Thread: Command Helper
View Single Post
Old 06-17-2008, 11:43 PM   #5 (permalink)
Folo
Registered User
 
Join Date: Jun 2008
Posts: 8
OS: Windows XP


Re: Command Helper
Hello,

Yes, I removed Norton/Symantec because it bugged me every time I started up about re-subscribing so I thought that I should just get rid of it. I thought Spybot would provide equivalent service. It seems that I was wrong.

I downloaded the service pack before ComboFix and then dragged the icons as instructed. Things did not happen in quite the order described (I was informed of Service Pack's successful installation after agreeing to the ComboFix agreement/Warning) but I did reach the screen you posted saying Service Pack was installed.

A few things happened afterwards that I thought I might tell you about. First, while ComboFix was running, a dialogue window appeared that read, "\WINDOW\system32\mrch.tmp is corruped and unreadable. Please run the Chkdsk utility."

Second, ComboFix restarted my computer. It ran chdsk while starting, though I don't know if it fixed the file.

Third, a program called Find3M spat out a log file, which I assume was ComboFix's. Spybot complained about a lot of registry changes occurring while the log file was being generated so I turned it off.

Here are the contents of log.txt:

Running from: C:\Documents and Settings\Frank Palmer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Frank Palmer\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM1bfa5ac4.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\RnJhbmsgUGFsbWVy\
C:\WINDOWS\RnJhbmsgUGFsbWVy\\asappsrv.dll
C:\WINDOWS\RnJhbmsgUGFsbWVy\\command.exe
C:\WINDOWS\RnJhbmsgUGFsbWVy\\lBL1vAP0o3IPvqpV.vbs
C:\WINDOWS\RnJhbmsgUGFsbWVy\command.exe
C:\WINDOWS\system32\BeOXwyxx.ini
C:\WINDOWS\system32\BeOXwyxx.ini2
C:\WINDOWS\system32\bngfltfw.dll
C:\WINDOWS\system32\CJkRqBeg.ini
C:\WINDOWS\system32\CJkRqBeg.ini2
C:\WINDOWS\system32\drivers\kmixerr.sys
C:\WINDOWS\system32\emxyscir.ini
C:\WINDOWS\system32\FeMSBcdd.ini
C:\WINDOWS\system32\FeMSBcdd.ini2
C:\WINDOWS\system32\gmbkfjwd.exe
C:\WINDOWS\system32\hkjTvyay.ini
C:\WINDOWS\system32\hkjTvyay.ini2
C:\WINDOWS\system32\iqtkvuac.ini
C:\WINDOWS\system32\ltlsdunj.dll
C:\WINDOWS\system32\luvoiund.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\ogfpamlg.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\quddsseu.dll
C:\WINDOWS\system32\ricsyxme.dll
C:\WINDOWS\system32\svfjtifg.dll
C:\WINDOWS\system32\uacvtpwo.exe
C:\WINDOWS\system32\uekbmdke.ini
C:\WINDOWS\system32\xlftustb.dll
C:\WINDOWS\system32\yutwavys.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_KMIXERR
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_kmixerr


((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 01:06 . 2008-06-18 01:06 49,165 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-06-18 01:06 . 2008-06-18 01:06 32 --a------ C:\WINDOWS\system32\msnav32.ax
2008-06-12 21:00 . 2008-06-12 21:00 <DIR> d-------- C:\Deckard
2008-06-12 20:24 . 2008-06-12 20:24 <DIR> d-------- C:\ie-spyad_zo
2008-06-12 20:18 . 2008-06-12 20:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-12 20:18 . 2008-06-12 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-12 20:07 . 2008-06-12 20:13 <DIR> d-------- C:\Program Files\Panda Security
2008-06-12 19:37 . 2008-06-12 19:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-12 19:34 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 19:34 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-24 03:10 . 2008-05-24 03:10 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._
2008-05-24 03:10 . 2008-05-24 03:10 687,592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-05-24 03:01 . 2008-06-12 20:52 215 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 19:10 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-18 08:16 223,805 ------w C:\WINDOWS\system32\drivers\core.cache.dsk
2007-07-13 23:56 32,768 --sh--w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2007-07-18 19:29 32,768 --sh--w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007071820070719\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10A81DA3-0157-4161-957E-D91E132DD9BC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38CE7DD8-6482-4DC7-9999-BD3B239311C1}]
C:\WINDOWS\system32\xxywXOeB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D431631-2D76-48B3-BE72-EB709EABB0BC}]
C:\WINDOWS\system32\yayvTjkh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EAA70DB-34E5-439B-AAF6-54D812AC3D59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AB66710-B910-401C-B911-19E31275BD86}]
C:\WINDOWS\system32\ddcBSMeF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83B6EDCC-A4C1-4BC1-87E0-8C332695D458}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{922A7169-1C54-4F7F-BFDF-BD0C11824B49}]
C:\WINDOWS\system32\geBqRkJC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8977957-39fe-9e83-f162-56764104737c}]
2008-05-27 09:29 372224 --a------ C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 21:16 454784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 01:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 01:16 512000]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-17 12:16 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-17 12:16 208896]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 14:03 58416]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 01:49 66176]
"TpShocks"="TpShocks.exe" [2007-03-29 21:40 181808 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 13:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 03:23 1015808]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-17 11:53 8433664]
"nwiz"="nwiz.exe" [2007-05-17 11:53 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-17 11:53 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 16:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 16:03 36975]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 08:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 19:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 06:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 13:02 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 14:00 419376]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 19:24 196696]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-06-29 00:10 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-06-29 00:02 126976]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 22:01 2618944]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 09:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 17:42 267064]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"{96-69-9F-F7-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-06-18 01:06 49165]
"ExploreUpdSched"="C:\WINDOWS\system32\scntpkdm.exe" [2008-06-18 01:07 200768]
"{dc91a275-6051-3973-35b5-37325f88980f}"="C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll" [2008-05-27 09:29 372224]

C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\scntpkdm.exe [2008-06-18 01:07:11 200768]
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [2008-06-18 0148 49165]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-08 12:15:44 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-07-13 19:51:11 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-06-29 00:03 32768 c:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 03:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 22:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvuvv]
xxyyvuvv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Pidgin\\pidgin.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-03-02 20:49]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-03-02 20:47]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 12:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 14:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-06-17 12:16]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 16:11]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2006-09-13 15:42]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 08:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55027c30-feb7-11dc-b461-0013e852cb47}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b20d50d4-da6c-11dc-b436-001a6b383cf9}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 16:56:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-18 04:30:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-18 05:07:02 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 0128
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\rwwnw64d.exe 49165 bytes executable
C:\WINDOWS\system32\scntpkdm.exe 200768 bytes executable
C:\WINDOWS\system32\winpfz33.sys 861 bytes
C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes
C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll 330752 bytes executable
C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll-uninst.exe 63918 bytes executable

scan completed successfully
hidden files: 6

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-18 1:11:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 05:11:08

Pre-Run: 129,100,406,784 bytes free
Post-Run: 129,114,820,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

252 --- E O F --- 2008-06-13 00:53:26



Deckard's System Scanner seems to contain HijackThis, so I thought I'd post the two files it regurgitates (main.txt and extra.txt) in response to your request for a HijackThis log file.


The contents of main.txt:

Deckard's System Scanner v20071014.68
Run by Frank Palmer on 2008-06-18 01:34:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2008-06-18 05:34:23 UTC - RP117 - Deckard's System Scanner Restore Point
38: 2008-06-18 04:52:40 UTC - RP116 - ComboFix created restore point
37: 2008-06-13 01:01:02 UTC - RP115 - Deckard's System Scanner Restore Point
36: 2008-06-13 00:50:34 UTC - RP114 - Software Distribution Service 3.0
35: 2008-06-12 23:33:57 UTC - RP113 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-18 08:21:07 UTC - RP79 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Frank Palmer.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:57 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\windows\system32\rwwnw64d.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\scntpkdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Frank Palmer\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\FRANKP~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {38CE7DD8-6482-4DC7-9999-BD3B239311C1} - C:\WINDOWS\system32\xxywXOeB.dll (file missing)
O2 - BHO: (no name) - {3D431631-2D76-48B3-BE72-EB709EABB0BC} - C:\WINDOWS\system32\yayvTjkh.dll (file missing)
O2 - BHO: (no name) - {5AB66710-B910-401C-B911-19E31275BD86} - C:\WINDOWS\system32\ddcBSMeF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {922A7169-1C54-4F7F-BFDF-BD0C11824B49} - C:\WINDOWS\system32\geBqRkJC.dll (file missing)
O2 - BHO: gooochi browser optimizer - {a8977957-39fe-9e83-f162-56764104737c} - C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{96-69-9F-F7-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [{dc91a275-6051-3973-35b5-37325f88980f}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntpkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: xxyyvuvv - xxyyvuvv.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 13183 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe
R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module>
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe

S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 1352)
2007-06-29 00:03:50 32768 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll <Not Verified; Lenovo; Access Connections>
2007-06-28 23:49:16 143360 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll <Not Verified; Lenovo; Access Connections>
2007-06-28 23:46:00 176128 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll <Not Verified; Lenovo; Access Connections>
2007-06-28 23:45:26 86016 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll <Not Verified; Lenovo; Access Connections>
2006-12-13 2242 28672 -----n--- C:\Program Files\Lenovo\HOTKEY\tphklock.dll

C:\WINDOWS\system32\rundll32.exe (pid 3424)
2007-06-17 12:16:00 200704 -----n--- C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL <Not Verified; Lenovo Group Limited; ThinkPad Power Manager>
2007-06-17 12:16:00 40960 -----n--- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2007-06-17 12:16:00 73728 -----n--- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll

C:\WINDOWS\system32\rundll32.exe (pid 3612)
2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll

C:\WINDOWS\system32\rundll32.exe (pid 3256)
2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-05-17 11:53:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll

C:\WINDOWS\system32\rundll32.exe (pid 2820)
2008-05-27 09:29:22 372224 --a------ C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll
2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll

C:\WINDOWS\explorer.exe (pid 2828)
2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-01-25 02:25:52 69720 -----n--- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-06-18 01:30:00 268 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-18 01:07:02 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-01-09 12:56:00 284 -----n--- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-18 01:07:30 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-06-18 01:07:11 200768 --a------ C:\WINDOWS\system32\scntpkdm.exe
2008-06-18 01:07:10 401972 --a------ C:\WINDOWS\system32\g36.exe
2008-06-18 0148 49165 --a------ C:\WINDOWS\system32\rwwnw64d.exe <Not Verified; ; Browser Driver>
2008-06-18 00:53:19 0 d-------- C:\cmdcons
2008-06-18 00:48:03 68096 --a------ C:\WINDOWS\zip.exe
2008-06-18 00:48:03 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-18 00:48:03 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-18 00:48:03 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-18 00:48:03 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-18 00:48:03 98816 --a------ C:\WINDOWS\sed.exe
2008-06-18 00:48:03 80412 --a------ C:\WINDOWS\grep.exe
2008-06-18 00:48:03 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-12 20:24:11 0 d-------- C:\ie-spyad_zo
2008-06-12 20:18:16 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-12 20:18:08 0 d-------- C:\Program Files\SpywareBlaster
2008-06-12 20:07:16 0 d-------- C:\Program Files\Panda Security
2008-06-12 19:37:40 0 d-------- C:\Program Files\Trend Micro
2008-05-27 09:29:22 372224 --a------ C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll
2008-05-24 03:10:27 687592 --a------ C:\WINDOWS\system32\atmtd.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-05 12:24:34 330752 --a------ C:\WINDOWS\system32\_{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll
2008-05-02 15:10:08 0 d-------- C:\Program Files\Enigma Software Group


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38CE7DD8-6482-4DC7-9999-BD3B239311C1}]
C:\WINDOWS\system32\xxywXOeB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D431631-2D76-48B3-BE72-EB709EABB0BC}]
C:\WINDOWS\system32\yayvTjkh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AB66710-B910-401C-B911-19E31275BD86}]
C:\WINDOWS\system32\ddcBSMeF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{922A7169-1C54-4F7F-BFDF-BD0C11824B49}]
C:\WINDOWS\system32\geBqRkJC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8977957-39fe-9e83-f162-56764104737c}]
05/27/2008 09:29 AM 372224 --a------ C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2006 01:17 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2006 01:16 AM]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [06/17/2007 12:16 PM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [06/17/2007 12:16 PM]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [04/09/2007 02:03 PM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [03/09/2007 01:49 AM]
"TpShocks"="TpShocks.exe" [03/29/2007 09:40 PM C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [03/28/2007 01:32 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/09/2007 03:23 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/17/2007 11:53 AM]
"nwiz"="nwiz.exe" [05/17/2007 11:53 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/17/2007 11:53 AM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [02/08/2007 04:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 04:03 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 08:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 07:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 07:50 PM]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [11/07/2006 06:51 AM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [03/22/2007 01:02 PM]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [02/01/2007 02:00 PM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 07:24 PM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [06/29/2007 12:10 AM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [06/29/2007 12:02 AM]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [01/30/2007 10:01 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 09:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 05:42 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"{96-69-9F-F7-DW}"="c:\windows\system32\rwwnw64d.exe" [06/18/2008 01:06 AM]
"{dc91a275-6051-3973-35b5-37325f88980f}"="C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll" [05/27/2008 09:29 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 09:16 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\scntpkdm.exe [6/18/2008 1:07:11 AM]
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [6/18/2008 148 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/8/2008 12:15:44 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/13/2007 7:51:11 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 06/29/2007 12:03 AM 32768 c:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 03:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/13/2006 10:06 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvuvv]
xxyyvuvv.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55027c30-feb7-11dc-b461-0013e852cb47}]
Auto\command- E:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b20d50d4-da6c-11dc-b436-001a6b383cf9}]
Auto\command- E:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe




-- End of Deckard's System Scanner: finished at 2008-06-18 01:35:40 ------------




... and the contents of extra.txt:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2014.22 MiB / 1102.59 MiB
Pagefile Memory (total/avail): 3906.25 MiB / 3103.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1885.49 MiB

C: is Fixed (NTFS) - 143.55 GiB total, 120.25 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI HTS541616J9SA00 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 143.55 GiB - C:
\PARTITION1 - Unknown - 5.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Pidgin\\pidgin.exe"="C:\\Program Files\\Pidgin\\pidgin.exe:*:Enabled:Pidgin"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Frank Palmer\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FRANKCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
hlainc=C:\hla\include
hlalib=C:\hla\hlalib\hlalib.lib
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Frank Palmer
lib=;C:\hla\hlalib
LOGONSERVER=\\FRANKCOMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\hla;c:\program files\miktex 2.6\miktex\bin;c:\program files\intel\wireless\bin;c:\program files\diskeeper corporation\diskeeper;c:\program files\thinkpad\connectutilities;c:\program files\common files\lenovo;c:\program files\lenovo\client security solution;c:\program files\microsoft sql server\90\tools\binn;c:\program files\quicktime\qtsystem;C:\Program Files\MATLAB\R2007a Student\bin;C:\Program Files\MATLAB\R2007a Student\bin\win32
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\FRANKP~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\FRANKP~1\LOCALS~1\Temp
TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=FRANKCOMPUTER
USERNAME=Frank Palmer
USERPROFILE=C:\Documents and Settings\Frank Palmer
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Frank Palmer (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites --> "C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspell 0.6 Dictionary (Language: en) --> "C:\Documents and Settings\All Users\Application Data\Aspell\Dictionaries\Uninstall-AspellDict-en.exe"
Aspell Data --> "C:\Documents and Settings\All Users\Application Data\Aspell\Uninstall-AspellData.exe"
Aspell English Dictionary-0.50-2 --> "C:\Program Files\Aspell\unins001.exe"
Business Contact Manager for Outlook 2007 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Client Security Solution --> MsiExec.exe /I{F055E1B2-8A05-4D87-8039-1BE979BA4193}
Diskeeper Lite --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
GNU Aspell 0.50-3 --> "C:\Program Files\Aspell\unins000.exe"
GPL Ghostscript 8.57 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.57\uninstal.txt"
GPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
GSview 4.8 --> C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
GTK+ Runtime 2.10.13 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111 -->
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hla v1.98 --> C:\hla\unins000.exe
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lenovo Registration --> C:\Program Files\Lenovo Registration\uninstall.exe
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
LyX 1.5.1-1 --> "C:\Program Files\LyX15\Uninstall-LyX.exe"
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
MATLAB Student R2007a --> C:\Program Files\MATLAB\R2007a Student\uninstall\uninstall.exe C:\Program Files\MATLAB\R2007a Student\
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
MiKTeX 2.6 --> "C:\Program Files\MiKTeX 2.6\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.6\miktex\config\uninstall.dat"
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
PSpice Student 9.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\OrCAD_Demo\DeIsL1.isu"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center --> C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery --> MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo --> MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x9 anything
Update for Office 2007 (KB934528) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type17265 / Error
Event Submitted/Written: 06/17/2008 11:16:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application tvtpwm_tray.exe, version 2.1.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001103c.
Processing media-specific event for [tvtpwm_tray.exe!ws!]

Event Record #/Type17165 / Error
Event Submitted/Written: 06/12/2008 08:14:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module gebqrkjc.dll, version 0.0.0.0, fault address 0x00054ebd.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type17164 / Error
Event Submitted/Written: 06/12/2008 08:13:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module gebqrkjc.dll, version 0.0.0.0, fault address 0x00054ebd.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type17160 / Error
Event Submitted/Written: 06/12/2008 07:36:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x035c2951.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type17110 / Error
Event Submitted/Written: 05/23/2008 03:02:11 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : IEXPLORE: Shared heap exhausted, process ID 994, total alloc:3a458...



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type22023 / Error
Event Submitted/Written: 06/18/2008 00:56:22 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Command Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type21744 / Error
Event Submitted/Written: 06/13/2008 02:26:03 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Event Record #/Type21738 / Error
Event Submitted/Written: 06/13/2008 02:25:58 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Event Record #/Type21734 / Error
Event Submitted/Written: 06/13/2008 02:25:50 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 10.0.1.194 on the
Network Card with network address 0013E852CB47.

Event Record #/Type21733 / Warning
Event Submitted/Written: 06/13/2008 02:25:50 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013E852CB47. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-06-18 01:35:40 ------------
Folo is offline