Deckard's System Scanner v20071014.68 Run by Nicola's Shit on 2008-06-29 00:09:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 10: 2008-06-29 04:09:51 UTC - RP232 - Deckard's System Scanner Restore Point 9: 2008-06-28 07:57:18 UTC - RP231 - Microsoft OneCare Protection Checkpoint 8: 2008-06-27 09:47:46 UTC - RP230 - Software Distribution Service 3.0 7: 2008-06-27 09:26:24 UTC - RP229 - Software Distribution Service 3.0 6: 2008-06-27 07:44:24 UTC - RP228 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-06-27 04:24:50 UTC - RP223 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-29 00:11:17 Platform: Windows XP Service Pack 3 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tlntsvr.exe C:\WINDOWS\system32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSvc.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Nicola's Shit\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: (no name) - {2890C98D-5959-4A94-A6C2-C59E85462152} - (no file) O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file) O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Student\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1211207009593 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192929343828 O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: ACNotify - C:\WINDOWS\system32\ACNotify.dll (file missing) O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- End of file - 9699 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR] [COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR] [COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR] [COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 Shockprf - c:\windows\system32\drivers\shockprf.sys R1 ANC - c:\windows\system32\drivers\anc.sys R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys R1 Smapint - c:\windows\system32\drivers\smapint.sys R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys R2 EGATHDRV (IBM eGatherer) - c:\windows\system32\egathdrv.sys R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys R2 pmem - c:\windows\system32\drivers\pmemnt.sys R2 PrivateDisk - c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys R2 PROCDD (IPS Helper Driver) - c:\windows\system32\drivers\procdd.sys R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys R2 smi2 - c:\program files\smi2\smi2.sys S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" R2 IPSSVC (IPS Core Service) - c:\windows\system32\ipssvc.exe R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe R2 TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - system32\tphdexlg.exe R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe R2 TVT Scheduler - "c:\program files\ibm thinkvantage\common\scheduler\tvtsched.exe" R2 UCLauncherService (ThinkVantage System Update) - c:\program files\thinkvantage\systemupdate\uclauncherservice.exe S3 PsaSrv (IBM PSA Access Driver Control) - -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-29 00:10:00 388 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE952DE2-4671-4745-AE25-AB9FD7571EC1}.job 2008-06-29 00:07:19 256 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job 2008-06-28 03:57:00 254 --a------ C:\WINDOWS\Tasks\Windows Update.job 2008-06-18 14:44:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-05-27 03:59:09 316 --a------ C:\WINDOWS\Tasks\PMTask.job -- Files created between 2008-05-29 and 2008-06-29 ----------------------------- 2008-06-28 02:12:04 0 d-------- C:\Temp 2008-06-28 01:43:14 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\WinRAR 2008-06-27 23:24:34 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\LimeWire 2008-06-27 12:03:08 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Apple Computer 2008-06-27 09:41:51 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Identities 2008-06-27 09:41:51 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\IBM 2008-06-27 09:41:51 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Google 2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Templates 2008-06-27 09:41:50 0 dr------- C:\Documents and Settings\nic.LENOVO-594FD52A\Start Menu 2008-06-27 09:41:50 0 dr-h----- C:\Documents and Settings\nic.LENOVO-594FD52A\SendTo 2008-06-27 09:41:50 0 dr-h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Recent 2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\PrintHood 2008-06-27 09:41:50 1048576 --ah----- C:\Documents and Settings\nic.LENOVO-594FD52A\NTUSER.DAT 2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\NetHood 2008-06-27 09:41:50 0 dr------- C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents 2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Local Settings 2008-06-27 09:41:50 0 dr------- C:\Documents and Settings\nic.LENOVO-594FD52A\Favorites 2008-06-27 09:41:50 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Desktop 2008-06-27 09:41:50 0 d--hs---- C:\Documents