.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_da.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_de.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_en.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_es.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_fi.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_fr.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_it.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_ja.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_ko.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_nl.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_no.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_pl.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_pt.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_ru.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_sv.dll
c:\program files\TeamViewer\Version5\TeamViewer_Resource_tr.dll
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\TeamViewer\Version5\TeamViewer5_Logfile.log
c:\program files\TeamViewer\Version5\TV.dll
c:\program files\TeamViewer\Version5\tvinfo.ini
c:\program files\TeamViewer\Version5\UNICOWS.DLL
c:\program files\TeamViewer\Version5\uninstall.exe
c:\program files\TeamViewer\Version5\w2k\TeamViewerVPN.inf
c:\program files\TeamViewer\Version5\w2k\teamviewervpn.sys
c:\program files\TeamViewer\Version5\x64\teamviewervpn.cat
c:\program files\TeamViewer\Version5\x64\TeamViewerVPN.inf
c:\program files\TeamViewer\Version5\x64\teamviewervpn.sys
c:\program files\TeamViewer\Version5\x86\teamviewervpn.cat
c:\program files\TeamViewer\Version5\x86\TeamViewerVPN.inf
c:\program files\TeamViewer\Version5\x86\teamviewervpn.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TEAMVIEWER5
-------\Service_TeamViewer5
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 22:42 . 2011-08-18 22:47 -------- d-----w- c:\users\LENOVO\AppData\Local\temp
2011-08-18 22:42 . 2011-08-18 22:42 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-18 22:42 . 2011-08-18 22:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-18 22:42 . 2011-08-18 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-18 13:42 . 2011-08-18 13:42 -------- d-----w- c:\program files\Speccy
2011-08-18 12:22 . 2011-08-18 12:22 -------- d-----w- C:\_OTL
2011-08-17 10:31 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AF3A294-2491-4E1D-8555-0F43304203B9}\mpengine.dll
2011-08-16 20:51 . 2011-08-16 20:51 -------- d-----w- c:\users\LENOVO\AppData\Roaming\Systweak
2011-08-16 20:50 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe
2011-08-15 21:48 . 2011-08-15 21:48 -------- d-----w- c:\users\LENOVO\AppData\Roaming\JGsoft
2011-08-15 21:47 . 2011-08-15 21:47 -------- d-----w- c:\program files\JGsoft
2011-08-15 21:47 . 2011-05-16 02:33 67312 ----a-w- c:\windows\UnDeployV.exe
2011-08-10 20:00 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 20:00 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:00 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-08 19:23 . 2011-08-18 11:48 -------- d-----w- c:\users\LENOVO\AppData\Roaming\.minecraft
2011-07-27 17:16 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-27 17:16 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2010-09-02 00:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2010-09-02 00:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-08-25 16:06 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-08-25 16:06 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-01 21:39 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-08-25 16:07 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-08-25 16:07 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-08-25 16:07 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-08-25 16:07 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-08-25 16:07 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-18 17:54 . 2011-06-18 17:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 13:45 . 2011-05-08 19:28 187328 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2011-06-17 13:40 . 2011-05-08 19:27 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-06-15 11:07 . 2011-01-19 00:59 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-05-24 18:14 . 2010-08-25 16:45 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-26 61728]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-04-22 49976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-04-15 660768]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-10 435560]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-12-10 181608]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes2\iTunesHelper.exe" [2011-06-07 421160]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-02 273544]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk
backup=c:\windows\pss\ShortKeys 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 3.lnk
backup=c:\windows\pss\ShortKeys 3.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 16:51 421160 ----a-w- c:\program files\iTunes2\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-15 19:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-02 00:01 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-27 106496]
R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-21 4208208]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-01-29 20520]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-27 1676536]
S2 DDNIOEMService;DDNIOEMService;c:\program files\DDNI\SBITS\DDNIOEMService.exe [2007-09-28 162280]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-27 98304]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-04-15 66848]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-19 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-09-19 54784]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-27 482176]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-08-14 220152]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000Core.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000UA.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2010-08-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\xqbyuseu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep:
[email protected] - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-facetheme - c:\program files\Object\facetheme_uninstall.exe
AddRemove-RegClean Pro_is1 - c:\program files\RegClean Pro\unins000.exe
AddRemove-TeamViewer 5 - c:\program files\TeamViewer\Version5\uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1853308285-865056411-922338472-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA3DD5C5-2F6F-E749-D4A2-0D91BDF20D27}*]
"hahipkcgcajjaeco"=hex:6a,61,66,64,6b,64,61,61,68,64,63,70,68,6f,62,69,6b,6d,
68,68,00,00
"iafbhlgohffmfmhbmf"=hex:63,61,63,65,65,63,00,7f
"iabjjmomdcemelfdgo"=hex:6a,61,66,64,6b,64,61,61,68,64,63,70,68,6f,62,69,6b,6d,
68,68,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1672)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-18 23:55:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-18 22:55
ComboFix2.txt 2011-08-18 12:15
ComboFix3.txt 2011-05-08 15:29
.
Pre-Run: 34,602,795,008 bytes free
Post-Run: 34,120,822,784 bytes free
.
Current=10 Default=10 Failed=1 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - F987FE36AF5EDDB04626F791E8837C66