Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

NEED HELP! Something Happened Don't Really Know What [CLOSED]

Started by nicacola , Jun 27 2008 02:43 AM

  • This topic is locked This topic is locked

#1
nicacola
Posted 27 June 2008 - 02:43 AM

nicacola

    Member

  • Member
  • PipPip
  • 38 posts
I opened a downloaded e-book torrent and used winrar to open it, then had to use a password generator to get the password to view it and when I used the provided generator my laptop when crazy. Windows shut itself down, saying it was to protect from any danger happening to it. I rebooted in safe mode, deleted all the files to do with that torrent and still my computer is acting crazy. I am new to the computer thing all together. I have downloaded malwarebyte's Anti-malware and used it the most recent report from it was this:
Malwarebytes' Anti-Malware 1.18
Database version: 895

2:24:09 AM 6/27/2008
mbam-log-6-27-2008 (02-24-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 102286
Time elapsed: 59 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\compbattt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCVnli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUomkKd.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\gfetqaxstgm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicola's [bleep]\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

and then I also used windows live onecare but it is still scanning! my free space went from 27.3GB to 11.3GB
Please someone help me!!!!
  • 0

Advertisements

#2
Rorschach112
Posted 27 June 2008 - 06:59 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
What is the lesson to learn here ? DON'T download keygens, or you will get infected


Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post.
  • 0

#3
nicacola
Posted 27 June 2008 - 11:51 PM

nicacola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks for taking time to help me figure all this out I really do appreciate it a lot!!!! Here's the report you asked me to attach:

Attached Files


  • 0

#4
Rorschach112
Posted 28 June 2008 - 08:13 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • Click on the "Item Fixer" tab
  • You will notice several entries with a tick in red, click Fix checked.
  • Accept the warning then repeat until they are all gone.




Reboot and do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



What is the file path to the keygen ?
  • 0

#5
nicacola
Posted 28 June 2008 - 10:16 PM

nicacola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ok here it is

Main.txt
Deckard's System Scanner v20071014.68
Run by Nicola's [bleep] on 2008-06-29 00:09:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-06-29 04:09:51 UTC - RP232 - Deckard's System Scanner Restore Point
9: 2008-06-28 07:57:18 UTC - RP231 - Microsoft OneCare Protection Checkpoint
8: 2008-06-27 09:47:46 UTC - RP230 - Software Distribution Service 3.0
7: 2008-06-27 09:26:24 UTC - RP229 - Software Distribution Service 3.0
6: 2008-06-27 07:44:24 UTC - RP228 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-27 04:24:50 UTC - RP223 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-29 00:11:17
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Nicola's [bleep]\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {2890C98D-5959-4A94-A6C2-C59E85462152} - (no file)
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Student\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1211207009593
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192929343828
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: ACNotify - C:\WINDOWS\system32\ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe


--
End of file - 9699 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 EGATHDRV (IBM eGatherer) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; RRU>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 PrivateDisk - c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys <Not Verified; Utimaco Safeware AG; SafeGuard PrivateDisk>
R2 PROCDD (IPS Helper Driver) - c:\windows\system32\drivers\procdd.sys <Not Verified; Lenovo Group Limited; Away Manager>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smi2 - c:\program files\smi2\smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>

S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Lenovo; SMI Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 IPSSVC (IPS Core Service) - c:\windows\system32\ipssvc.exe <Not Verified; Lenovo Group Limited; Away Manager>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Scheduler - "c:\program files\ibm thinkvantage\common\scheduler\tvtsched.exe" <Not Verified; ; tvtsched Module>
R2 UCLauncherService (ThinkVantage System Update) - c:\program files\thinkvantage\systemupdate\uclauncherservice.exe

S3 PsaSrv (IBM PSA Access Driver Control) -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-29 00:10:00 388 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE952DE2-4671-4745-AE25-AB9FD7571EC1}.job
2008-06-29 00:07:19 256 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2008-06-28 03:57:00 254 --a------ C:\WINDOWS\Tasks\Windows Update.job
2008-06-18 14:44:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-27 03:59:09 316 --a------ C:\WINDOWS\Tasks\PMTask.job