and Settings\nic.LENOVO-594FD52A\Cookies 2008-06-27 09:41:50 0 dr-h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data 2008-06-27 09:41:50 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\ThinkVantage 2008-06-27 09:41:50 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Symantec 2008-06-27 09:41:50 0 d---s---- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Microsoft 2008-06-27 06:16:47 0 d-------- C:\WINDOWS\Prefetch 2008-06-27 06:10:20 0 d-------- C:\WINDOWS\system32\scripting 2008-06-27 06:10:16 0 d-------- C:\WINDOWS\l2schemas 2008-06-27 06:10:14 0 d-------- C:\WINDOWS\system32\en 2008-06-27 06:02:43 0 d-------- C:\WINDOWS\ServicePackFiles 2008-06-27 05:27:03 0 d-------- C:\VundoFix Backups 2008-06-27 04:46:13 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Sun 2008-06-27 02:06:49 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Apple Computer 2008-06-27 02:06:04 0 d-------- C:\Program Files\uTorrent 2008-06-27 02:06:02 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\uTorrent 2008-06-27 01:54:55 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Mozilla 2008-06-27 00:43:42 0 d-------- C:\Program Files\Microsoft Windows OneCare Live 2008-06-27 00:25:04 94208 --a------ C:\WINDOWS\system32\pphcgvoj0et1a.exe 2008-06-27 00:25:04 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\rhclvoj0et1a 2008-06-27 00:24:50 0 d-------- C:\Program Files\rhclvoj0et1a 2008-06-27 00:12:54 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Malwarebytes 2008-06-27 00:12:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-27 00:12:51 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-26 23:48:51 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Uniblue 2008-06-26 23:42:12 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\ErrorRepairTool 2008-06-26 23:29:35 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Macromedia 2008-06-26 23:23:25 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Adobe 2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's Shit\Templates 2008-06-26 06:34:58 0 dr------- C:\Documents and Settings\Nicola's Shit\Start Menu 2008-06-26 06:34:58 0 dr-h----- C:\Documents and Settings\Nicola's Shit\SendTo 2008-06-26 06:34:58 0 dr-h----- C:\Documents and Settings\Nicola's Shit\Recent 2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's Shit\PrintHood 2008-06-26 06:34:58 1572864 --ah----- C:\Documents and Settings\Nicola's Shit\NTUSER.DAT 2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's Shit\NetHood 2008-06-26 06:34:58 0 dr------- C:\Documents and Settings\Nicola's Shit\My Documents 2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's Shit\Local Settings 2008-06-26 06:34:58 0 dr------- C:\Documents and Settings\Nicola's Shit\Favorites 2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's Shit\Desktop 2008-06-26 06:34:58 0 d--hs---- C:\Documents and Settings\Nicola's Shit\Cookies 2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's Shit\Application Data 2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\ThinkVantage 2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Symantec 2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Identities 2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\IBM 2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's Shit\Application Data\Google 2008-06-26 03:38:13 0 d-------- C:\Program Files\CableRouting 2008-06-26 00:57:58 60928 --a------ C:\WINDOWS\system32\blphcgvoj0et1a.scr 2008-06-26 00:49:46 0 d------c- C:\Documents and Settings\los\Application Data\WinRAR 2008-06-23 06:36:36 57436 --a------ C:\WINDOWS\DASShp.dll 2008-06-23 06:36:36 0 d-------- C:\Program Files\Microsoft Reader 2008-06-22 05:46:36 51712 --a------ C:\WINDOWS\wc98pp.dll 2008-06-20 01:09:46 0 d------c- C:\Documents and Settings\los\Application Data\Mozilla 2008-06-19 08:22:30 0 d--hs--c- C:\Documents and Settings\All Users\Application Data\System Restore 2008-06-19 04:46:10 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-18 06:26:38 0 d------c- C:\Documents and Settings\los\Application Data\FireShot 2008-06-18 06:13:12 0 d-------- C:\Documents and Settings\los\dwhelper 2008-06-18 02:55:50 0 d------c- C:\Program Files\PBA 2008-06-18 00:08:09 1160 --a------ C:\WINDOWS\mozver.dat 2008-06-17 00:42:08 0 d------c- C:\Documents and Settings\los\Application Data\Help 2008-06-12 03:51:19 0 d------c- C:\Program Files\QuickTime 2008-06-12 03:49:06 0 d-------- C:\Program Files\Apple Software Update 2008-06-12 01:08:53 9058 --a------ C:\WINDOWS\system32\kjtqpuwi.dll 2008-06-11 01:10:48 0 d-------- C:\Documents and Settings\nic\Application Data\Macromedia 2008-06-11 01:10:48 0 d-------- C:\Documents and Settings\nic\Application Data\Adobe 2008-06-11 01:08:33 0 d-------- C:\Documents and Settings\nic\Application Data\Yahoo! 