Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Major CoolWWWSearch Problem


  • This topic is locked This topic is locked

#1
sensai

sensai

    New Member

  • Member
  • Pip
  • 7 posts
I have a client that has the CoolWWWSearch problem from [bleep]. After running Spybot Search and Destroy scan these are the infection entries that come up:

Smitfraud-C 16 entries
ClientMan- 2 entries
CoolWWWSearch- 8 entries
CoolWWWSearch.0800k- 3 entries
CoolWWWSearch.Aff.ledll 2 entries
CoolWWWSearch.aff.Winshow 4 entries
CoolWWWSearch.BlowSearch entries
CoolWWWSearch.Bootconf--1 entries
CoolWWWSearch.Dreplace-- 2 entries
CoolWWWSearch.Gonnasearch 6 entries
CoolWWWSearch.Leftovers 5 entries
CoolWWWSearch.SmartSearch 5 entries
CoolWWWSearch.Svcinit 1 entries
CoolWWWSearch.Yexe 1 entries
Smitfraud-C.gp

I have tried booting into Safemode and running SpyBot, HijackThis with the fix options on quite a few of the BHO no name files and they still come back. This is a corporate machine so when i do boot into Safe Mode i have to enable networking or i will not be able to log into the machine. I have also tried cwshredder and those files are still there. Im thinking there is a rootkit somewhere that keeps re-installing the program Any help from you guys will be very appreciated. Here is the HijackThis logfile. Also please not that due to this infection i am unable to run any type of online virus scan, although i do hvae a corporate version of nortorn installed on the system if fails to detect and remove this infection.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:04 AM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.intran...om/indexbar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.intran...w.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dowhome.intranet.dow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.intran...w.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dowhome.intranet.dow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.intran...w.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=inet3.nam.dow.com:80;gopher=inet3.nam.dow.com:80;http=inet3.nam.dow.com:80;h
ttps=inet3.nam.dow.com:443
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Progra~1\Symantec\Symant~1\VPTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [RunWCW] C:\dowwapps\login\dwalogin.vbs
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [Synchronization Configuration] C:\Dowwapps\scripts\Config_Mobsync_Run.vbs
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WDS] "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\RunOnce: [Synchronization Configuration] C:\dowwapps\scripts\config_mobsync_runonce.vbs
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: www.dow.com
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://usntiroom99/c...ptX/ScriptX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\Software\..\Telephony: DomainName = dow.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBC3989D-84FC-4F46-A46B-53BE1A90CA49}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\MIP\AgentSrv.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\DefWatch.exe
O23 - Service: DWSService - The Dow Chemical Company - c:\dowwapps\dwsservice\dwsservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: OracleORAHOME90ClientCache - Unknown owner - C:\ORACLE\ORA90\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: HP Enterprise Discovery Agent (prgnDiscAgent) - Unknown owner - c:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Progra~1\Symantec\Symant~1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - http://marketing.int...dcastSlides.ppt

Edited by sensai, 18 May 2008 - 09:54 AM.

  • 0

Advertisements


#2
sensai

sensai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
here is a copy of rkfiles that i ran also


PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES,
THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF
YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\agremove.exe: UPX!
C:\WINDOWS\system32\agremove.exe: SAUPX!
C:\WINDOWS\system32\diagdll.dll: UPX!
C:\WINDOWS\system32\identprv.dll: UPX!
C:\WINDOWS\system32\wceprv.dll: UPX!
C:\WINDOWS\system32\xwusuhzh.exe: UPX!
C:\WINDOWS\system32\Co2c40en.dll: dwProvSpec2
C:\WINDOWS\system32\dfrg.msc:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
Finished
bye
  • 0

#3
sensai

sensai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is another hijackthis log with the Generate Startuplist log buttons selected ( the two text boxes next to generate startuplist log when you click on misc tools)






StartupList report, 5/18/2008, 11:45:33 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\xwusuhzh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\ng34561\Start Menu\Programs\Startup]
BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In
Motion\BlackBerry\Redirector.exe
Desktop Manager.lnk = C:\Program Files\Research In
Motion\BlackBerry\DesktopMgr.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = C:\Progra~1\Symantec\Symant~1\VPTray.exe
TPHOTKEY = C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
TPTRAY = C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
LPManager = C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
TP4EX = tp4ex.exe
RunWCW = C:\dowwapps\login\dwalogin.vbs
DIRECT! = C:\Program Files\Courion Corporation\Identity Management
Suite DIRECT!\direct.exe
TLogonPath = "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
PWRMGRTR = rundll32
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
BLOG = rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
TPKBDLED = C:\WINDOWS\system32\TpScrLk.exe
EZEJMNAP = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
TpShocks = TpShocks.exe
Synchronization Configuration =
C:\Dowwapps\scripts\Config_Mobsync_Run.vbs
PSQLLauncher = "C:\Program Files\ThinkVantage Fingerprint
Software\launcher.exe" /startup
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
WDS = "C:\Program Files\Windows Desktop Search\WindowsSearch.exe"
/startup
EPSON Stylus Photo R320 Series =
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002"
/M "Stylus Photo R320"
RoxWatchTray = "C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxWatchTray9.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

Synchronization Configuration =
C:\dowwapps\scripts\config_mobsync_runonce.vbs

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE
/CALLER:WINNT /user /install /icons

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe
setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB
/CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not
found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not
found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not
found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not
found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not
found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not
found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not
found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\blackster.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - {00110011-4b0b-44d5-9718-90c88817369b}
(no name) - (no file) - {086ae192-23a6-48d6-96ec-715f53797e85}
(no name) - (no file) - {150fa160-130d-451f-b863-b655061432ba}
(no name) - (no file) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}
(no name) - (no file) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}
(no name) - (no file) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
(no name) - (no file) - {2d38a51a-23c9-48a1-a33c-48675aa2b494}
(no name) - (no file) - {2e9caff6-30c7-4208-8807-e79d4ec6f806}
(no name) - (no file) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}
(no name) - (no file) - {5321e378-ffad-4999-8c62-03ca8155f0b3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -
{53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {587dbf2d-9145-4c9e-92c2-1f953da73773}
(no name) - (no file) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
(no name) - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24}
(no name) - (no file) - {799a370d-5993-4887-9df7-0a4756a77d00}
(no name) - (no file) - {98dbbf16-ca43-4c33-be80-99e6694468a4}
(no name) - (no file) - {a55581dc-2cdb-4089-8878-71a080b22342}
(no name) - (no file) - {b847676d-72ac-4393-bfff-43a1eb979352}
(no name) - (no file) - {bc97b254-b2b9-4d40-971d-78e0978f5f26}
(no name) - (no file) - {cf021f40-3e14-23a5-cba2-717765721306}
(no name) - (no file) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c}
(no name) - (no file) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}
(no name) - (no file) - {e7afff2a-1b57-49c7-bf6b-e5123394c970}
(no name) - (no file) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb}
(no name) - (no file) - {fd9bc004-8331-4457-b830-4759ff704c22}
(no name) - (no file) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}