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-28 02:12:04 0 d-------- C:\Temp
2008-06-28 01:43:14 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\WinRAR
2008-06-27 23:24:34 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\LimeWire
2008-06-27 12:03:08 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Apple Computer
2008-06-27 09:41:51 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Identities
2008-06-27 09:41:51 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\IBM
2008-06-27 09:41:51 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Google
2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Templates
2008-06-27 09:41:50 0 dr------- C:\Documents and Settings\nic.LENOVO-594FD52A\Start Menu
2008-06-27 09:41:50 0 dr-h----- C:\Documents and Settings\nic.LENOVO-594FD52A\SendTo
2008-06-27 09:41:50 0 dr-h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Recent
2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\PrintHood
2008-06-27 09:41:50 1048576 --ah----- C:\Documents and Settings\nic.LENOVO-594FD52A\NTUSER.DAT
2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\NetHood
2008-06-27 09:41:50 0 dr------- C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents
2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Local Settings
2008-06-27 09:41:50 0 dr------- C:\Documents and Settings\nic.LENOVO-594FD52A\Favorites
2008-06-27 09:41:50 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Desktop
2008-06-27 09:41:50 0 d--hs---- C:\Documents and Settings\nic.LENOVO-594FD52A\Cookies
2008-06-27 09:41:50 0 dr-h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data
2008-06-27 09:41:50 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\ThinkVantage
2008-06-27 09:41:50 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Symantec
2008-06-27 09:41:50 0 d---s---- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Microsoft
2008-06-27 06:16:47 0 d-------- C:\WINDOWS\Prefetch
2008-06-27 06:10:20 0 d-------- C:\WINDOWS\system32\scripting
2008-06-27 06:10:16 0 d-------- C:\WINDOWS\l2schemas
2008-06-27 06:10:14 0 d-------- C:\WINDOWS\system32\en
2008-06-27 06:02:43 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-27 05:27:03 0 d-------- C:\VundoFix Backups
2008-06-27 04:46:13 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Sun
2008-06-27 02:06:49 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Apple Computer
2008-06-27 02:06:04 0 d-------- C:\Program Files\uTorrent
2008-06-27 02:06:02 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\uTorrent
2008-06-27 01:54:55 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Mozilla
2008-06-27 00:43:42 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-27 00:25:04 94208 --a------ C:\WINDOWS\system32\pphcgvoj0et1a.exe
2008-06-27 00:25:04 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a
2008-06-27 00:24:50 0 d-------- C:\Program Files\rhclvoj0et1a
2008-06-27 00:12:54 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Malwarebytes
2008-06-27 00:12:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 00:12:51 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 23:48:51 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Uniblue
2008-06-26 23:42:12 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\ErrorRepairTool
2008-06-26 23:29:35 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Macromedia
2008-06-26 23:23:25 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Adobe
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\Templates
2008-06-26 06:34:58 0 dr------- C:\Documents and Settings\Nicola's [bleep]\Start Menu
2008-06-26 06:34:58 0 dr-h----- C:\Documents and Settings\Nicola's [bleep]\SendTo
2008-06-26 06:34:58 0 dr-h----- C:\Documents and Settings\Nicola's [bleep]\Recent
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\PrintHood
2008-06-26 06:34:58 1572864 --ah----- C:\Documents and Settings\Nicola's [bleep]\NTUSER.DAT
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\NetHood