2008-06-11 01:07:38 0 d-------- C:\Documents and Settings\nic\Application Data\Mozilla 2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\Templates 2008-06-07 14:39:48 0 dr------- C:\Documents and Settings\nic\Start Menu 2008-06-07 14:39:48 0 dr-h----- C:\Documents and Settings\nic\SendTo 2008-06-07 14:39:48 0 dr-h----- C:\Documents and Settings\nic\Recent 2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\PrintHood 2008-06-07 14:39:48 2883584 --ah----- C:\Documents and Settings\nic\NTUSER.DAT 2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\NetHood 2008-06-07 14:39:48 0 dr------- C:\Documents and Settings\nic\My Documents 2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\Local Settings 2008-06-07 14:39:48 0 dr------- C:\Documents and Settings\nic\Favorites 2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Desktop 2008-06-07 14:39:48 0 d--hs---- C:\Documents and Settings\nic\Cookies 2008-06-07 14:39:48 0 dr-h----- C:\Documents and Settings\nic\Application Data 2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\ThinkVantage 2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\Symantec 2008-06-07 14:39:48 0 d---s---- C:\Documents and Settings\nic\Application Data\Microsoft 2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\Identities 2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\IBM 2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\Google 2008-06-06 02:10:08 0 d------c- C:\Documents and Settings\los\Application Data\dvdcss 2008-05-29 01:42:28 0 d-------- C:\WINDOWS\system32\NtmsData -- Find3M Report --------------------------------------------------------------- 2008-06-29 00:00:01 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS 2008-06-27 06:11:12 0 d------c- C:\Program Files\Messenger 2008-06-27 06:10:13 0 d------c- C:\Program Files\Movie Maker 2008-06-27 06:02:15 0 d------c- C:\Program Files\Windows NT 2008-06-27 01:06:09 0 d-------- C:\Program Files\Common Files 2008-06-27 01:06:01 0 d-------- C:\Program Files\Lavasoft 2008-06-26 03:30:46 0 d------c- C:\Program Files\MSN Gaming Zone 2008-06-23 06:36:36 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-19 09:58:48 0 d------c- C:\Program Files\PrintMaster Silver 17 2008-06-18 12:10:41 738477 --ahs---- C:\WINDOWS\system32\RrYaGMoq.ini2 2008-06-18 10:02:57 0 d-------- C:\Program Files\DivX 2008-06-18 03:04:14 0 d------c- C:\Program Files\Support Tools 2008-06-16 00:04:38 0 d------c- C:\Program Files\Yahoo! 2008-06-16 00:00:54 0 d------c- C:\Program Files\The Print Shop 20 2008-06-16 00:00:46 0 d-------- C:\Program Files\Common Files\Broderbund 2008-06-15 23:58:27 0 d------c- C:\Program Files\Web Publish 2008-05-29 05:16:19 0 d------c- C:\Program Files\LimeWire 2008-05-27 02:12:58 0 d------c- C:\Program Files\MSECache 2008-05-26 21:20:41 9058 --a------ C:\WINDOWS\system32\ckxeyrrh.dll 2008-05-25 16:42:22 760256 --ahs---- C:\WINDOWS\system32\aJRtDfhk.ini2 2008-05-21 23:03:36 0 d-------- C:\Program Files\Broderbund 2008-05-19 09:54:06 0 d------c- C:\Program Files\Online Services 2008-05-19 02:46:19 0 d------c- C:\Program Files\Safer Networking 2008-05-17 16:36:41 0 d------c- C:\Program Files\Microsoft Games 2008-05-15 05:51:56 73 --a------ C:\WINDOWS\system32\ssprs.dll 2008-05-15 05:51:55 205 --a------ C:\WINDOWS\system32\lsprst7.dll 2008-05-15 05:51:46 1025 --a------ C:\WINDOWS\system32\clauth2.dll 2008-05-15 05:51:46 1025 --a------ C:\WINDOWS\system32\clauth1.dll 2008-05-15 05:51:45 1025 --a------ C:\WINDOWS\system32\sysprs7.dll 2008-05-07 06:56:51 1 --a------ C:\WINDOWS\system32\kr_done1de 2008-05-07 06:56:32 0 -rahs---- C:\MSDOS.SYS 2008-05-07 06:56:32 0 -rahs---- C:\IO.SYS 2008-05-07 02:26:29 0 d------c- C:\Program Files\VideoLAN 2008-05-05 00:59:10 0 d-------- C:\Program Files\Google 2008-04-09 03:00:27 10246 --ahs---- C:\WINDOWS\system32\VvwFNqss.ini2 2008-04-09 01:17:53 243 --a------ C:\832.bat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [05/28/2008 12:35 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Nicola's Shit\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [5/27/2008 7:23:48 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll 02/01/2006 01:13 AM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 03/23/2006 05:03 AM 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] notifyf2.dll 07/06/2005 02:45 AM 28672 C:\WINDOWS\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 11/30/2005 11:16 PM 24576 C:\WINDOWS\system32\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli csspwntfy [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^los^Start Menu^Programs^Startup^WordWeb.lnk] path=C:\Documents and Settings\los\Start Menu\Programs\Startup\WordWeb.lnk backup=C:\WINDOWS\pss\WordWeb.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] tp4ex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8761 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-06-29 00:14:21 ------------