--------------------------------------------------

Enumerating Task Scheduler jobs:

DWS Disk Cleanup.job
DWS Disk Defrag.job
PMTask.job

--------------------------------------------------

Enumerating Download Program Files:

[MeadCo ScriptX]
InProcServer32 = C:\WINDOWS\system32\MCScripX.dll
CODEBASE = http://usntiroom99/c...ptX/ScriptX.cab
OSD = C:\WINDOWS\Downloaded Program Files\ScriptX.osd

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE =
http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Net Firewall Miniport Interface: system32\DRIVERS\abvpn2k.sys (manual
start)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: system32\DRIVERS\ACPIEC.sys
(system)
ADI UAA Function Driver for High Definition Audio Service:
system32\drivers\ADIHdAud.sys (manual start)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
AEAudio Service: system32\drivers\AEAudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys
(manual start)
AEGIS Protocol (IEEE 802.1x) v3.7.5.0: system32\DRIVERS\AegisP.sys
(autostart)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Connected Agent Service: C:\Program Files\MIP\AgentSrv.EXE -asv (manual
start)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe
(manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs
(manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
ASP.NET State Service:
%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual
start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys
(system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
atmeltpm: system32\DRIVERS\atmeltpm.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AGN Virtual Network Adapter: system32\DRIVERS\avpnnic.sys (manual
start)
Background Intelligent Transfer Service:
%SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual
start)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe" (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe" (autostart)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft AC Adapter Driver: system32\DRIVERS\CmBatt.sys (manual start)
CmdIde: system32\DRIVERS\cmdide.sys (system)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys
(system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe
/Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k
DcomLaunch (autostart)
Symantec AntiVirus Definition Watcher:
"C:\Progra~1\Symantec\Symant~1\DefWatch.exe" (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service:
%SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs
(manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual
start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService
(autostart)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys
(manual start)
DWSService: c:\dowwapps\dwsservice\dwsservice.exe (autostart)
Intel® PRO/1000 PCI Express Network Connection Driver:
system32\DRIVERS\e1e5132.sys (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common
Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
EraserUtilRebootDrv: \??\C:\Program Files\Common Files\Symantec
Shared\EENGINE\EraserUtilRebootDrv.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual
start)
Intel® PROSet/Wireless Event Log: C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k
netsvcs (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio:
system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: system32\DRIVERS\hpn.sys (system)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual
start)
Print Class Driver for IEEE-1284.4 HPZipr12:
system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12:
system32\DRIVERS\HPZius12.sys (manual start)
HSF_DPV: system32\DRIVERS\hsx_dpv.sys (manual start)
HSXHWAZL: system32\DRIVERS\hsxhwazl.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual
start)
i2omp: system32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver:
system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
Intel AHCI Controller: System32\Drivers\iaStor.sys (system)
IBMPMDRV: system32\DRIVERS\ibmpmdrv.sys (manual start)
ThinkPad PM Service: %SystemRoot%\system32\ibmpmsvc.exe (autostart)
InstallDriver Table Manager: "C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual
start)
ini910u: system32\DRIVERS\ini910u.sys (system)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual
start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IrDA Protocol: system32\DRIVERS\irda.sys (autostart)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
Infrared Monitor: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual
start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k
LocalService (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE" (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe
(manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe
(manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual
start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual
start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys
(manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys
(manual start)
NAVENG:
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080517.002\naveng.sys (manual start)
NAVEX15:
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080517.002\navex15.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual
start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual
start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network Configuration Service: C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
(autostart)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (autostart)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs
(manual start)
Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit:
system32\DRIVERS\NETw3x32.sys (manual start)
Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit:
system32\DRIVERS\NETw4x32.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k
netsvcs (manual start)
NSC Infrared Device Driver: system32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe
(manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual
start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual
start)
OracleORAHOME90ClientCache: C:\ORACLE\ORA90\BIN\ONRSD.EXE (manual
start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft
Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
HP Enterprise Discovery Agent: "c:\Program
Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe" (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual
start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys
(system)
Remote Access Auto Connection Manager:
%SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (IrDA): system32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k
netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual
start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys
(manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe
(manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys
(system)
Intel® PROSet/Wireless Registry Service: C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs
(disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService
(autostart)
BlackBerry Smartphone: System32\Drivers\RimUsb.sys (manual start)
RIM Virtual Serial Port v2: system32\DRIVERS\RimSerial.sys (manual
start)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual
start)
Roxio UPnP Renderer 9: "C:\Program Files\Roxio\Digital Home
9\RoxioUPnPRenderer9.exe" (manual start)
Roxio Upnp Server 9: "C:\Program Files\Roxio\Digital Home
9\RoxioUpnpService9.exe" (autostart)
LiveShare P2P Server 9: "C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxLiveShare9.exe" (autostart)
RoxMediaDB9: "C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe" (manual start)
Roxio Hard Drive Watcher 9: "C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxWatch9.exe" (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe
(manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss
(autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Intel® PROSet/Wireless Service: C:\Program
Files\Intel\Wireless\Bin\S24EvMon.exe (autostart)
WLAN Transport: system32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRoam: "C:\Progra~1\Symantec\Symant~1\SavRoam.exe" (manual start)
SAVRT: \??\C:\Progra~1\Symantec\Symant~1\savrt.sys (system)
SAVRTPEL: \??\C:\Progra~1\Symantec\Symant~1\Savrtpel.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS):
%SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)
Smapint: System32\drivers\Smapint.sys (system)
SMI helper driver: \??\C:\Program Files\ThinkVantage Fingerprint
Software\smihlp.sys (autostart)
Symantec Network Drivers Service: "C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe" (manual start)
Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS
(manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCDrv.sys (system)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe" (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual
start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k
LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k
imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys
(manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe
/Processid:{72069E0B-900D-4695-B0E1-162FDEDDD68D} (manual start)
Symantec AntiVirus: "C:\Progra~1\Symantec\Symant~1\Rtvscan.exe"
(autostart)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
SymEvent: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys
(manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual
start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TB2 Remote Control Driver: NetopiaRC\Tb2Device.sys (system)
Tb2 Launch: "C:\Program Files\Timbuktu Pro\tb2launch.exe" (autostart)
TB2 Remote Control Mirror Driver: NetopiaRC\Tb2MirrorSys.sys (system)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
TC USB Kernel Driver: System32\Drivers\tcusb.sys (manual start)
TDSMAPI: System32\drivers\TDSMAPI.SYS (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual
start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (manual start)
TosIde: system32\DRIVERS\toside.sys (system)
ThinkPad HDD APS Logging Service: System32\TPHDEXLG.EXE (autostart)
TPPWRIF: System32\drivers\Tppwrif.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k
netsvcs (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe
(autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe
-k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual
start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys
(manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver:
system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual
start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual
start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver:
system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Viewpoint Manager Service: "C:\Program
Files\Viewpoint\Common\ViewpointService.exe" (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Intel® PRO/Wireless 3945ABG Adapter Driver:
system32\DRIVERS\w39n51.sys (manual start)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver:
system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService
(autostart)
winachsf: system32\DRIVERS\hsx_cnxt.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe
-k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect
2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe
-k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions:
%SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual
start)
WpdUsb: System32\Drivers\wpdusb.sys (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment:
\SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs
(disabled)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k
netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k
netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 41,140 bytes
Report generated in 0.140 seconds
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello sensai

Welcome to G2Go. :)

I have a client

Can you explain?
Are you working for a Computer shop?
IF so then we cannot help you it is against our terms of use policy.
See here > http://www.geekstogo...boardrules.html

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.


  • 0

#5
sensai

sensai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hello sensai

Welcome to G2Go. :)

I have a client

Can you explain?
Are you working for a Computer shop?
IF so then we cannot help you it is against our terms of use policy.
See here > http://www.geekstogo...boardrules.html

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.



Ah, well let me clear some things up for you. I do not work for any computer compnay and I'm not doing this for profit. I said client because i was refering to a co-worker of mine. She is not paying me anything, i just used the wrong word, Sorry. Hope this clears things up. If you have any other questions please feel free to ask. I hope this dosen't hamper people chippin in willing to help because this is not for any compnay or any profit.


Sensai

Edited by sensai, 18 May 2008 - 05:20 PM.

  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No but some people that do work for profit try to exploit free services that is why it is our policy to help Home users not those working for profit.
============================================================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#7
sensai

sensai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the Extra.txt log file


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
CPU 1: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1014.36 MiB / 387.63 MiB
Pagefile Memory (total/avail): 2438.63 MiB / 1883.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.97 MiB

C: is Fixed (NTFS) - 55.89 GiB total, 39.14 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)
X: is Network (Unformatted)
Y: is Network (Unformatted)
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - HTS541060G9SA00 - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.89 GiB - C:

\\.\PHYSICALDRIVE1 - USB DISK 2.0 USB Device - 1961.06 MiB - 1 partition
\PARTITION0 - Win95 w/Extended Int 13 - 1967.98 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Timbuktu Pro\\tb2pro.exe"="C:\\Program Files\\Timbuktu Pro\\tb2pro.exe:*:Enabled:Timbuktu Pro"
"C:\\Program Files\\Timbuktu Pro\\MiniTB2.exe"="C:\\Program Files\\Timbuktu Pro\\MiniTB2.exe:*:Enabled:MiniTB2"
"C:\\Program Files\\Timbuktu Pro\\TB2Scan.exe"="C:\\Program Files\\Timbuktu Pro\\TB2Scan.exe:*:Enabled:Timbuktu Pro Scanner"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communicator"
"C:\\Program Files\\Hewlett-Packard\\Discovery Agent\\bin32\\discagnt.exe"="C:\\Program Files\\Hewlett-Packard\\Discovery Agent\\bin32\\discagnt.exe:*:Enabled:Peregrine Discovery Agent"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Peregrine\\Discovery Agent\\bin32\\discagnt.exe"="C:\\Program Files\\Peregrine\\Discovery Agent\\bin32\\discagnt.exe:*:Enabled:Peregrine Discovery Agent"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ng34561\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WXP1952L3BG561
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ng34561
HOMESHARE=\\usmdlsdowf101\ng34561$
LOGONSERVER=\\USMDLDDOWD020
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\ThinkPad\Utilities;C:\ORACLE\ORA90\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\DOWWAPPS\UPDATES\WMP\;C:\DOWWAPPS\LENOVOUTILITIES\HOTKEY;C:\DOWWAPPS\LENOVOUTILITIES\UTILITY;C:\DOWWAPPS\LENOVOUTILITIES\UNAV;C:\DOWWAPPS\LENOVOUTILITIES\UNAVWIZ;C:\DOWWAPPS\LENOVOUTILITIES\PRDCTR;C:\DOWWAPPS\LENOVOUTILITIES\TP4ACCS;C:\DOWWAPPS\LENOVOUTILITIES\WINDVD;C:\Program Files\Intel\Wireless\Bin\;C:\DOWWAPPS\DRIVERS\WIRELESS\ALLINTEL;C:\DOWWAPPS\LENOVOUTILITIES\POWERMANAGER;C:\DOWWAPPS\LENOVOUTILITIES\KBDLED;C:\DOWWAPPS\LENOVOUTILITIES\EASYEJECT;C:\DOWWAPPS\LENOVOUTILITIES\HPROTECT;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\DOWWAPPS\LENOVOUTILITIES\WIRELESS\LATESTWIRELESS;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ng34561\LOCALS~1\Temp
TMP=C:\DOCUME~1\ng34561\LOCALS~1\Temp
USERDNSDOMAIN=DOW.COM
USERDOMAIN=DOW
USERNAME=NG34561
USERPROFILE=C:\Documents and Settings\ng34561
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

ng34561 (admin)

