Explorer killed successfully
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684a908b-da16-11dc-b478-0014a4d8170e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684a908b-da16-11dc-b478-0014a4d8170e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761c-973b-11dc-b459-0014a4d8170e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761c-973b-11dc-b459-0014a4d8170e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761d-973b-11dc-b459-0014a4d8170e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761d-973b-11dc-b459-0014a4d8170e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f660e01c-fa32-11dc-b484-0014a4d8170e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f660e01c-fa32-11dc-b484-0014a4d8170e}\\ deleted successfully.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04102008_192408
main.txt
----------------------------------------------------------------------------------------------------------------------
Deckard's System Scanner v20071014.68
Run by sbl2medic on 2008-04-10 19:33:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
8: 2008-04-10 18:34:00 UTC - RP159 - Deckard's System Scanner Restore Point
7: 2008-04-10 02:01:30 UTC - RP158 - Software Distribution Service 3.0
6: 2008-04-09 07:02:51 UTC - RP157 - System Checkpoint
5: 2008-04-08 05:52:47 UTC - RP156 - Installed Windows XP KB910728.
4: 2008-04-07 11:49:01 UTC - RP155 - System Checkpoint
-- First Restore Point --
1: 2008-04-04 08:40:15 UTC - RP152 - Frank's restore point
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as sbl2medic.exe) -------------------------------------------
logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-10 19:34:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\ZSSnp211.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Domino.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sbl2medic\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://cm.uk.my.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://home.microsof...search.asp?p=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: CCC.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1147776716390O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () -
http://a532.g.akamai...l/installer.exeO17 - HKLM\Software\..\Telephony: DomainName = sbl-02.mgc.no
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = sbl-02.mgc.no
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = sbl-02.mgc.no
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\system32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe
--
End of file - 12839 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 TPDiskPM - c:\windows\system32\drivers\tpdiskpm.sys <Not Verified; Lenovo, Ltd. and IBM Corporation; ThinkPad SATA Power Management Driver>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 SmiHlp (SMI helper driver) - c:\program files\ibm fingerprint software\smihlp.sys <Not Verified; UPEK Inc.; IBM fingerprint software>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 TPInput - c:\windows\system32\drivers\tpinput.sys <Not Verified; Lenovo, Ltd. and IBM Corporation.; ThinkPad SATA Power Management Driver>
S3 catchme - c:\docume~1\sbl2me~1\locals~1\temp\catchme.sys (file missing)
S3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys (file missing)
S3 ZSMC211 (USB PC Camera (ZS0211)) - c:\windows\system32\drivers\zs211.sys <Not Verified; ZSMC Corporation; >
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 IBM Rapid Restore Ultra Service - "c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe" <Not Verified; ; rrpcsb Module>
R2 QCONSVC - system32\qconsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 vtserver (Protector Suite Virtual Token) - "c:\program files\common files\virtual token\vtserver.exe" <Not Verified; UPEK Inc.; IBM fingerprint software>
S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Root Hub
Device ID: USB\ROOT_HUB\4&1B50C3BE&0
Manufacturer: (Standard USB Host Controller)
Name: USB Root Hub
PNP Device ID: USB\ROOT_HUB\4&1B50C3BE&0
Service: usbhub
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2915ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4224&SUBSYS_10118086&REV_05\4&AD1B67F&0&10F0
Manufacturer: Intel® Corporation
Name: Intel® PRO/Wireless 2915ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4224&SUBSYS_10118086&REV_05\4&AD1B67F&0&10F0
Service: w29n51
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\winlogon.exe (pid 816)
2007-04-19 03:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2005-04-13 00:39:58 110179 --a------ C:\Program Files\IBM fingerprint software\psfus.dll <Not Verified; UPEK Inc.; IBM fingerprint software>
2005-04-13 00:32:00 165475 --a------ C:\Program Files\Common Files\Virtual Token\psutil.dll <Not Verified; UPEK Inc.; IBM fingerprint software>
2004-08-13 04:11:26 24576 --a------ C:\WINDOWS\system32\tphklock.dll
C:\WINDOWS\explorer.exe (pid 1292)
2005-05-25 06:21:20 65536 --a------ C:\WINDOWS\system32\BTNCopy.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.600>
2005-04-14 09:01:00 139264 --a------ C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL <Not Verified; IBM Corp.; IBM ThinkPad Utility>
2005-04-14 09:01:00 32768 --a------ C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2005-04-14 09:01:00 73728 --a------ C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2007-03-02 11:44:34 73728 --a------ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll <Not Verified; ; ACE Context Menu>
C:\WINDOWS\system32\rundll32.exe (pid 1932)
2005-04-14 09:01:00 139264 --a------ C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL <Not Verified; IBM Corp.; IBM ThinkPad Utility>
2005-04-14 09:01:00 32768 --a------ C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2005-04-14 09:01:00 73728 --a------ C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
-- Scheduled Tasks -------------------------------------------------------------
2008-04-10 19:28:15 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-04-04 17:15:00 400 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-03-10 and 2008-04-10 -----------------------------
2008-04-09 20:53:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 20:53:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 06:58:05 0 d-------- C:\Documents and Settings\All Users\Application Data\PC-Doctor
2008-04-08 06:55:10 0 d-------- C:\Program Files\PCDR5
2008-04-08 01:00:05 0 d-------- C:\Documents and Settings\sbl2medic\(null)
2008-04-04 09:36:01 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\ATI
2008-04-04 01:52:18 0 d-------- C:\Program Files\Panda Security
2008-04-04 01:25:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-03 19:07:14 0 d-------- C:\WINDOWS\system32\(null)
2008-04-03 19:07:03 0 d-------- C:\Program Files\Common Files\Lenovo
2008-04-03 18:35:18 0 d-------- C:\swshare
2008-04-03 18:07:06 0 dr-h----- C:\Documents and Settings\sbl2medic\Recent
2008-04-03 17:53:39 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\TuneUp Software
2008-04-03 17:51:24 0 d-------- C:\WINDOWS\868D789699D44513BC622B3AD3E24926.TMP
2008-03-30 14:16:08 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-30 14:11:35 0 d-------- C:\DivX
2008-03-29 21:06:10 56 -r-hs---- C:\WINDOWS\system32\29F9D68C07.sys
2008-03-14 08:02:32 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-10 10:20:12 129536 --a------ C:\WINDOWS\system32\IJL15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
-- Find3M Report ---------------------------------------------------------------
2008-04-07 06:40:19 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-04 09:33:52 0 d-------- C:\Program Files\TuneUp Utilities 2006
2008-04-04 01:26:15 0 d-------- C:\Program Files\Lavasoft
2008-04-04 01:22:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 01:10:05 0 d-------- C:\Program Files\ATI Technologies
2008-04-04 01:02:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 00:24:31 0 d-------- C:\Program Files\Java
2008-04-04 00:17:18 2086 --a------ C:\WINDOWS\system32\SMBIOS.bin
2008-04-03 19:25:56 0 d-------- C:\Program Files\VideoLAN
2008-04-03 19:18:06 0 d-------- C:\Program Files\Apple Software Update
2008-04-03 19:07:38 0 d-------- C:\Program Files\Lenovo
2008-04-03 19:07:03 0 d-------- C:\Program Files\Common Files
2008-04-03 18:46:13 0 d-------- C:\Program Files\Canon
2008-04-03 18:40:25 0 d-------- C:\Program Files\InterVideo
2008-04-03 18:28:33 0 d-------- C:\Program Files\DivX
2008-04-03 18:03:02 0 d-------- C:\Program Files\Skype
2008-04-03 17:51:15 0 d-------- C:\Program Files\Starpath
2008-04-03 17:50:54 0 d-------- C:\Program Files\StarCraft
2008-03-31 06:56:51 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\AVG7
2008-03-27 13:34:09 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\Apple Computer
2008-03-14 19:46:06 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-09 21:27:42 9728 --a------ C:\WINDOWS\system32\UnInstall 3D Beauty Vol 1.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [08/11/2004 19:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/11/2004 19:17]
"TpShocks"="TpShocks.exe" [22/11/2007 15:09 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [12/11/2004 09:07 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [23/03/2005 10:11]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [14/04/2005 09:01]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 13:52]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [28/02/2005 10:53]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [19/08/2006 04:37]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [13/01/2008 09:48]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [04/03/2008 10:34]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [14/10/2004 17:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [06/08/2004 15:27]
"Domino"="C:\WINDOWS\Domino.exe" [18/08/2006 09:58]
"@"="" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [10/03/2008 12:00]
C:\Documents and Settings\sbl2medic\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [29/09/2006 09:57:36]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [22/01/2007 13:51:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 03:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\IBM fingerprint software\psfus.dll 13/04/2005 00:39 110179 C:\Program Files\IBM fingerprint software\psfus.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 18/03/2005 11:07 262144 C:\WINDOWS\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 13/08/2004 04:11 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\0\0]
"Script"=\\mgc.no\sysvol\mgc.no\scripts\mgcbgologin.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\1\0]
"Script"=\\Mgc04\NETLOGON\office2003.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\2\0]
"Script"=\\Mgc04\NETLOGON\MGC-Projects.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\3\0]
"Script"=\\Mgc02\netlogon\MGC_Marketing-video.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\4\0]
"Script"=\\Mgc04\NETLOGON\MGC-VismaUsers.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\5\0]
"Script"=\\Mgc04\NETLOGON\MGC-Engineering.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\6\0]
"Script"=\\Mgc02\NETLOGON\MGC_Technical.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\7\0]
"Script"=\\Mgc02\NETLOGON\VpnUser_logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\8\0]
"Script"=\\Mgc02\NETLOGON\amos_logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\9\0]
"Script"=\\Mgc04\NETLOGON\logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-500\Scripts\Logon\0\0]
"Script"=\\mgc.no\sysvol\mgc.no\scripts\mgcbgologin.cmd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
"QCTRAY"=C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"ControlCenter"="C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-04-10 19:36:01 ------------
Extra.txt
------------------------------------------------------------------------------------------------------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® M processor 2.00GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 510.42 MiB / 134.75 MiB
Pagefile Memory (total/avail): 1244.72 MiB / 704.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1899.25 MiB
C: is Fixed (NTFS) - 70.58 GiB total, 49.54 GiB free.
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - HTS541080G9AT00 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 70.58 GiB - C:
\PARTITION1 - Unknown - 3.95 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: AVG 7.5.519 v7.5.519 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\sbl2medic\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MGC-220
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\sbl2medic
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\MGC-220
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\Downloaded Program Files;C:\IBMTOOLS\Python22;C:\Program Files\Common Files\Lenovo;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONCASEOK=1
PYTHONPATH=C:\IBMTOOLS\utils\support;C:\IBMTOOLS\utils\logger
RRU=C:\Program Files\IBM\IBM Rapid Restore Ultra\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TCL_LIBRARY=C:\IBMTOOLS\Python22\tcl\tcl8.4
TEMP=C:\DOCUME~1\SBL2ME~1\LOCALS~1\Temp
TK_LIBRARY=C:\IBMTOOLS\Python22\tcl\tk8.4
TMP=C:\DOCUME~1\SBL2ME~1\LOCALS~1\Temp
TVT=C:\Program Files\Lenovo
USERDOMAIN=MGC-220
USERNAME=sbl2medic
USERPROFILE=C:\Documents and Settings\sbl2medic
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
rduus
(admin)administrator.MGC
(new local, admin, net ready)om
(new local, admin, net ready)hseadvisor
(admin)administrator.SBL-02
(admin)Admin
(admin)sbl2medic
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Access IBM --> MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Access IBM Message Center --> MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0.9 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000002}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7541
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
ccc-Branding --> MsiExec.exe /I{7379FDD1-D0ED-4FF2-B168-E246772E731E}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 4.7.00.0533 --> MsiExec.exe /X{00CD55D6-EE5A-4570-9875-8A306628C032}
HijackThis 2.0.2 --> "C:\Documents and Settings\sbl2medic\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
IBM Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IIBM0559K.INF -ISFG
IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Rescue and Recovery with Rapid Restore --> MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" UNINSTALL
IBM ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
IBM TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Lotus Notes 6.5.4 --> MsiExec.exe /I{1AAE3976-3167-4BDF-B785-00E19C6671A3}
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Reference Library 2005 --> MsiExec.exe /I{05410141-64A6-4248-A026-9745C1E9E159}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.13) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5.0.14 (en-US)"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
PDFCreator --> MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Integrated Bluetooth IV Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad SATA Power Management Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
-- Application Event Log -------------------------------------------------------
Event Record #/Type23632 / Error
Event Submitted/Written: 04/10/2008 07:29:05 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type23628 / Warning
Event Submitted/Written: 04/10/2008 07:28:21 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Event Record #/Type23623 / Error
Event Submitted/Written: 04/10/2008 07:28:05 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type23621 / Error
Event Submitted/Written: 04/10/2008 03:33:36 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type23617 / Error
Event Submitted/Written: 04/10/2008 06:33:41 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type47148 / Warning
Event Submitted/Written: 04/10/2008 07:29:00 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/ns1.bkkb.no. No authentication protocol was available.
Event Record #/Type47147 / Warning
Event Submitted/Written: 04/10/2008 07:29:00 PM
Event ID/Source: 8192 / LSASRV
Event Description:
The Security System detected an attempted downgrade attack for
server DNS/ns1.bkkb.no. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
Event Record #/Type47137 / Error
Event Submitted/Written: 04/10/2008 07:28:26 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Event Record #/Type47136 / Warning
Event Submitted/Written: 04/10/2008 07:28:26 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.
Event Record #/Type47135 / Error
Event Submitted/Written: 04/10/2008 07:28:25 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
-- End of Deckard's System Scanner: finished at 2008-04-10 19:36:01 ------------