2008-06-26 06:34:58 0 dr------- C:\Documents and Settings\Nicola's [bleep]\My Documents
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\Local Settings
2008-06-26 06:34:58 0 dr------- C:\Documents and Settings\Nicola's [bleep]\Favorites
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Desktop
2008-06-26 06:34:58 0 d--hs---- C:\Documents and Settings\Nicola's [bleep]\Cookies
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\Application Data
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\ThinkVantage
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Symantec
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Identities
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\IBM
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Google
2008-06-26 03:38:13 0 d-------- C:\Program Files\CableRouting
2008-06-26 00:57:58 60928 --a------ C:\WINDOWS\system32\blphcgvoj0et1a.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-26 00:49:46 0 d------c- C:\Documents and Settings\los\Application Data\WinRAR
2008-06-23 06:36:36 57436 --a------ C:\WINDOWS\DASShp.dll <Not Verified; Microsoft Corporation; Microsoft® DAS Client Components>
2008-06-23 06:36:36 0 d-------- C:\Program Files\Microsoft Reader
2008-06-22 05:46:36 51712 --a------ C:\WINDOWS\wc98pp.dll
2008-06-20 01:09:46 0 d------c- C:\Documents and Settings\los\Application Data\Mozilla
2008-06-19 08:22:30 0 d--hs--c- C:\Documents and Settings\All Users\Application Data\System Restore
2008-06-19 04:46:10 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-18 06:26:38 0 d------c- C:\Documents and Settings\los\Application Data\FireShot
2008-06-18 06:13:12 0 d-------- C:\Documents and Settings\los\dwhelper
2008-06-18 02:55:50 0 d------c- C:\Program Files\PBA
2008-06-18 00:08:09 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-17 00:42:08 0 d------c- C:\Documents and Settings\los\Application Data\Help
2008-06-12 03:51:19 0 d------c- C:\Program Files\QuickTime
2008-06-12 03:49:06 0 d-------- C:\Program Files\Apple Software Update
2008-06-12 01:08:53 9058 --a------ C:\WINDOWS\system32\kjtqpuwi.dll
2008-06-11 01:10:48 0 d-------- C:\Documents and Settings\nic\Application Data\Macromedia
2008-06-11 01:10:48 0 d-------- C:\Documents and Settings\nic\Application Data\Adobe
2008-06-11 01:08:33 0 d-------- C:\Documents and Settings\nic\Application Data\Yahoo!
2008-06-11 01:07:38 0 d-------- C:\Documents and Settings\nic\Application Data\Mozilla
2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\Templates
2008-06-07 14:39:48 0 dr------- C:\Documents and Settings\nic\Start Menu
2008-06-07 14:39:48 0 dr-h----- C:\Documents and Settings\nic\SendTo
2008-06-07 14:39:48 0 dr-h----- C:\Documents and Settings\nic\Recent
2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\PrintHood
2008-06-07 14:39:48 2883584 --ah----- C:\Documents and Settings\nic\NTUSER.DAT
2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\NetHood
2008-06-07 14:39:48 0 dr------- C:\Documents and Settings\nic\My Documents
2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\Local Settings
2008-06-07 14:39:48 0 dr------- C:\Documents and Settings\nic\Favorites
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Desktop
2008-06-07 14:39:48 0 d--hs---- C:\Documents and Settings\nic\Cookies
2008-06-07 14:39:48 0 dr-h----- C:\Documents and Settings\nic\Application Data
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\ThinkVantage
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\Symantec
2008-06-07 14:39:48 0 d---s---- C:\Documents and Settings\nic\Application Data\Microsoft
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\Identities
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\IBM
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\Google
2008-06-06 02:10:08 0 d------c- C:\Documents and Settings\los\Application Data\dvdcss
2008-05-29 01:42:28 0 d-------- C:\WINDOWS\system32\NtmsData


-- Find3M Report ---------------------------------------------------------------

2008-06-29 00:00:01 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
2008-06-27 06:11:12 0 d------c- C:\Program Files\Messenger
2008-06-27 06:10:13 0 d------c- C:\Program Files\Movie Maker
2008-06-27 06:02:15 0 d------c- C:\Program Files\Windows NT
2008-06-27 01:06:09 0 d-------- C:\Program Files\Common Files
2008-06-27 01:06:01 0 d-------- C:\Program Files\Lavasoft
2008-06-26 03:30:46 0 d------c- C:\Program Files\MSN Gaming Zone
2008-06-23 06:36:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-19 09:58:48 0 d------c- C:\Program Files\PrintMaster Silver 17
2008-06-18 12:10:41 738477 --ahs---- C:\WINDOWS\system32\RrYaGMoq.ini2
2008-06-18 10:02:57 0 d-------- C:\Program Files\DivX
2008-06-18 03:04:14 0 d------c- C:\Program Files\Support Tools
2008-06-16 00:04:38 0 d------c- C:\Program Files\Yahoo!
2008-06-16 00:00:54 0 d------c- C:\Program Files\The Print Shop 20
2008-06-16 00:00:46 0 d-------- C:\Program Files\Common Files\Broderbund
2008-06-15 23:58:27 0 d------c- C:\Program Files\Web Publish
2008-05-29 05:16:19 0 d------c- C:\Program Files\LimeWire
2008-05-27 02:12:58 0 d------c- C:\Program Files\MSECache
2008-05-26 21:20:41 9058 --a------ C:\WINDOWS\system32\ckxeyrrh.dll
2008-05-25 16:42:22 760256 --ahs---- C:\WINDOWS\system32\aJRtDfhk.ini2
2008-05-21 23:03:36 0 d-------- C:\Program Files\Broderbund
2008-05-19 09:54:06 0 d------c- C:\Program Files\Online Services
2008-05-19 02:46:19 0 d------c- C:\Program Files\Safer Networking
2008-05-17 16:36:41 0 d------c- C:\Program Files\Microsoft Games
2008-05-15 05:51:56 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-15 05:51:55 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-05-15 05:51:46 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-05-15 05:51:46 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-05-15 05:51:45 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-05-07 06:56:51 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-07 06:56:32 0 -rahs---- C:\MSDOS.SYS
2008-05-07 06:56:32 0 -rahs---- C:\IO.SYS
2008-05-07 02:26:29 0 d------c- C:\Program Files\VideoLAN
2008-05-05 00:59:10 0 d-------- C:\Program Files\Google
2008-04-09 03:00:27 10246 --ahs---- C:\WINDOWS\system32\VvwFNqss.ini2
2008-04-09 01:17:53 243 --a------ C:\832.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [05/28/2008 12:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Nicola's [bleep]\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [5/27/2008 7:23:48 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 02/01/2006 01:13 AM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 03/23/2006 05:03 AM 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/06/2005 02:45 AM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 11/30/2005 11:16 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli csspwntfy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^los^Start Menu^Programs^Startup^WordWeb.lnk]
path=C:\Documents and Settings\los\Start Menu\Programs\Startup\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
C:\Program Files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
"C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
"C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
"C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\suScheduler]
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
tp4ex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8761 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-29 00:14:21 ------------

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M CPU 420 @ 1.60GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1014.36 MiB / 486.46 MiB
Pagefile Memory (total/avail): 3965.52 MiB / 3529.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.05 MiB

C: is Fixed (NTFS) - 51.33 GiB total, 29.46 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541060G9SA00 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 51.33 GiB - C:
\PARTITION1 - Unknown - 4.55 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nicola's [bleep]\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LENOVO-594FD52A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nicola's [bleep]
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\LENOVO-594FD52A
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ThinkPad\Utilities;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\IBM ThinkVantage\Client Security Solution;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Support Tools;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RR=C:\Program Files\IBM ThinkVantage\Rescue and Recovery
SESSIONNAME=Console
SMA=C:\Program Files\IBM ThinkVantage\SMA\
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp
TVT=C:\Program Files\IBM ThinkVantage
TVTPYDIR=C:\Program Files\IBM ThinkVantage\Common\Python24
USERDOMAIN=LENOVO-594FD52A
USERNAME=Nicola's [bleep]
USERPROFILE=C:\Documents and Settings\Nicola's [bleep]
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Student (admin)
los (admin)
nic (admin)
Nicola's [bleep] (admin)
nic.LENOVO-594FD52A (new local, admin)
Administrator (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
AntivirXP08 --> "C:\Program Files\rhclvoj0et1a\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
GTOneCare --> MsiExec.exe /X{CA40DD4F-D30E-4622-8783-1ED1E81340C2}
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111 -->
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.18.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Live OneCare Resources v2.0.2500.32 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.32 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.32 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NavigationAdvisor --> C:\Program Files\NavigationAdvisor\uninstall.exe
PCPrivacyCleaner --> "C:\Program Files\PCPrivacyCleaner\pcpc.exe" -uninstall
PrintMaster Silver 17 --> MsiExec.exe /I{AC4D65B6-F6A2-4FDC-9436-0C29DE29C457}
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center --> C:\ibmtools\apps\recnow\sequencer.exe -fc:\ibmtools\apps\recnow\uninst.seq
Rescue and Recovery - Client Security Solution --> MsiExec.exe /I{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}
RLPrintPlugin --> MsiExec.exe /I{3E55A2EC-00A6-4B4E-80BF-B5FEF79A5411}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Software Installer --> _tpiu000.exe /U
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
System Migration Assistant --> MsiExec.exe /X{CA89B56F-E71B-4E08-82A9-580533E1C048}
The Print Shop Premium Fonts --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F64D075-84F1-4EBC-A842-F2EF9C58009A}\Setup.exe" -l0x9
ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE -U -ITkp0588p.inf
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\IBMTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\UNNPDR.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x9 anything
ThinkVantage Away Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage System Update --> MsiExec.exe /X{2A43FF29-0D97-4445-B82D-9324F176AED5}
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe"
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows NT 4.0 Internet Authentication Service snap-in --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\iasnt4.inf, Uninstall
Windows Support Tools --> MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordWeb --> C:\Program Files\WordWeb\uninst.exe
XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type8818 / Warning
Event Submitted/Written: 06/29/2008 00:07:29 AM / 06/29/2008 00:07:30 AM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type8802 / Warning
Event Submitted/Written: 06/28/2008 11:46:22 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type8790 / Warning
Event Submitted/Written: 06/28/2008 06:25:36 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cann
  • 0