dwsadmin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB894686$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB895948$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB896613$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB903250$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
--> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
--> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB883517$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB883523$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB884573$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB884868$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB885843$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB889315$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
--> C:\WINDOWS\$NtUninstallKB892087$\spuninst\spuninst.exe
--> MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
--> MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
--> MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
--> MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
--> MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
--> MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> wscript.exe c:\dowwapps\scripts\apclient.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs \\MASMS1\DOWW500\SELF-HELP\SELF-HELP.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs core \CONNMGR\INSTALL_CONNMGR.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \DIRECT\INSTALL_DIRECT.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \DOWNET_TOOLS\INSTALL_DOWNET_TOOLS.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \dowwapps\install_DWSService.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \DOWWAPPS\INSTALL_SUPTOOLS.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \DWSBACKUP\Install_DWSBACKUP.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \DWSINFO\INSTALL_DWSINFO.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \FONTS\INSTALL_FONTS.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \LICENSESA\INSTALL_LICENSESA.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \OFFICE\DOCUMENTPROPERTIESREPORTING\INSTALL_DOCUMENTPROPERTIESREPORTING.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \Office\DocumentPropertiesSelection\Install_DPS.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs core \Office\Installs\install_FrontPage.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs core \Office\Installs\Install_FrontPage.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs core \OFFICE\INSTALLS\INSTALL_OFFICEWEBCOMPONENTS.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \PSM\INSTALL_PSM.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \RemoteAccess2\Install_RemoteAccess.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \SHOCKWAVE\SHOCKWAVE.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \TRAINING\INSTALL_TRAININGFRAMEWORK.VBS REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \wcw\install_wcw.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \WDS\Install_WDS.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs globeshelf4 \ScansoftPDF\ScansoftPDF.vbs REMOVE
--> wscript.exe c:\dowwapps\scripts\apclient.vbs Globeshelf4 \VOIP_TRAINER\VOIP_Trainer.vbs REMOVE
.NET Framework Machine Code Access Security Policy --> MsiExec.exe /I{4E61023A-5913-446E-801F-776F066486AC}
.NET Framework Machine Code Access Security Policy --> MsiExec.exe /I{638680C7-2686-4668-8ED1-DBED812EE001}
Actuate End User Desktop --> wscript.exe c:\dowwapps\scripts\apclient.vbs globeshelf4 \Actuate\Actuate.vbs REMOVE
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player 9 ActiveX --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \FLASH\INSTALL_FLASH.VBS REMOVE
Adobe Reader 7.0.7 --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \ADOBEREADER\ADOBEREADER.VBS REMOVE
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Amazon MP3 Downloader 1.0.3 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AT&T Global Network Client --> C:\Program Files\AT&T Global Network Client\NetUN.exe
Avery Wizard 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{5EC9AD36-5167-470E-B0F9-CB3EA12F442E}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{C178B38F-613A-4EFE-B718-A675BD27A1E1}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{C178B38F-613A-4EFE-B718-A675BD27A1E1}
CC --> MsiExec.exe /I{08C902E7-F2C8-4AFC-8F4D-53F741CCBCB5}
Clarify eFrontOffice Client for MSSQL --> wscript.exe c:\dowwapps\scripts\apclient.vbs globeshelf4 \Clarify\Install_Clarify.vbs REMOVE
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Spcron\"" /f
Crstlv5 --> MsiExec.exe /I{B4804FC4-20DE-41A8-8158-8DB0DA1810AA}
Desktop Agent --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\MotiveAgent.inf,DefaultUninstall
Document_PropertiesSetup --> MsiExec.exe /I{7FF1F3E6-E1F3-47FF-9D77-DD5E7CEECCF1}
Dow - The Human Element Screen Saver --> C:\WINDOWS\system32\Dow - The Human Element.scr /u
Dow Human Element Screen Saver --> C:\WINDOWS\system32\Dow Human Element.scr /u
DV2T --> MsiExec.exe /I{825107E5-8931-44CD-B8C3-BCD98C94BAA6}
DVComAu --> wscript.exe c:\dowwapps\scripts\apclient.vbs REMOVE
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALL
GoToMeeting/GoToWebinar 3.0.0.190 --> C:\Program Files\Citrix\GoToMeeting\190\G2MUninstall.exe /uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Driver Diagnostics --> MsiExec.exe /I{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Enterprise Discovery Agent (x86) 2.50.000.7199 --> MsiExec.exe /X{B7643B11-A60E-4A33-A465-263FEB32113A}
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\setup\hpzscr01.exe" -datfile hposcr05.dat
Identity Management Suite DIRECT! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{332C4D4B-E595-405D-9C32-26AC38464BC3}\setup.exe"
iGrafx 2005 --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \iGrafx\Install_iGrafxPackage2005.vbs REMOVE
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 7 --> wscript.exe c:\dowwapps\scripts\apclient.vbs \\masms1\doww500\dwsenv\JavaVM\SunJava\install_SunJavaRunTime.vbs REMOVE
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \LENOVOUTILITIES\WIRELESS\LATESTWIRELESS\INSTALL_WIRELESSDRIVER.VBS REMOVE
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Communicator 2005 --> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \IMClient\Install_Communicator.vbs Remove
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{5E8858EC-6B09-4939-99F2-5678073A0327}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Standard 2003 --> MsiExec.exe /I{90530409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English) --> wscript.exe c:\dowwapps\scripts\apclient.vbs core \VISIOVIEWER\VWC11.VBS REMOVE
Microsoft Office XP Media Content --> wscript.exe c:\dowwapps\scripts\apclient.vbs core \OFFICE\INSTALLS\INSTALL_OFFICEMEDIACONTENT_NET.VBS REMOVE
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\ng34561\Application Data\Move Networks\ie_bin\Uninst.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
QuickTime --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \APPLEQUICKTIME\APPLEQUICKTIME.VBS REMOVE
Remove Hidden Data Tool --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \Office\RHDtool\install_RHD.vbs REMOVE
Roxio Media Manager --> MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
RSA ACE/Agent Browser Plugins --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\SDPlugin.isu -cC:\WINDOWS\system32\sdplunin.dll
RSA SecurID Software Token --> C:\Program Files\SecurID Software Token\Setup.exe
ScanSoft PDF Create! 4 --> MsiExec.exe /I{4FCFDFB5-917B-4D29-87B6-0A88928A9136}
Scroll Lock Indicator Utility --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \LENOVOUTILITIES\KBDLED\INSTALL_KBDLED.VBS REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Siebel Mobile Client --> wscript.exe c:\dowwapps\scripts\apclient.vbs MS_Shelf4 D:\installimage\MobileClient.vbs REMOVE
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
sscc --> MsiExec.exe /I{170AE8C3-4693-4886-B523-2246EC49CC9F}
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Symantec Antivirus Client --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \SAVCE\INSTALL_SAV.VBS REMOVE
ThinkPad Configuration --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \\masms1\wXP_Kit$\Misc\ThinkpadConfiguration\Install_Utility.vbs REMOVE
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\setup.exe" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE -U -ITkp0588p.inf
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 H:\~Tools\OS_Patches\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \LENOVOUTILITIES\POWERMANAGER\INSTALL_POWERMANAGER.VBS REMOVE
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Wizard --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \LenovoUtilities\UNAVWIZ\Install_UNAVWIZ.vbs REMOVE
ThinkVantage Active Protection System --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \LENOVOUTILITIES\HPROTECT\INSTALL_HPROTECT.VBS REMOVE
ThinkVantage Fingerprint Software 5.5 --> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \FingerPrintReader\FingerPrintReader.vbs REMOVE
ThinkVantage Productivity Center --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \LenovoUtilities\PRDCTR\Install_PRDCTR.vbs REMOVE
Timbuktu Pro --> wscript.exe c:\dowwapps\scripts\apclient.vbs CORE \TIMBUKTU\INSTALL_TIMBUKTU.VBS REMOVE
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\setup.exe"
VB3 --> MsiExec.exe /I{228A1349-AD3F-4710-958B-971BD4049377}
VB4 --> MsiExec.exe /I{35D08DB9-28EE-4AF9-9110-0E6CC431B2B7}
VB5 --> MsiExec.exe /I{564DB682-A8D5-451A-85DA-60697A917AE8}
VB6 --> MsiExec.exe /I{236CA0F8-C9A0-4EDA-B49E-6DFFA9A29DDC}
VC4 --> MsiExec.exe /I{A7795931-C2EE-4AB7-9AB7-5281DA890542}
VC5 --> MsiExec.exe /I{5340A8E7-7463-4353-AD6C-F6CA394DF377}
VC6 --> MsiExec.exe /I{9C65AB34-5A68-4563-86B5-1EDE5C20A173}
VCICC --> MsiExec.exe /I{5F6DF298-11C0-4A2F-A887-2B14CEB9331E}
ViewMail for Outlook 4.2(2) --> wscript.exe c:\dowwapps\scripts\apclient.vbs core \Viewmail\Install_ViewMail.vbs REMOVE
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinZip --> MsiExec.exe /I{4D04BCFF-97F7-436D-A954-EDA624D65694}
WinZip --> wscript.exe c:\dowwapps\scripts\apclient.vbs core \WINZIP\WINZIP.VBS REMOVE
Xerox Services Portal --> wscript.exe c:\dowwapps\scripts\apclient.vbs Core \XEROXPORTALACTIVEX\INSTALL_XEROXPORTALACTIVEX.VBS REMOVE


-- Application Event Log -------------------------------------------------------

Event Record #/Type14003 / Error
Event Submitted/Written: 05/18/2008 07:44:15 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for DOW\NG34561 failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type14001 / Error
Event Submitted/Written: 05/18/2008 04:40:52 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type13999 / Warning
Event Submitted/Written: 05/18/2008 04:40:42 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type13988 / Error
Event Submitted/Written: 05/18/2008 04:40:31 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type13983 / Error
Event Submitted/Written: 05/18/2008 04:27:34 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29704 / Warning
Event Submitted/Written: 05/18/2008 07:44:24 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/MANTDNSI1.dow.com. No authentication protocol was available.

Event Record #/Type29703 / Warning
Event Submitted/Written: 05/18/2008 07:44:24 PM
Event ID/Source: 8192 / LSASRV
Event Description:
The Security System detected an attempted downgrade attack for
server DNS/MANTDNSI1.dow.com. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Event Record #/Type29702 / Error
Event Submitted/Written: 05/18/2008 07:44:22 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event Record #/Type29701 / Warning
Event Submitted/Written: 05/18/2008 07:44:22 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.

Event Record #/Type29700 / Warning
Event Submitted/Written: 05/18/2008 07:44:19 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE74B232. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-05-18 19:51:01 ------------


HERE IS THE MAIN.TXT LOG FILE


Deckard's System Scanner v20071014.68
Run by NG34561 on 2008-05-18 19:45:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as NG34561.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:06 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Progra~1\Symantec\Symant~1\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
c:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
C:\WINDOWS\system32\svchost.exe
C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Timbuktu Pro\TimbuktuRemoteConsole.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\dowwapps\dwsservice\dwsservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\xwusuhzh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Progra~1\Symantec\Symant~1\VPTray.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Timbuktu Pro\TNOTIFY.EXE
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
E:\dss.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\NG34561.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.intran...om/indexbar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.intran...w.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dowhome.intranet.dow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.intran...w.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dowhome.intranet.dow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.intran...w.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=inet3.nam.dow.com:80;gopher=inet3.nam.dow.com:80;http=inet3.nam.dow.com:80;h
ttps=inet3.nam.dow.com:443
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Progra~1\Symantec\Symant~1\VPTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [RunWCW] C:\dowwapps\login\dwalogin.vbs
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [Synchronization Configuration] C:\Dowwapps\scripts\Config_Mobsync_Run.vbs
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WDS] "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\RunOnce: [Synchronization Configuration] C:\dowwapps\scripts\config_mobsync_runonce.vbs
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://usntiroom99/c...ptX/ScriptX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\Software\..\Telephony: DomainName = dow.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBC3989D-84FC-4F46-A46B-53BE1A90CA49}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\MIP\AgentSrv.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\DefWatch.exe
O23 - Service: DWSService - The Dow Chemical Company - c:\dowwapps\dwsservice\dwsservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: OracleORAHOME90ClientCache - Unknown owner - C:\ORACLE\ORA90\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: HP Enterprise Discovery Agent (prgnDiscAgent) - Unknown owner - c:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Progra~1\Symantec\Symant~1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - http://marketing.int...dcastSlides.ppt

--
End of file - 13978 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080518-001210-108 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-001210-201 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-001210-204 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-001210-222 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080518-001210-275 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-001210-282 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\ActiveX\AcroIEHelper.dll (file missing)
backup-20080518-001210-365 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-001210-381 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-001210-420 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080518-001210-457 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-001210-488 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080518-001210-495 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080518-001210-506 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-001210-644 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-001210-705 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-001210-738 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-001210-752 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-001210-755 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-001210-865 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-001210-866 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-001210-873 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-001210-909 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-001210-915 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-001210-922 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-001210-930 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-001210-947 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080518-003901-103 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-003901-118 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080518-003901-124 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-003901-154 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-003901-182 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-003901-186 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080518-003901-244 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-003901-302 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-003901-310 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-003901-331 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
backup-20080518-003901-375 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-003901-381 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-003901-470 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080518-003901-488 O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
backup-20080518-003901-534 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-003901-575 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-003901-616 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080518-003901-650 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-003901-682 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-003901-689 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080518-003901-705 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-003901-797 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-003901-883 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-003901-892 O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll
backup-20080518-003901-900 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-003901-915 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-003901-949 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-003901-975 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-0055

Edited by sensai, 18 May 2008 - 06:07 PM.

  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi some of the Main.txt was cut off can you post the main.txt again?
  • 0

#9
sensai

sensai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
HERE IS THE MAIN.TXT AGAIN


Deckard's System Scanner v20071014.68
Run by NG34561 on 2008-05-18 19:45:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as NG34561.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:06 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Progra~1\Symantec\Symant~1\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
c:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
C:\WINDOWS\system32\svchost.exe
C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Timbuktu Pro\TimbuktuRemoteConsole.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\dowwapps\dwsservice\dwsservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\xwusuhzh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Progra~1\Symantec\Symant~1\VPTray.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Timbuktu Pro\TNOTIFY.EXE
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
E:\dss.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\NG34561.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.intran...om/indexbar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.intran...w.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dowhome.intranet.dow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.intran...w.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dowhome.intranet.dow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.intran...w.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=inet3.nam.dow.com:80;gopher=inet3.nam.dow.com:80;http=inet3.nam.dow.com:80;h
ttps=inet3.nam.dow.com:443
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Progra~1\Symantec\Symant~1\VPTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [RunWCW] C:\dowwapps\login\dwalogin.vbs
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [Synchronization Configuration] C:\Dowwapps\scripts\Config_Mobsync_Run.vbs
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WDS] "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\RunOnce: [Synchronization Configuration] C:\dowwapps\scripts\config_mobsync_runonce.vbs
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://usntiroom99/c...ptX/ScriptX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\Software\..\Telephony: DomainName = dow.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBC3989D-84FC-4F46-A46B-53BE1A90CA49}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow
.com,afr.dow.com,sct.ucarb.com
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\MIP\AgentSrv.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\DefWatch.exe
O23 - Service: DWSService - The Dow Chemical Company - c:\dowwapps\dwsservice\dwsservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: OracleORAHOME90ClientCache - Unknown owner - C:\ORACLE\ORA90\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: HP Enterprise Discovery Agent (prgnDiscAgent) - Unknown owner - c:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Progra~1\Symantec\Symant~1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - http://marketing.int...dcastSlides.ppt

--
End of file - 13978 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080518-001210-108 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-001210-201 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-001210-204 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-001210-222 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080518-001210-275 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-001210-282 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\ActiveX\AcroIEHelper.dll (file missing)
backup-20080518-001210-365 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-001210-381 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-001210-420 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080518-001210-457 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-001210-488 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080518-001210-495 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080518-001210-506 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-001210-644 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-001210-705 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-001210-738 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-001210-752 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-001210-755 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-001210-865 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-001210-866 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-001210-873 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-001210-909 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-001210-915 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-001210-922 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-001210-930 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-001210-947 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080518-003901-103 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-003901-118 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080518-003901-124 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-003901-154 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-003901-182 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-003901-186 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080518-003901-244 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-003901-302 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-003901-310 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-003901-331 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
backup-20080518-003901-375 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-003901-381 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-003901-470 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080518-003901-488 O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
backup-20080518-003901-534 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-003901-575 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-003901-616 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080518-003901-650 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-003901-682 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-003901-689 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080518-003901-705 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-003901-797 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-003901-883 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-003901-892 O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll
backup-20080518-003901-900 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-003901-915 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-003901-949 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-003901-975 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-005540-799 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-005540-882 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-080104-124 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-080104-171 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080518-080104-284 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-080104-321 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-080104-348 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-080104-366 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-080104-387 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-080104-427 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-080104-434 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-080104-487 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-080104-519 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-080104-551 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-080104-619 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-080104-641 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-080104-655 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080518-080104-679 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-080104-686 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-080104-694 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080518-080104-729 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-080104-772 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-080104-818 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-080104-821 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-080104-914 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-080104-925 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080518-080104-950 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080518-103153-102 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-103153-136 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-103153-151 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080518-103153-158 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-103153-196 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-103153-203 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-103153-211 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080518-103153-244 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-103153-246 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-103153-335 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-103153-380 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-103153-534 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-103153-641 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080518-103153-688 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-103153-801 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-103153-803 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-103153-849 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-103153-882 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-103153-883 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-103153-906 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-103153-951 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-103154-426 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080518-103154-693 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-103154-847 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-103154-988 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080518-144756-137 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-144756-167 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080518-144756-173 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-144756-187 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-144756-217 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-144756-315 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-144756-317 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080518-144756-321 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
backup-20080518-144756-372 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-144756-415 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-144756-421 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
backup-20080518-144756-442 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080518-144756-480 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-144756-496 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-144756-646 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-144756-658 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-144756-671 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-144756-677 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-144756-730 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-144756-747 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-144756-753 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080518-144756-758 O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
backup-20080518-144756-822 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,
backup-20080518-144756-838 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-144756-910 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-144756-917 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-144756-925 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-144756-946 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-144756-971 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080518-150424-134 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-150424-142 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-150424-345 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-150424-455 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-150424-472 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-150424-692 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-150424-751 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-150424-773 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-150424-881 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-150424-906 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-150424-925 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080518-150425-189 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-150425-424 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-150425-438 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-150425-466 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-150425-601 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-150425-605 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-150425-731 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-150425-733 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-150425-763 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-150425-804 O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
backup-20080518-150425-827 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-150425-920 O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
backup-20080518-163744-120 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-163744-137 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-163744-143 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-163744-154 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-163744-189 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-163744-199 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-163744-301 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-163744-353 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-163744-374 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-163744-391 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080518-163744-412 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-163744-419 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080518-163744-455 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080518-163744-466 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080518-163744-468 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-163744-596 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080518-163744-654 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-163744-697 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-163744-843 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-163744-880 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-163744-887 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-163744-896 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080518-163744-928 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-163744-947 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-163744-979 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-163802-154 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080518-163802-244 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080518-163802-289 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080518-163802-317 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080518-163802-319 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080518-163802-456 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080518-163802-469 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080518-163802-499 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080518-163802-530 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080518-163802-588 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080518-163802-689 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080518-163802-817 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080518-163802-877 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080518-163822-228 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080518-163822-352 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080518-163822-380 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080518-163822-402 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080518-163822-412 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080518-163822-499 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080518-163822-619 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080518-163822-651 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080518-163822-822 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080518-163822-900 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080518-163822-928 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080518-163822-932 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 Tb2Device (TB2 Remote Control Driver) - c:\windows\netopiarc\tb2device.sys
R1 Tb2MirrorSys (TB2 Remote Control Mirror Driver) - c:\windows\netopiarc\tb2mirrorsys.sys <Not Verified; Netopia, Inc.; Netopia Remote Control>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R2 smihlp (SMI helper driver) - c:\program files\thinkvantage fingerprint software\smihlp.sys <Not Verified; UPEK Inc.; ThinkVantage Fingerprint Software>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DWSService - c:\dowwapps\dwsservice\dwsservice.exe <Not Verified; The Dow Chemical Company; Dow Workstation>
R2 NetCfgSvr (Network Configuration Service) - c:\progra~1\at&tgl~1\netcfgsv.exe <Not Verified; AT&T; NetCfgSvr Module>
R2 prgnDiscAgent (HP Enterprise Discovery Agent) - "c:\program files\hewlett-packard\discovery agent\bin32\discagnt.exe"
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 Tb2Launch (Tb2 Launch) - "c:\program files\timbuktu pro\tb2launch.exe" <Not Verified; Netopia, Inc.; Timbuktu Pro for Windows>
R2 TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 AgentSrv (Connected Agent Service) - c:\program files\mip\agentsrv.exe -asv <Not Verified; Connected Corporation; Connected DataProtector>
S3 OracleORAHOME90ClientCache - c:\oracle\ora90\bin\onrsd.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AGN Virtual Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: AT&T
Name: AGN Virtual Network Adapter
PNP Device ID: ROOT\NET\0000
Service: avpnnic


-- Scheduled Tasks -------------------------------------------------------------

2008-05-18 19:44:33 304 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-05-14 05:41:10 254 --a------ C:\WINDOWS\Tasks\DWS Disk Defrag.job
2008-04-02 05:11:57 272 --a------ C:\WINDOWS\Tasks\DWS Disk Cleanup.job


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 19:44:44 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-18 19:44:22 19456 --a------ C:\WINDOWS\sistem.exe
2008-05-18 19:44:21 22272 --a------ C:\WINDOWS\notepad32.exe
2008-05-18 19:44:21 8960 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-18 19:44:21 17920 --a------ C:\WINDOWS\iexplorer.exe
2008-05-18 19:44:20 10752 --a------ C:\WINDOWS\explore.exe
2008-05-18 19:44:20 30464 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-18 19:44:19 19712 --a------ C:\WINDOWS\avpcc.dll
2008-05-18 15:31:35 28160 --a------ C:\WINDOWS\y.exe
2008-05-18 15:31:34 12544 --a------ C:\WINDOWS\xplugin.dll
2008-05-18 15:31:34 23552 --a------ C:\WINDOWS\x.exe
2008-05-18 15:31:33 24576 --a------ C:\WINDOWS\winmgnt.exe
2008-05-18 15:31:33 16384 --a------ C:\WINDOWS\window.exe
2008-05-18 15:31:33 19456 --a------ C:\WINDOWS\win64.exe
2008-05-18 15:31:32 26368 --a------ C:\WINDOWS\win32e.exe
2008-05-18 15:31:32 18944 --a------ C:\WINDOWS\users32.exe
2008-05-18 15:31:32 25600 --a------ C:\WINDOWS\systemcritical.exe
2008-05-18 15:31:31 22528 --a------ C:\WINDOWS\olehelp.exe
2008-05-18 15:31:30 16384 --a------ C:\WINDOWS\msupdate.exe
2008-05-18 15:31:29 9728 --a------ C:\WINDOWS\mssys.exe
2008-05-18 15:31:29 12544 --a------ C:\WINDOWS\loader.exe
2008-05-18 15:31:29 11776 --a------ C:\WINDOWS\iedll.exe
2008-05-18 10:41:15 9472 --a------ C:\WINDOWS\winajbm.dll
2008-05-18 10:41:14 26880 --a------ C:\WINDOWS\systeem.exe
2008-05-18 10:41:11 11520 --a------ C:\WINDOWS\clrssn.exe
2008-05-18 10:41:10 8704 --a------ C:\WINDOWS\accesss.exe
2008-05-18 00:08:27 0 d-------- C:\Program Files\Trend Micro
2008-05-17 23:35:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-17 22:48:11 0 d-------- C:\WINDOWS\pss
2008-05-17 18:41:38 9472 --a------ C:\WINDOWS\waol.exe
2008-05-17 18:13:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-17 15:53:26 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-17 15:28:25 0 d-------- C:\Program Files\Spcron
2008-05-17 15:23:18 0 d-------- C:\Program Files\Temporary
2008-05-17 15:23:18 0 d-------- C:\Program Files\Svconr
2008-05-17 15:17:21 8448 --a------ C:\WINDOWS\time.exe
2008-05-17 15:17:20 25344 --a------ C:\WINDOWS\svcinit.exe
2008-05-17 15:17:20 22784 --a------ C:\WINDOWS\svchost32.exe
2008-05-17 15:17:20 19712 --a------ C:\WINDOWS\searchword.dll
2008-05-17 15:17:19 20992 --a------ C:\WINDOWS\rundll16.exe
2008-05-17 15:17:19 12544 --a------ C:\WINDOWS\quicken.exe
2008-05-17 15:17:19 20992 --a------ C:\WINDOWS\qttasks.exe
2008-05-17 15:17:18 11520 --a------ C:\WINDOWS\mswsc20.dll
2008-05-17 15:17:18 18944 --a------ C:\WINDOWS\mswsc10.dll
2008-05-17 15:17:17 20224 --a------ C:\WINDOWS\msspi.dll
2008-05-17 15:17:17 12800 --a------ C:\WINDOWS\msconfd.dll
2008-05-17 15:17:16 23552 --a------ C:\WINDOWS\internet.exe
2008-05-17 15:17:16 32512 --a------ C:\WINDOWS\inetinf.exe
2008-05-17 15:17:15 27648 --a------ C:\WINDOWS\helpcvs.exe
2008-05-17 15:17:15 8704 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-17 15:17:14 32256 --a------ C:\WINDOWS\funny.exe
2008-05-17 15:17:14 13824 --a------ C:\WINDOWS\funniest.exe
2008-05-17 15:17:14 12544 --a------ C:\WINDOWS\explorer32.exe
2008-05-17 15:17:13 13312 --a------ C:\WINDOWS\editpad.exe
2008-05-17 15:17:13 9472 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-17 15:17:13 28672 --a------ C:\WINDOWS\directx32.exe
2008-05-17 15:17:12 24832 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-17 15:17:12 14592 --a------ C:\WINDOWS\cpan.dll
2008-05-17 15:07:09 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-17 15:06:40 0 d-------- C:\Program Files\QdrModule
2008-05-17 15:06:15 87513 --a------ C:\WINDOWS\system32\xwusuhzh.exe <Not Verified; Microsoft; XML Media>
2008-05-12 09:05:18 0 d-------- C:\WINDOWS\DowScanFiles
2008-05-04 21:35:47 0 d-------- C:\Documents and Settings\ng34561\Application Data\Amazon
2008-05-04 21:33:34 0 d-------- C:\Program Files\Amazon
2008-05-02 14:19:54 0 d-------- C:\Documents and Settings\ng34561\Application Data\Blackberry Desktop
2008-05-02 14:13:33 0 d-------- C:\Documents and Settings\ng34561\Application Data\Research In Motion
2008-05-02 14:02:43 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-02 14:02:42 0 d-------- C:\Program Files\Roxio
2008-05-02 13:56:33 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-05-02 13:56:24 0 d-------- C:\Program Files\Research In Motion
2008-04-30 10:00:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-04-29 09:20:38 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-04-29 09:19:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-04-28 15:24:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-28 15:24:47 0 d-------- C:\Documents and Settings\ng34561\Application Data\Roxio
2008-04-28 15:17:15 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-28 15:16:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-28 15:13:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-28 15:13:43 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-28 15:02:09 0 d--hs---- C:\WINDOWS\ftpcache


-- Find3M Report ---------------------------------------------------------------

2008-05-18 00:39:03 0 d-------- C:\Program Files\Windows Desktop Search
2008-05-15 14:05:03 0 d-------- C:\Documents and Settings\ng34561\Application Data\PSM
2008-05-13 21:51:41 0 d-------- C:\Program Files\MIP
2008-05-09 10:44:45 0 d-------- C:\Program Files\MSECache
2008-05-07 17:41:33 0 d-------- C:\Program Files\AT&T Global Network Client
2008-05-02 14:02:43 0 d-------- C:\Program Files\Common Files
2008-04-28 15:13:51 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-06 15:31:34 0 d-------- C:\Program Files\EPSON
2008-04-01 13:29:43 0 d-------- C:\Program Files\Avery Wizard 3.1
2008-04-01 13:28:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 13:28:07 0 d-------- C:\Program Files\Common Files\Avery
2008-03-25 15:59:45 0 d-------- C:\Documents and Settings\ng34561\Application Data\Move Networks
2008-03-25 13:54:34 0 d-------- C:\Documents and Settings\ng34561\Application Data\C2C_Systems
2008-03-25 13:44:08 0 d-------- C:\Program Files\Siebel
2008-03-24 10:27:32 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-24 09:57:19 0 d-------- C:\Documents and Settings\ng34561\Application Data\Adobe
2008-03-21 13:29:26 0 d-------- C:\Program Files\Hewlett-Packard
2008-02-26 17:22:51 532480 --a------ C:\WINDOWS\system32\Dow - The Human Element.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 08:11 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2006 02:17 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2006 02:16 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/25/2006 03:21 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/24/2006 06:14 PM]
"vptray"="C:\Progra~1\Symantec\Symant~1\VPTray.exe" [06/15/2006 02:40 AM]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [10/02/2006 11:19 AM]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [10/02/2006 02:55 AM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [01/24/2006 01:03 PM]
"RunWCW"="C:\dowwapps\login\dwalogin.vbs" []
"DIRECT!"="C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe" [04/27/2004 11:09 AM]
"TLogonPath"="C:\Program Files\Timbuktu Pro\Tb2Logon.exe" [11/16/2005 12:10 PM]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [12/07/2005 01:12 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [12/07/2005 01:12 AM]
"TPKBDLED"="C:\WINDOWS\system32\TpScrLk.exe" [10/08/2002 10:28 AM]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [02/24/2006 02:22 AM]
"TpShocks"="TpShocks.exe" [11/07/2005 11:14 AM C:\WINDOWS\system32\TpShocks.exe]
"Synchronization Configuration"="C:\Dowwapps\scripts\Config_Mobsync_Run.vbs" [04/24/2003 03:11 PM]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [03/24/2006 12:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/11/2007 04:56 PM]
"WDS"="C:\Program Files\Windows Desktop Search\WindowsSearch.exe" [03/26/2006 11:44 PM]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [04/26/2004 03:00 AM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 08:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Synchronization Configuration"=C:\dowwapps\scripts\config_mobsync_runonce.vbs

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"

C:\Documents and Settings\ng34561\Start Menu\Programs\Startup\
BlackBerry Desktop Redirector.lnk - C:\Program Files\Research In Motion\BlackBerry\Redirector.exe [11/12/2007 2:22:32 PM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [11/12/2007 2:22:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"HideShutdownScripts"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoRemoteChangeNotify"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [03/13/2006 02:11 PM 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 03/24/2006 12:41 PM 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
C:\Program Files\Timbuktu Pro\Hook32.dll 11/16/2005 12:11 PM 81920 C:\Program Files\Timbuktu Pro\HOOK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/06/2005 12:45 AM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 11/30/2005 09:16 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1060284298-861567501-682003330-754661\Scripts\Logoff\0\0]
"Script"=C:\Program Files\MIP\DWSBACKUP.vbs


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule16]
"C:\Program Files\QdrModule\QdrModule16.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8382 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#11
sensai

sensai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Kahdah, thank you again for all your help on this issue. We decided to swap out the hard drive for a new one because she wanted more space. It's ok for you to close out this case. Although I really wish I could have been able to find where that rootkit was installed at. Again thank you very much for your time and efforts


sensai :)
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok no problem.

You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP