ComboFix.txt
****************
ComboFix 11-11-28.02 - Thomas 11/28/2011 4:24.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1322 [GMT -6:00]
Running from: c:\documents and settings\Thomas\My Documents\TV downloads\Malware stuff\T61 prob\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\CSC\d6
c:\windows\system32\IWPDGINA.DLL
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 01:42 . 2011-11-28 01:42 24770 ----a-w- c:\windows\cscmondump.bin
2011-11-27 22:17 . 2011-11-28 01:48 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\LogMeIn Rescue Applet
2011-11-22 04:27 . 2011-11-22 04:27 -------- d-----w- c:\documents and settings\Thomas\Application Data\Kana Solution
2011-11-22 04:27 . 2011-11-28 01:48 -------- d-----w- c:\program files\DynDNS Updater
2011-11-20 01:20 . 2011-11-20 01:20 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\tjnet
2011-11-17 22:05 . 2011-11-17 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2011-11-17 22:04 . 2011-11-17 22:04 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\magicJack
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 01:21 . 2011-06-08 11:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2006-04-30 07:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-19 02:03 . 2011-09-19 02:03 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-09-06 13:20 . 2006-04-30 06:55 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00 . 2010-01-16 04:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 19:14 . 2009-11-24 19:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 18:10 . 2009-11-28 18:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"DynDNS Updater"="c:\program files\DynDNS Updater\DynDNS.exe" [2006-09-17 1352704]
"DoubleMySpeed Registry Cleaner"="c:\program files\CyberDefender\Registry Cleaner\CDregclean.exe" [2011-05-13 7298664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-03-03 513384]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-03-03 208896]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-12-01 55048]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-15 15136]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"EZEJTRAY"="c:\progra~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE" [2009-12-01 227904]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-01-19 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1206544]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2010-04-23 154112]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-29 273544]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-25 607584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 22:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 22:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 18:41 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\MegaSquirt\\MS Download 2.00\\gms2dl.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:magicjack
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [5/23/2010 11:55 AM 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 11:10 AM 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/23/2010 1:50 PM 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 4:16 PM 207400]
R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [6/3/2009 4:16 PM 51240]
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [6/27/2011 6:21 PM 65536]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [5/23/2010 11:55 AM 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2/22/2009 8:59 AM 53248]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 12:47 PM 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [7/9/2007 12:23 AM 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/27/2011 9:59 AM 106104]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 5:59 PM 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/21/2009 7:48 PM 44984]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [7/16/2010 4:23 PM 6638080]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 11:51 AM 23888]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdate1ca29a6c32e3218;Google Update Service (gupdate1ca29a6c32e3218);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2009 1:19 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2009 1:19 PM 133104]
S3 M3usb;M3CHIP USB;c:\windows\system32\drivers\M3usb.sys [2/20/2010 3:58 PM 75347]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [6/27/2011 7:39 PM 51072]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 11:19 PM 56448]
S3 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 10:42 AM 14088]
S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [1/24/2007 2:01 AM 7680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 12:56 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 6:21 AM 92592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-30 19:19]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-30 19:19]
.
2011-11-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-565364128-1853655877-392857975-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-11-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-565364128-1853655877-392857975-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files\UAPick\UABtn.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\beta\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-11-28 04:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Thomas\Application Data\CyberDefender\Registry Cleaner\cdrcupdate.ini 0 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1888)
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
.
- - - - - - - > 'lsass.exe'(1948)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(3976)
c:\windows\system32\WININET.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\fxssvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Symantec\Symantec Endpoint Protection\DoScan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SavUI.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2011-11-28 04:51:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 10:51
.
Pre-Run: 3,376,144,384 bytes free
Post-Run: 3,421,126,656 bytes free
.
- - End Of File - - 243D7901B23F6F8F7FE33388C1FF3779