#6
Rorschach112
Posted 29 June 2008 - 07:55 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can I get you to attach the main text please as the forum is editing the log so I can't do a proper fix
  • 0

#7
nicacola
Posted 29 June 2008 - 10:25 PM

nicacola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Deckard's System Scanner v20071014.68
Run by Nicola's [bleep] on 2008-06-30 00:20:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-30 00:20:53
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicola's [bleep]\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {2890C98D-5959-4A94-A6C2-C59E85462152} - (no file)
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Student\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1211207009593
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192929343828
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: ACNotify - C:\WINDOWS\system32\ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe


--
End of file - 9646 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-28 02:12:04 0 d-------- C:\Temp
2008-06-28 01:43:14 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\WinRAR
2008-06-27 23:24:34 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\LimeWire
2008-06-27 12:03:08 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Apple Computer
2008-06-27 09:41:51 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Identities
2008-06-27 09:41:51 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\IBM
2008-06-27 09:41:51 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Google
2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Templates
2008-06-27 09:41:50 0 dr------- C:\Documents and Settings\nic.LENOVO-594FD52A\Start Menu
2008-06-27 09:41:50 0 dr-h----- C:\Documents and Settings\nic.LENOVO-594FD52A\SendTo
2008-06-27 09:41:50 0 dr-h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Recent
2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\PrintHood
2008-06-27 09:41:50 1048576 --ah----- C:\Documents and Settings\nic.LENOVO-594FD52A\NTUSER.DAT
2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\NetHood
2008-06-27 09:41:50 0 dr------- C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents
2008-06-27 09:41:50 0 d--h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Local Settings
2008-06-27 09:41:50 0 dr------- C:\Documents and Settings\nic.LENOVO-594FD52A\Favorites
2008-06-27 09:41:50 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Desktop
2008-06-27 09:41:50 0 d--hs---- C:\Documents and Settings\nic.LENOVO-594FD52A\Cookies
2008-06-27 09:41:50 0 dr-h----- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data
2008-06-27 09:41:50 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\ThinkVantage
2008-06-27 09:41:50 0 d-------- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Symantec
2008-06-27 09:41:50 0 d---s---- C:\Documents and Settings\nic.LENOVO-594FD52A\Application Data\Microsoft
2008-06-27 06:16:47 0 d-------- C:\WINDOWS\Prefetch
2008-06-27 06:10:20 0 d-------- C:\WINDOWS\system32\scripting
2008-06-27 06:10:16 0 d-------- C:\WINDOWS\l2schemas
2008-06-27 06:10:14 0 d-------- C:\WINDOWS\system32\en
2008-06-27 06:02:43 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-27 05:27:03 0 d-------- C:\VundoFix Backups
2008-06-27 04:46:13 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Sun
2008-06-27 02:06:49 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Apple Computer
2008-06-27 02:06:04 0 d-------- C:\Program Files\uTorrent
2008-06-27 02:06:02 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\uTorrent
2008-06-27 01:54:55 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Mozilla
2008-06-27 00:43:42 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-27 00:25:04 94208 --a------ C:\WINDOWS\system32\pphcgvoj0et1a.exe
2008-06-27 00:25:04 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a
2008-06-27 00:24:50 0 d-------- C:\Program Files\rhclvoj0et1a
2008-06-27 00:12:54 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Malwarebytes
2008-06-27 00:12:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 00:12:51 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 23:48:51 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Uniblue
2008-06-26 23:42:12 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\ErrorRepairTool
2008-06-26 23:29:35 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Macromedia
2008-06-26 23:23:25 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Adobe
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\Templates
2008-06-26 06:34:58 0 dr------- C:\Documents and Settings\Nicola's [bleep]\Start Menu
2008-06-26 06:34:58 0 dr-h----- C:\Documents and Settings\Nicola's [bleep]\SendTo
2008-06-26 06:34:58 0 dr-h----- C:\Documents and Settings\Nicola's [bleep]\Recent
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\PrintHood
2008-06-26 06:34:58 1572864 --ah----- C:\Documents and Settings\Nicola's [bleep]\NTUSER.DAT
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\NetHood
2008-06-26 06:34:58 0 dr------- C:\Documents and Settings\Nicola's [bleep]\My Documents
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\Local Settings
2008-06-26 06:34:58 0 dr------- C:\Documents and Settings\Nicola's [bleep]\Favorites
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Desktop
2008-06-26 06:34:58 0 d--hs---- C:\Documents and Settings\Nicola's [bleep]\Cookies
2008-06-26 06:34:58 0 d--h----- C:\Documents and Settings\Nicola's [bleep]\Application Data
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\ThinkVantage
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Symantec
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Identities
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\IBM
2008-06-26 06:34:58 0 d-------- C:\Documents and Settings\Nicola's [bleep]\Application Data\Google
2008-06-26 03:38:13 0 d-------- C:\Program Files\CableRouting
2008-06-26 00:57:58 60928 --a------ C:\WINDOWS\system32\blphcgvoj0et1a.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-26 00:49:46 0 d------c- C:\Documents and Settings\los\Application Data\WinRAR
2008-06-23 06:36:36 57436 --a------ C:\WINDOWS\DASShp.dll <Not Verified; Microsoft Corporation; Microsoft® DAS Client Components>
2008-06-23 06:36:36 0 d-------- C:\Program Files\Microsoft Reader
2008-06-22 05:46:36 51712 --a------ C:\WINDOWS\wc98pp.dll
2008-06-20 01:09:46 0 d------c- C:\Documents and Settings\los\Application Data\Mozilla
2008-06-19 08:22:30 0 d--hs--c- C:\Documents and Settings\All Users\Application Data\System Restore
2008-06-19 04:46:10 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-18 06:26:38 0 d------c- C:\Documents and Settings\los\Application Data\FireShot
2008-06-18 06:13:12 0 d-------- C:\Documents and Settings\los\dwhelper
2008-06-18 02:55:50 0 d------c- C:\Program Files\PBA
2008-06-18 00:08:09 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-17 00:42:08 0 d------c- C:\Documents and Settings\los\Application Data\Help
2008-06-12 03:51:19 0 d------c- C:\Program Files\QuickTime
2008-06-12 03:49:06 0 d-------- C:\Program Files\Apple Software Update
2008-06-12 01:08:53 9058 --a------ C:\WINDOWS\system32\kjtqpuwi.dll
2008-06-11 01:10:48 0 d-------- C:\Documents and Settings\nic\Application Data\Macromedia
2008-06-11 01:10:48 0 d-------- C:\Documents and Settings\nic\Application Data\Adobe
2008-06-11 01:08:33 0 d-------- C:\Documents and Settings\nic\Application Data\Yahoo!
2008-06-11 01:07:38 0 d-------- C:\Documents and Settings\nic\Application Data\Mozilla
2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\Templates
2008-06-07 14:39:48 0 dr------- C:\Documents and Settings\nic\Start Menu
2008-06-07 14:39:48 0 dr-h----- C:\Documents and Settings\nic\SendTo
2008-06-07 14:39:48 0 dr-h----- C:\Documents and Settings\nic\Recent
2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\PrintHood
2008-06-07 14:39:48 2883584 --ah----- C:\Documents and Settings\nic\NTUSER.DAT
2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\NetHood
2008-06-07 14:39:48 0 dr------- C:\Documents and Settings\nic\My Documents
2008-06-07 14:39:48 0 d--h----- C:\Documents and Settings\nic\Local Settings
2008-06-07 14:39:48 0 dr------- C:\Documents and Settings\nic\Favorites
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Desktop
2008-06-07 14:39:48 0 d--hs---- C:\Documents and Settings\nic\Cookies
2008-06-07 14:39:48 0 dr-h----- C:\Documents and Settings\nic\Application Data
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\ThinkVantage
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\Symantec
2008-06-07 14:39:48 0 d---s---- C:\Documents and Settings\nic\Application Data\Microsoft
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\Identities
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\IBM
2008-06-07 14:39:48 0 d-------- C:\Documents and Settings\nic\Application Data\Google
2008-06-06 02:10:08 0 d------c- C:\Documents and Settings\los\Application Data\dvdcss


-- Find3M Report ---------------------------------------------------------------

2008-06-29 00:00:01 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
2008-06-27 06:11:12 0 d------c- C:\Program Files\Messenger
2008-06-27 06:10:13 0 d------c- C:\Program Files\Movie Maker
2008-06-27 06:02:15 0 d------c- C:\Program Files\Windows NT
2008-06-27 01:06:09 0 d-------- C:\Program Files\Common Files
2008-06-27 01:06:01 0 d-------- C:\Program Files\Lavasoft
2008-06-26 03:30:46 0 d------c- C:\Program Files\MSN Gaming Zone
2008-06-23 06:36:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-19 09:58:48 0 d------c- C:\Program Files\PrintMaster Silver 17
2008-06-18 12:10:41 738477 --ahs---- C:\WINDOWS\system32\RrYaGMoq.ini2
2008-06-18 10:02:57 0 d-------- C:\Program Files\DivX
2008-06-18 03:04:14 0 d------c- C:\Program Files\Support Tools
2008-06-16 00:04:38 0 d------c- C:\Program Files\Yahoo!
2008-06-16 00:00:54 0 d------c- C:\Program Files\The Print Shop 20
2008-06-16 00:00:46 0 d-------- C:\Program Files\Common Files\Broderbund
2008-06-15 23:58:27 0 d------c- C:\Program Files\Web Publish
2008-05-29 05:16:19 0 d------c- C:\Program Files\LimeWire
2008-05-27 02:12:58 0 d------c- C:\Program Files\MSECache
2008-05-26 21:20:41 9058 --a------ C:\WINDOWS\system32\ckxeyrrh.dll
2008-05-25 16:42:22 760256 --ahs---- C:\WINDOWS\system32\aJRtDfhk.ini2
2008-05-21 23:03:36 0 d-------- C:\Program Files\Broderbund
2008-05-19 09:54:06 0 d------c- C:\Program Files\Online Services
2008-05-19 02:46:19 0 d------c- C:\Program Files\Safer Networking
2008-05-17 16:36:41 0 d------c- C:\Program Files\Microsoft Games
2008-05-15 05:51:56 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-15 05:51:55 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-05-15 05:51:46 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-05-15 05:51:46 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-05-15 05:51:45 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-05-07 06:56:51 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-07 06:56:32 0 -rahs---- C:\MSDOS.SYS
2008-05-07 06:56:32 0 -rahs---- C:\IO.SYS
2008-05-07 02:26:29 0 d------c- C:\Program Files\VideoLAN
2008-05-05 00:59:10 0 d-------- C:\Program Files\Google
2008-04-09 03:00:27 10246 --ahs---- C:\WINDOWS\system32\VvwFNqss.ini2
2008-04-09 01:17:53 243 --a------ C:\832.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [05/28/2008 12:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Nicola's [bleep]\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [5/27/2008 7:23:48 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 02/01/2006 01:13 AM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 03/23/2006 05:03 AM 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/06/2005 02:45 AM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 11/30/2005 11:16 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli csspwntfy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^los^Start Menu^Programs^Startup^WordWeb.lnk]
path=C:\Documents and Settings\los\Start Menu\Programs\Startup\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
C:\Program Files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
"C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
"C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
"C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\suScheduler]
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
tp4ex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-30 00:24:10 ------------
  • 0

#8
Rorschach112
Posted 30 June 2008 - 06:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you attach them please

Click browse and upload the files
  • 0

#9
nicacola
Posted 30 June 2008 - 11:11 PM

nicacola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here they are!!! I'm really sorry I'm trying to learn about computers and how to do things

Attached Files


  • 0

#10
Rorschach112
Posted 01 July 2008 - 07:24 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

PCPrivacyCleaner




1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: (no name) - {2890C98D-5959-4A94-A6C2-C59E85462152} - (no file)
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



For this step I will attach the notepad file that you need to put into OTMoveIt2


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

Advertisements

#11
nicacola
Posted 06 July 2008 - 03:46 AM

nicacola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
what attached notepad I can't seem to be able to locate it on the page
  • 0

#12
Rorschach112
Posted 06 July 2008 - 10:48 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Sorry it is there now
  • 0

#13
nicacola
Posted 06 July 2008 - 10:02 PM

nicacola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here It Is!!!

Explorer killed successfully
C:\WINDOWS\system32\pphcgvoj0et1a.exe moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine\Packages moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a\Quarantine moved successfully.
C:\Documents and Settings\Nicola's [bleep]\Application Data\rhclvoj0et1a moved successfully.
File/Folder C:\Program Files\rhclvoj0et1a not found.
C:\WINDOWS\system32\blphcgvoj0et1a.scr moved successfully.
C:\WINDOWS\wc98pp.dll unregistered successfully.
C:\WINDOWS\wc98pp.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\kjtqpuwi.dll
C:\WINDOWS\system32\kjtqpuwi.dll NOT unregistered.
C:\WINDOWS\system32\kjtqpuwi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ckxeyrrh.dll
C:\WINDOWS\system32\ckxeyrrh.dll NOT unregistered.
C:\WINDOWS\system32\ckxeyrrh.dll moved successfully.
C:\WINDOWS\system32\aJRtDfhk.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\ssprs.dll NOT unregistered.
C:\WINDOWS\system32\ssprs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\lsprst7.dll NOT unregistered.
C:\WINDOWS\system32\lsprst7.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\clauth2.dll
C:\WINDOWS\system32\clauth2.dll NOT unregistered.
C:\WINDOWS\system32\clauth2.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\clauth1.dll
C:\WINDOWS\system32\clauth1.dll NOT unregistered.
C:\WINDOWS\system32\clauth1.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\sysprs7.dll
C:\WINDOWS\system32\sysprs7.dll NOT unregistered.
C:\WINDOWS\system32\sysprs7.dll moved successfully.
C:\WINDOWS\system32\kr_done1de moved successfully.
C:\WINDOWS\system32\VvwFNqss.ini2 moved successfully.
C:\832.bat moved successfully.
File/Folder C:\Program Files\PCPrivacyCleaner not found.
< purity >
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
File/Folder not found.
File/Folder not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_235154
  • 0

#14
Rorschach112
Posted 07 July 2008 - 07:35 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - App Paths, Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg Mountpoints2, File - Additional Folder Scans, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Under Rootkit Search change it to Yes
  • Check the box at the top-left beside Scan All Users
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#15
nicacola
Posted 08 July 2008 - 10:12 PM

nicacola

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here are the files not sure which one you wanted so here they both are

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP