1
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 22, 2008, 09:11:03 AM »
np, thanks again Questolo
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 19, 2008, 07:50:10 PM »
Yeah for sure, but the log files look clean right ? thanks again
3
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 18, 2008, 10:58:29 AM »
So the latest logs i posted looked ok questolo ?
Yea.. im not going to do system restore not worth going down that road
what do you think caused ventrilo to delete all my ips and user names ?
Yea.. im not going to do system restore not worth going down that road
what do you think caused ventrilo to delete all my ips and user names ?
4
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 17, 2008, 11:12:55 AM »
another side note strangly my pc wouldnt get me online .. .after unpluging the ruter like 3 times i got back on...
i tryed to open ventrilo when i double clicked it i got some stange msg saying cant open on server 1 something like that i clicked ok cause therewas nothing left to do...
when i doubled clicked it again.,. it opened BUT.... ALL my ventrilo ips user names etc... were all deleted as if it wasa fresh install of vent i lost everything... what would have caused that... its just like email pw's ,log on's etc.. everyone got removed..
at this time , is it safe to use the system restore? Ill wait till i hear word from you. Ill be able to read your response later but away from this pc till SUnday night thx again
i tryed to open ventrilo when i double clicked it i got some stange msg saying cant open on server 1 something like that i clicked ok cause therewas nothing left to do...
when i doubled clicked it again.,. it opened BUT.... ALL my ventrilo ips user names etc... were all deleted as if it wasa fresh install of vent i lost everything... what would have caused that... its just like email pw's ,log on's etc.. everyone got removed..
at this time , is it safe to use the system restore? Ill wait till i hear word from you. Ill be able to read your response later but away from this pc till SUnday night thx again
5
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 17, 2008, 08:19:25 AM »
Thx again , hope you havea good day
EDIT: after thought
Any way of telling how long ive had this on my pc ?
i decided to change all my pw's
when i went to the bank site the bank site said it did not recognize my computer. Is that because that program had it set so i would re enter my info?
anyways we removed the hack soo we should be good to re type pw's or at least i hope cause i went ahead and did all that already.
EDIT: after thought
Any way of telling how long ive had this on my pc ?
i decided to change all my pw's
when i went to the bank site the bank site said it did not recognize my computer. Is that because that program had it set so i would re enter my info?
anyways we removed the hack soo we should be good to re type pw's or at least i hope cause i went ahead and did all that already.
6
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 17, 2008, 08:15:36 AM »
Logfile of random's system information tool 1.04 (written by random/random)
Run by ep0xy at 2008-10-17 09:50:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (20%) free of 76 GB
Total RAM: 3071 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:03 AM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Excursion9.5\mIRC.ExCurSioN.exe
C:\mIRC-TPG\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\ep0xy\Local Settings\Temporary Internet Files\Content.IE5\2UWXLGLN\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\ep0xy.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 4456 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware SE Personal.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-04 582992]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Steam"=c:\program files\steam\steam.exe [2008-10-09 1410296]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear []
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2006-08-01 67112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe [2004-12-06 532480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
MultiMon Taskbar.lnk - C:\Program Files\MMTaskbar\MultiMon.exe
C:\Documents and Settings\ep0xy\Start Menu\Programs\Startup
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\ExcursionXBeta\mIRC.exe"="C:\ExcursionXBeta\mIRC.exe:*:Enabled:mIRC"
"C:\Documents and Settings\ep0xy\Local Settings\Temp\nskE9.tmp\utorrent.exe"="C:\Documents and Settings\ep0xy\Local Settings\Temp\nskE9.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\mIRC-TPG\mirc.exe"="C:\mIRC-TPG\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:hlsw"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\dirtstarEmail Removed\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\dirtstarEmail Removed\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\[email protected]\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\[email protected]\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\roundnycEmail Removed\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\roundnycEmail Removed\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\opposing force\hl.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\opposing force\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\redrockEmail Removed\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\redrockEmail Removed\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Excursion9.5\mIRC.ExCurSioN.exe"="C:\Excursion9.5\mIRC.ExCurSioN.exe:*:Enabled:mIRC"
"C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe"="C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe:*:Enabled:iw3mp"
"C:\World of Warcraft\Repair.exe"="C:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\age of chivalry\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\age of chivalry\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\diprip warm up\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\diprip warm up\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\insurgency\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\insurgency\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\call of duty 2\CoD2MP_s.exe"="C:\Program Files\Steam\steamapps\common\call of duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2008-10-17 09:50:59 ----D---- C:\rsit
2008-10-17 00:32:12 ----A---- C:\HaxFix.txt
2008-10-16 23:58:35 ----D---- C:\Documents and Settings\ep0xy\Application Data\Malwarebytes
2008-10-16 23:58:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 23:58:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-16 23:13:46 ----A---- C:\HaxFix.exe
2008-10-16 23:13:45 ----D---- C:\HaxFix
2008-10-16 20:10:39 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-16 20:10:39 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-16 19:57:13 ----D---- C:\Program Files\Trend Micro
2008-10-15 09:23:24 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-14 15:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 15:34:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 15:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 15:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 15:34:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-24 17:50:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-23 21:38:01 ----D---- C:\WINDOWS\Prefetch
2008-09-23 21:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-23 21:35:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-23 21:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-23 21:35:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-23 21:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-23 21:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-23 21:35:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-23 21:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-23 21:34:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-23 21:34:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-23 21:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-23 21:30:50 ----D---- C:\WINDOWS\system32\scripting
2008-09-23 21:30:49 ----D---- C:\WINDOWS\l2schemas
2008-09-23 21:30:48 ----D---- C:\WINDOWS\system32\en
2008-09-22 19:56:57 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-22 19:56:56 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-22 19:56:55 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-22 19:56:55 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-22 19:56:49 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-22 19:56:49 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-22 19:56:42 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-22 19:56:39 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-22 19:56:38 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-22 19:56:37 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-22 19:56:36 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-22 19:56:36 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-22 19:56:36 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-22 19:56:35 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-22 19:56:33 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-22 19:56:28 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-22 19:56:28 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-22 19:56:28 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-22 19:56:27 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-22 19:56:27 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-22 19:56:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-22 19:56:26 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-22 19:56:19 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-22 19:56:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-22 19:56:19 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-22 19:56:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-22 19:56:12 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-22 19:56:12 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-22 19:56:11 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-22 19:56:11 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-22 19:56:11 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-22 19:56:11 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-22 19:56:02 ----A---- C:\WINDOWS\005417_.tmp
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-22 19:55:58 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-22 19:55:58 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-22 19:55:58 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-22 19:55:56 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-22 19:55:53 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-22 19:55:52 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-22 19:55:46 ----N---- C:\WINDOWS\system32\aaclient.dll
======List of files/folders modified in the last 1 months======
2008-10-17 09:26:29 ----D---- C:\Program Files\Steam
2008-10-17 09:26:22 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-10-17 09:25:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-17 09:02:08 ----D---- C:\WINDOWS\Temp
2008-10-17 01:06:52 ----D---- C:\mIRC-TPG
2008-10-17 01:05:22 ----D---- C:\WINDOWS\system32
2008-10-17 01:05:04 ----D---- C:\WINDOWS\system32\drivers
2008-10-17 01:04:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-17 00:32:22 ----D---- C:\WINDOWS
2008-10-16 23:58:30 ----RD---- C:\Program Files
2008-10-16 21:41:18 ----D---- C:\Program Files\HLSW
2008-10-16 21:09:25 ----SHD---- C:\Config.Msi
2008-10-16 21:02:24 ----D---- C:\Program Files\Mozilla Firefox
2008-10-16 20:49:28 ----D---- C:\Excursion9.5
2008-10-16 20:16:58 ----SHD---- C:\WINDOWS\Installer
2008-10-16 20:16:18 ----D---- C:\Program Files\Lavasoft
2008-10-16 20:15:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 20:14:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 19:28:08 ----D---- C:\Documents and Settings\ep0xy\Application Data\Adobe
2008-10-15 12:44:46 ----D---- C:\World of Warcraft
2008-10-14 15:36:52 ----D---- C:\Program Files\Internet Explorer
2008-10-14 15:34:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-14 15:34:58 ----HD---- C:\WINDOWS\inf
2008-10-14 15:34:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-14 15:34:53 ----A---- C:\WINDOWS\imsins.BAK
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-25 13:48:22 ----D---- C:\Program Files\Winamp
2008-09-23 21:41:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-23 21:38:57 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-23 21:38:04 ----A---- C:\WINDOWS\setuplog.txt
2008-09-23 21:37:32 ----D---- C:\WINDOWS\system32\Setup
2008-09-23 21:37:32 ----D---- C:\WINDOWS\AppPatch
2008-09-23 21:37:31 ----D---- C:\WINDOWS\system32\wbem
2008-09-23 21:37:30 ----RSD---- C:\WINDOWS\Fonts
2008-09-23 21:36:29 ----D---- C:\WINDOWS\security
2008-09-23 21:35:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-23 21:34:45 ----D---- C:\Program Files\Messenger
2008-09-23 21:31:11 ----D---- C:\WINDOWS\WinSxS
2008-09-23 21:31:04 ----D---- C:\WINDOWS\network diagnostic
2008-09-23 21:31:04 ----D---- C:\WINDOWS\ime
2008-09-23 21:31:04 ----D---- C:\WINDOWS\Help
2008-09-23 21:30:51 ----D---- C:\WINDOWS\system32\usmt
2008-09-23 21:30:51 ----D---- C:\WINDOWS\system32\en-US
2008-09-23 21:30:48 ----D---- C:\WINDOWS\system32\bits
2008-09-23 21:30:48 ----D---- C:\WINDOWS\peernet
2008-09-23 21:30:48 ----D---- C:\Program Files\Movie Maker
2008-09-23 21:28:09 ----D---- C:\WINDOWS\system32\Restore
2008-09-23 21:28:09 ----D---- C:\WINDOWS\system32\npp
2008-09-23 21:28:07 ----D---- C:\WINDOWS\msagent
2008-09-23 21:28:05 ----D---- C:\WINDOWS\srchasst
2008-09-23 21:28:03 ----D---- C:\Program Files\NetMeeting
2008-09-23 21:28:02 ----D---- C:\WINDOWS\system32\Com
2008-09-23 21:27:59 ----D---- C:\Program Files\Windows NT
2008-09-23 21:27:59 ----D---- C:\Program Files\Windows Media Player
2008-09-23 21:27:59 ----D---- C:\Program Files\Outlook Express
2008-09-23 21:27:55 ----D---- C:\Program Files\Common Files\System
2008-09-23 21:27:35 ----D---- C:\WINDOWS\system32\oobe
2008-09-23 21:27:33 ----D---- C:\WINDOWS\system
2008-09-23 21:22:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-23 21:15:59 ----D---- C:\WINDOWS\EHome
2008-09-22 19:39:13 ----D---- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 bcgame;Nostromo HID Device Minidriver; C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-23 22821]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 bainigne;bainigne; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\bainigne.sys []
S1 flt;flt; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\flt.sys []
S1 gkhapfhdp;gkhapfhdp; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\gkhapfhdp.sys []
S1 glgwukb;glgwukb; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\glgwukb.sys []
S1 jrf;jrf; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\jrf.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\ep0xy\LOCALS~1\Temp\catchme.sys []
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-11-07 25502]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 uuhu;uuhu; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\uuhu.sys []
S3 vhndlqwivh;vhndlqwivh; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\vhndlqwivh.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ydzodmzw;ydzodmzw; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\ydzodmzw.sys []
S3 ztb;ztb; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\ztb.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-13 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-10-17 182928]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 378184]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-10-17 09:51:05
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Sound Recorder version 3.3.9-->"C:\Program Files\Absolute Sound Recorder\unins000.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ASUS Probe V2.24.10-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
AsusUpdate-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe
Call of Duty 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2630
Call of Duty 4: Modern Warfare-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7940
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
Excursion 9.5-->C:\WINDOWS\unvise32.exe C:\Excursion9.5\uninstal.log
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Half-Life 2: Deathmatch-->"C:\program files\steam\steam.exe" steam://uninstall/320
HijackThis 2.0.2-->"C:\Documents and Settings\ep0xy\Desktop\HijackThis.exe" /uninstall
HLSW v1.1.5-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
K-Lite Codec Pack 3.01 Basic-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech MouseWare 9.79 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->"C:\mIRC-TPG\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MultiMon TaskBar 2.1-->"C:\Program Files\MMTaskbar\unins000.exe"
Nostromo Array Programming Software-->MsiExec.exe /X{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
NVTweak-->MsiExec.exe /I{39D385DF-53BA-4792-BED3-68132EEB488F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sony Media Manager 2.0-->MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0-->MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoMach 4.0.4-->C:\Program Files\VideoMach-4.0.4\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
=====HijackThis Backups=====
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Player] C:\Documents and Settings\ep0xy\Application Data\Adobe\Player.exe
======Security center information======
AV: McAfee VirusScan
FW: McAfee Personal Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Any way of telling how long ive had this on my pc ?
Run by ep0xy at 2008-10-17 09:50:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (20%) free of 76 GB
Total RAM: 3071 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:03 AM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Excursion9.5\mIRC.ExCurSioN.exe
C:\mIRC-TPG\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\ep0xy\Local Settings\Temporary Internet Files\Content.IE5\2UWXLGLN\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\ep0xy.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 4456 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware SE Personal.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-04 582992]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Steam"=c:\program files\steam\steam.exe [2008-10-09 1410296]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear []
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2006-08-01 67112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe [2004-12-06 532480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
MultiMon Taskbar.lnk - C:\Program Files\MMTaskbar\MultiMon.exe
C:\Documents and Settings\ep0xy\Start Menu\Programs\Startup
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\ExcursionXBeta\mIRC.exe"="C:\ExcursionXBeta\mIRC.exe:*:Enabled:mIRC"
"C:\Documents and Settings\ep0xy\Local Settings\Temp\nskE9.tmp\utorrent.exe"="C:\Documents and Settings\ep0xy\Local Settings\Temp\nskE9.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\mIRC-TPG\mirc.exe"="C:\mIRC-TPG\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:hlsw"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\dirtstarEmail Removed\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\dirtstarEmail Removed\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\[email protected]\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\[email protected]\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\roundnycEmail Removed\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\roundnycEmail Removed\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\opposing force\hl.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\opposing force\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\redrockEmail Removed\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\redrockEmail Removed\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Excursion9.5\mIRC.ExCurSioN.exe"="C:\Excursion9.5\mIRC.ExCurSioN.exe:*:Enabled:mIRC"
"C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe"="C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe:*:Enabled:iw3mp"
"C:\World of Warcraft\Repair.exe"="C:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\age of chivalry\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\age of chivalry\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\diprip warm up\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\diprip warm up\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\nihilistpropaganda\insurgency\hl2.exe"="C:\Program Files\Steam\steamapps\nihilistpropaganda\insurgency\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\call of duty 2\CoD2MP_s.exe"="C:\Program Files\Steam\steamapps\common\call of duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2008-10-17 09:50:59 ----D---- C:\rsit
2008-10-17 00:32:12 ----A---- C:\HaxFix.txt
2008-10-16 23:58:35 ----D---- C:\Documents and Settings\ep0xy\Application Data\Malwarebytes
2008-10-16 23:58:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 23:58:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-16 23:13:46 ----A---- C:\HaxFix.exe
2008-10-16 23:13:45 ----D---- C:\HaxFix
2008-10-16 20:10:39 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-16 20:10:39 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-16 19:57:13 ----D---- C:\Program Files\Trend Micro
2008-10-15 09:23:24 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-14 15:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 15:34:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 15:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 15:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 15:34:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-24 17:50:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-23 21:38:01 ----D---- C:\WINDOWS\Prefetch
2008-09-23 21:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-23 21:35:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-23 21:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-23 21:35:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-23 21:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-23 21:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-23 21:35:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-23 21:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-23 21:34:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-23 21:34:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-23 21:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-23 21:30:50 ----D---- C:\WINDOWS\system32\scripting
2008-09-23 21:30:49 ----D---- C:\WINDOWS\l2schemas
2008-09-23 21:30:48 ----D---- C:\WINDOWS\system32\en
2008-09-22 19:56:57 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-22 19:56:56 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-22 19:56:55 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-22 19:56:55 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-22 19:56:49 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-22 19:56:49 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-22 19:56:42 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-22 19:56:39 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-22 19:56:38 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-22 19:56:37 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-22 19:56:36 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-22 19:56:36 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-22 19:56:36 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-22 19:56:35 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-22 19:56:33 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-22 19:56:28 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-22 19:56:28 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-22 19:56:28 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-22 19:56:27 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-22 19:56:27 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-22 19:56:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-22 19:56:26 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-22 19:56:19 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-22 19:56:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-22 19:56:19 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-22 19:56:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-22 19:56:12 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-22 19:56:12 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-22 19:56:11 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-22 19:56:11 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-22 19:56:11 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-22 19:56:11 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-22 19:56:02 ----A---- C:\WINDOWS\005417_.tmp
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-22 19:56:01 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-22 19:55:59 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-22 19:55:58 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-22 19:55:58 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-22 19:55:58 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-22 19:55:56 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-22 19:55:53 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-22 19:55:52 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-22 19:55:46 ----N---- C:\WINDOWS\system32\aaclient.dll
======List of files/folders modified in the last 1 months======
2008-10-17 09:26:29 ----D---- C:\Program Files\Steam
2008-10-17 09:26:22 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-10-17 09:25:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-17 09:02:08 ----D---- C:\WINDOWS\Temp
2008-10-17 01:06:52 ----D---- C:\mIRC-TPG
2008-10-17 01:05:22 ----D---- C:\WINDOWS\system32
2008-10-17 01:05:04 ----D---- C:\WINDOWS\system32\drivers
2008-10-17 01:04:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-17 00:32:22 ----D---- C:\WINDOWS
2008-10-16 23:58:30 ----RD---- C:\Program Files
2008-10-16 21:41:18 ----D---- C:\Program Files\HLSW
2008-10-16 21:09:25 ----SHD---- C:\Config.Msi
2008-10-16 21:02:24 ----D---- C:\Program Files\Mozilla Firefox
2008-10-16 20:49:28 ----D---- C:\Excursion9.5
2008-10-16 20:16:58 ----SHD---- C:\WINDOWS\Installer
2008-10-16 20:16:18 ----D---- C:\Program Files\Lavasoft
2008-10-16 20:15:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 20:14:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 19:28:08 ----D---- C:\Documents and Settings\ep0xy\Application Data\Adobe
2008-10-15 12:44:46 ----D---- C:\World of Warcraft
2008-10-14 15:36:52 ----D---- C:\Program Files\Internet Explorer
2008-10-14 15:34:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-14 15:34:58 ----HD---- C:\WINDOWS\inf
2008-10-14 15:34:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-14 15:34:53 ----A---- C:\WINDOWS\imsins.BAK
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-25 13:48:22 ----D---- C:\Program Files\Winamp
2008-09-23 21:41:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-23 21:38:57 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-23 21:38:04 ----A---- C:\WINDOWS\setuplog.txt
2008-09-23 21:37:32 ----D---- C:\WINDOWS\system32\Setup
2008-09-23 21:37:32 ----D---- C:\WINDOWS\AppPatch
2008-09-23 21:37:31 ----D---- C:\WINDOWS\system32\wbem
2008-09-23 21:37:30 ----RSD---- C:\WINDOWS\Fonts
2008-09-23 21:36:29 ----D---- C:\WINDOWS\security
2008-09-23 21:35:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-23 21:34:45 ----D---- C:\Program Files\Messenger
2008-09-23 21:31:11 ----D---- C:\WINDOWS\WinSxS
2008-09-23 21:31:04 ----D---- C:\WINDOWS\network diagnostic
2008-09-23 21:31:04 ----D---- C:\WINDOWS\ime
2008-09-23 21:31:04 ----D---- C:\WINDOWS\Help
2008-09-23 21:30:51 ----D---- C:\WINDOWS\system32\usmt
2008-09-23 21:30:51 ----D---- C:\WINDOWS\system32\en-US
2008-09-23 21:30:48 ----D---- C:\WINDOWS\system32\bits
2008-09-23 21:30:48 ----D---- C:\WINDOWS\peernet
2008-09-23 21:30:48 ----D---- C:\Program Files\Movie Maker
2008-09-23 21:28:09 ----D---- C:\WINDOWS\system32\Restore
2008-09-23 21:28:09 ----D---- C:\WINDOWS\system32\npp
2008-09-23 21:28:07 ----D---- C:\WINDOWS\msagent
2008-09-23 21:28:05 ----D---- C:\WINDOWS\srchasst
2008-09-23 21:28:03 ----D---- C:\Program Files\NetMeeting
2008-09-23 21:28:02 ----D---- C:\WINDOWS\system32\Com
2008-09-23 21:27:59 ----D---- C:\Program Files\Windows NT
2008-09-23 21:27:59 ----D---- C:\Program Files\Windows Media Player
2008-09-23 21:27:59 ----D---- C:\Program Files\Outlook Express
2008-09-23 21:27:55 ----D---- C:\Program Files\Common Files\System
2008-09-23 21:27:35 ----D---- C:\WINDOWS\system32\oobe
2008-09-23 21:27:33 ----D---- C:\WINDOWS\system
2008-09-23 21:22:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-23 21:15:59 ----D---- C:\WINDOWS\EHome
2008-09-22 19:39:13 ----D---- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 bcgame;Nostromo HID Device Minidriver; C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-23 22821]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 bainigne;bainigne; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\bainigne.sys []
S1 flt;flt; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\flt.sys []
S1 gkhapfhdp;gkhapfhdp; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\gkhapfhdp.sys []
S1 glgwukb;glgwukb; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\glgwukb.sys []
S1 jrf;jrf; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\jrf.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\ep0xy\LOCALS~1\Temp\catchme.sys []
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-11-07 25502]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 uuhu;uuhu; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\uuhu.sys []
S3 vhndlqwivh;vhndlqwivh; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\vhndlqwivh.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ydzodmzw;ydzodmzw; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\ydzodmzw.sys []
S3 ztb;ztb; \??\C:\Documents and Settings\ep0xy\Desktop\wowglider\ztb.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-13 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-10-17 182928]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 378184]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-10-17 09:51:05
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Sound Recorder version 3.3.9-->"C:\Program Files\Absolute Sound Recorder\unins000.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ASUS Probe V2.24.10-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
AsusUpdate-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe
Call of Duty 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2630
Call of Duty 4: Modern Warfare-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7940
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
Excursion 9.5-->C:\WINDOWS\unvise32.exe C:\Excursion9.5\uninstal.log
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Half-Life 2: Deathmatch-->"C:\program files\steam\steam.exe" steam://uninstall/320
HijackThis 2.0.2-->"C:\Documents and Settings\ep0xy\Desktop\HijackThis.exe" /uninstall
HLSW v1.1.5-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
K-Lite Codec Pack 3.01 Basic-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech MouseWare 9.79 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->"C:\mIRC-TPG\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MultiMon TaskBar 2.1-->"C:\Program Files\MMTaskbar\unins000.exe"
Nostromo Array Programming Software-->MsiExec.exe /X{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
NVTweak-->MsiExec.exe /I{39D385DF-53BA-4792-BED3-68132EEB488F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sony Media Manager 2.0-->MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0-->MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoMach 4.0.4-->C:\Program Files\VideoMach-4.0.4\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
=====HijackThis Backups=====
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Player] C:\Documents and Settings\ep0xy\Application Data\Adobe\Player.exe
======Security center information======
AV: McAfee VirusScan
FW: McAfee Personal Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Any way of telling how long ive had this on my pc ?
7
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 17, 2008, 07:37:42 AM »
Everything seems to berunning great! Was the malware that program found a key logger? Or just a ad spammer. What did it do?
Again Thanks soo much questolo!
Again Thanks soo much questolo!
8
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 16, 2008, 11:31:35 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:06 AM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Excursion9.5\mIRC.ExCurSioN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\mIRC-TPG\mirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4187 bytes
Scan saved at 1:07:06 AM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Excursion9.5\mIRC.ExCurSioN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\mIRC-TPG\mirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4187 bytes
9
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 16, 2008, 11:25:55 PM »
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 3
10/17/2008 12:58:32 AM
mbam-log-2008-10-17 (00-58-32).txt
Scan type: Full Scan (C:\|)
Objects scanned: 129720
Time elapsed: 56 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\gzipmod.dll (Rootkit.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gzipmod (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\gzipmod.dll (Trojan.Agent) -> Delete on reboot.
Database version: 1276
Windows 5.1.2600 Service Pack 3
10/17/2008 12:58:32 AM
mbam-log-2008-10-17 (00-58-32).txt
Scan type: Full Scan (C:\|)
Objects scanned: 129720
Time elapsed: 56 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\gzipmod.dll (Rootkit.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gzipmod (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\gzipmod.dll (Trojan.Agent) -> Delete on reboot.
10
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 16, 2008, 09:48:19 PM »
checking iexplore.exe
iexplore.exe is not infected
--- Checking for other Goldun, Spybanker and Haxdoor files ---
no other Haxdoor or Goldun files found
--- Catchme logfile - thank you Gmer ---
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 23:15:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager]
"PendingFileRenameOperations"=str(7):"\x6264\2\x04d8ee\0\xffe0\xffff\xe4e8d\xebb0d\xe2c8d\xe2f0d\xffc0d\x1378e\xfd30d\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\xfb38d\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xebd0d\x1e8\0\xffff\xffff\0\0\0\0\26\0F\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372lde\xffd8\xffff\x6b76\nF\0\x0100e\2\0\1o\x6553\x7672\x6369\x4465\x6c6ce D\xffb0\xffff%SystemRoot%\system32\schedsvc.dll\0\0Au\xffd8\xffff\x6b76\v"\0\x0178e\1\0\1c\x6553\x7672\x6369\x4d65\x6961nMa\xffd8\xffffSchedServiceMain\0n\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\xfb38d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfdb0d\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x0218e\3\0\1\20\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffe8\xffff\x686c\2xe\xea98\x6e7f\x01a0e\xe2d0\xe465\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\xe7d0^\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfff0d\xe588E\xffff\xffff\0\0\0\0\22\0V\0\xf5\0\b\0\x6353\x6973\x6f50\x7472\xffd8\xffff\x6b76\tV\0\x0360e\2\0\1W\x6d49\x6761\x5065\x7461hs S\xffa0\xffff%SystemRoot%\system32\drivers\scsiport.sys\0 Pr\xffa8\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\1\0\1\0\x04e8e\x7ff0\x8000\6\0\x3560`\x1e8\0\xffff\xffff\22\0\0\0\30\08\0\xf6\0\6\0\x6553\x6463\x7672\0\xffe0\xffff\x6b76\4\4\x8000\1\0\4\0\1g\x7954\x6570SS\xffd8\xffff\x6b76\17 \0\x27f8e\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xff88\xffffProvides automatic configuration for the 802.11 adapters\0\0\xfff0\xffff\xe020h\x6020i\0o\xfff0\xffff\x686c\1\x05b0e\xe2d0\xe465\xfff8\xffff\x0c58e\xff70\xffff\??\C:\Documents and Settings\ep0xy\Desktop\wowglider\vhndlqwivh.sys\0\x6369\xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\1r\x7453\x7261tv\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x03c0e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfff8d\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x0628e\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x19d\2\x101\0\0\x500\4\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffa8\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\2\0\1\0\x0d10e\x8128\x8000\a\0\xf720b\x1e8\0\xffff\xffff\26\0\0\0\30\0\x1bc\0\xf7\0\b\0\x6573\x6c63\x676f\x6e6f\xffd0\xffff\xd50`\xd70`\xdea0c\xdec8c\xfd58d\x0438e\x1c58e\x0948e\x0e48e\x08e0e2\\xffd0\xffff\x2d00[\x2fa8[\x2390d\x28c8d\x27c8d\x2228d\x16b0e\xfd80d\x2780d\x0908e\0o\xffd8\xffff192.168.1.1\000255\0\0\0\xffe0\xffff\x6b76\1\20\0\x4f10d\1\0\1\0000\0\0\0\xffe8\xffffVLAN Id\0\0\0\xffc8\xffff\x3d10'\x8588'\x7ad0'\x7390'\x7af8'\x7270'\x72d0'\x72f8'\xcfd8'\xce40'\xcd50'\xe640\34\x2870e\20\0\xe240g\xe2c0g\xe2e8g\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\x0f70e\xffff\xffff\3\0\x53c8$\xe588E\xffff\xffff\n\0\0\0\22\0\32\0\3\0\a\0\x7445\x5668\x414cN\xffd8\xffff\x6b76\t\32\0\x1ba0e\1\0\1\x72e1\x6150\x6172\x446d\x7365\x9e63"\x711b\xd760\xffd8\xffff\x5180\1\0\0\0\0\2\0 S\1\0\xea60\0\1\0\xea60\0\xffd8\xffff\x6b76\v\x272\0\xa8g\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xffd8\xffff\x6b76\vr\0\x0460e\1\0\1\xffff\x6544\x6373\x6972\x7470\x6f69nX\0\xffe8\xffff\x2500e\x2540e\x2560e\x2580e\x25a0e\xffd8\xffff\x6b76\n\30\0\x28f8e\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xff90\xffffMonitors system security settings and configurations.\0\xffd8\xffff\xd90`\xdb0`\x1bb0b\x1bd8b\x2340d\x2258d\xfd30d\x28c8eua\xffa8\xffff\x6b6e \x3144\xf343\x2ff4\x1c9\0\0\xe7d0^\1\0\1\0\x7820>\x9410\x8000\a\0\x28a8d\x1e8\0\xffff\xffff\22\0\0\0\30\0V\0\x119\0\6\0\x6d74\x6f63\x6d6dn \0\x6b76\b\b\0\x8f58Y\3\0\1\x6cb8\x3031\x4232\x3530\x3032\xffc0\xffffRemote Access IP ARP Driver\0\0\0\xffe8\xffffDisable\0\0\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x06d8e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xef48d\x1e8\0\xffff\xffff\0\0\0\0\26\0F\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\0\xffd8\xffff\x6b76\nF\0\x0b60e\2\0\1L\x6553\x7672\x6369\x4465\x6c6c003\xffb0\xffff%SystemRoot%\System32\seclogon.dll\0\nHK\xffd8\xffff\x6b76\v$\0\x0bd8e\1\0\1\0\x6553\x7672\x6369\x4d65\x6961\xe16e\24\0\xffd8\xffffSvcEntry_Seclogon\0\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x06d8e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x04f8e\xf278E\xffff\xffff\0\0\0\0\20\0\x90\0\1\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x0c78e\3\0\1e\x6553\x7563\x6972\x7974\xff68\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0A\xffe8\xffff\x686c\2\x0ad8e\xea98\x6e7f\x0c00e\xe2d0\xe465\xffa8\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\2\0\1\0\x1308e\x8240\x8000\t\0\x1980c\x1e8\0\xffff\xffff\26\0\0\0\36\0\x100\0\xf8\0\4\0\x4553\x534eib\xffe0\xffff\x6b76\4\n\0\x7e30$\1\0\1\0\x7974\x6570\0\0\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x0838e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x8fd0$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\xffe0\xffff\x6b76\1\20\0\x8fe8d\1\0\1\0000\0\0\0\b\0\0\0\xffe0\xffffLocalSystem\0le\b\0\x0e48e\xffd8\xffff\x6b76\16$\0\x08b8e\3\0\1\0\x6146\x6c69\x7275\x4165\x7463\x6f69\x736e\0\20\0atm\0\0\0\xffa0\xffff\x6b76F\xc8\0\xcf0g\1\0\1^\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x535c\x6574\x6d61\x735c\x6574\x6d61\x7061\x7370\x625c\x6e75\x4067\x6179\x6379\x616c\x2e6e\x6f63\x5c6d\x6164\x2079\x666f\x6420\x6665\x6165\x5c74\x6c68\x652e\x6578\t\xff70\xffff\??\C:\Documents and Settings\ep0xy\Desktop\wowglider\ydzodmzw.sys\0\0\x686c\0\xfff0\xffff\x686c\1\x0da0e\x02457\xfff8\xffff\x1188e\xfff0\xffff\x686c\1\x1830e\xea98\x6e7f\xffc0\xffffSystem32\DRIVERS\wanarp.sys\0\0\0\20\0\xe478g\xe4b8g\0a\xfff8\xffff\x1250e\xfff0\xffff\x686c\1\x29a0e\x02457\x6268\x6e69\x1000e\x1000\0\0\0\0\0\0\0\0\0\0\0\xff70\xffffC:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui\0\xffe0\xffff\x6b76\3\4\x8000\1\0\4\0\1t\x6154gn \xffb0\xffffWindows Management Instrumentation\0\0\0\0\b\0\xb119\xe182\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x0d28e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0f80e\x1e8\0\xffff\xffff\0\0\0\0\24\0>\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\30\xffd8\xffff\x6b76\n>\0\x11b0e\2\0\1o\x6553\x7672\x6369\x4465\x6c6cppl\xffb8\xffff%SystemRoot%\system32\sens.dll\000280\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x0d28e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0fe8e\xf278E\xffff\xffff\0\0\0\0\20\0\x90\0\1\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x1270e\3\0\1w\x6553\x7563\x6972\x7974\xff68\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0b\0\xffe8\xffff\x686c\2\x1128e\xea98\x6e7f\x11f8e\xe2d0\xe465\xffa8\xffff\x6b6e \xe1ba\xf353\x2ff4\x1c9\0\0\xe7d0^\0\0\1\0\xffff\xffff\x170\x8001\a\0\x2e60c\x1e8\0\xffff\xffff\n\0\0\0\30\0:\0\xf9\0\a\0\x6573\x6572\x756em\xffd8\xffff\x6b76\v8\0\xf380d\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xffd0\xffff\x6b76\21\4\x8000\xe5cc\x48f7\4\0\1\0\x654c\x7361\x4f65\x7462\x6961\x656e\x5464\x6d69e\0\0\0\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x2fa0e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x50e0$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\xfff0\xffff\x686c\1\x3e10e\x02457\xfff8\xffff\x1f20e\xfff0\xffff002e\0\x29c4\xffc0\xffff\x40c0_\x40e8_\x2470`\x2378b\x23a0b\xe1b8c\xe220c\xe248c\x13a0e\xe200c\x2320d\x1c80e\x750\0\x1258\0s\\xffb0\xffff\x6b762\x92\0\x1950e\1\0\1o\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x475c\x6f6f\x6c67\x5c65\x6f47\x676f\x656c\x5420\x6c61\x5c6b\x6f67\x676f\x656c\x6174\x6b6c\x652e\x6578\0\x686c\0\xffe0\xffff\x6b76\1\16\0\x8e10d\1\0\1\0001\0\0\0\xffe8\xffffEnable\0\0\0\0\xffe0\xffff\x0418e\x0590e\x1a58e\x10b0e\x1e40e\x2380e\x2630e\xffa8\xffff\x6b6e \xe1ba\xf353\x2ff4\x1c9\0\0\xe7d0^\1\0\1\0\x0f88e\xffe8\x8000\f\0\x3288c\x1e8\0\xffff\xffff\26\0\0\0\36\08\0\xfa\0\6\0\x6553\x6972\x6c61\0\xffe0\xffff\x6b76\1\20\0\x0ac0e\1\0\1\0000\0\0\0\xffe0\xffff\x6b76\1\16\0\x1500e\1\0\1\0001\0\0\0\xffa0\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\x1428e\xffff\xffff\3\0\xb498$\xe588E\xffff\xffff\n\0\0\0\22\0,\0\6\0\r\0\x6f46\x6372\x5365\x6570\x6465\x7044x\0\xffd8\xffff\x6b76\t,\0\x1658e\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\xffd0\xffffSpeed/duplex settings\0\xffe0\xffff\x6b76\a\4\x80000\0\1\0\1\0\x6564\x6166\x6c75t\b\0\x3537\x3635\xffd8\xffff\x6b76\17\36\0\x2848e\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x35e0d\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x3310$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\b\0\0\0\xffa8\xffff\x6b6e \xc3b6\x1b17\x1de3\x1c9\0\0\x2a18e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xffe8d\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\xa990g\3\0\1\0\x6553\x7563\x6972\x7974\xff80\xffff\??\C:\Documents and Settings\ep0xy\Desktop\wowglider\ztb.sys\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x1538e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\0\0\0\0\0\0\0\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\x500\xffa8\xffff\x6b6e \xe2\xf907\x2ff4\x1c9\0\0\xe7d0^\0\0\1\0\xffff\xffff\xc578\x8001\6\0\x32e0c\x1e8\0\xffff\xffff\n\0\0\0\32\0\36\0\xfb\0\a\0\x6653\x6f6c\x7070y\xff98\xffff\x6b76P\xbe\0\x16e8g\1\0\1a\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x535c\x6574\x6d61\x735c\x6574\x6d61\x7061\x7370\x6e5c\x6869\x6c69\x7369\x7074\x6f72\x6170\x6167\x646e\x5c61\x6164\x2079\x666f\x6420\x6665\x6165\x2074\x6f73\x7275\x6563\x685c\x326c\x652e\x6578\xff68\xffffC:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk\0l\20\0\x8000\xc562\x1c0\x1c1\0\0\xffa0\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\4\0\1\0\x2f78e\x8350\x8000\t\0\x7710c\x1e8\0\xffff\xffff\26\0\0\0\36\0\x116\0\xfc\0\f\0\x6853\x7261\x6465\x6341\x6563\x7373ra\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1r\x7245\x6f72\x4372\x6e6f\x7274\x6c6ftw\xfee0\xffff\\?\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c041&Rev_4600&MI_00&HidFilt#8&211afbb7&0&00#{d21a038a-7762-4451-a518-d571b1a7a24a}\0X\xd020X\xffe0\xffffVLAN Support\0\0\xffe8\xffff\x25c0e\x3168e\x3278e\x3298e\x4070e\xffc0\xffffsystem32\DRIVERS\Wdf01000.sys\0\xffc0\xffffsystem32\drivers\wdmaud.sys\0\0\0\xffd8\xffff\x6b76\r\2\x8000\0\0\a\0\1\0\x6544\x6570\x646e\x6e4f\x7247\x756fp\0\xffd0\xffff\x6b76\23\4\x8000\x374c\x48f9\4\0\1\17\x654c\x7361\x5465\x7265\x696d\x616e\x6574\x5473\x6d69e\xfe18\17\b\0\xfe18\17\xffd8\xffff\x6b76\17\20\0\x1250[\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffa0\xffff\xc268 \xc320 \xc400 \x41306\x9698G\x408g\x488g\x4d28f\xd510f\x0860f\x0980f\x84f0d\xa538e\xa438e\xc490 \xa3d0_\x5020e\xc588 \x4d28\35\x4440\35\x1490e\x1490e\x6b76\17\xffc8\xffff\x6b76\34\4\x8000\0\0\4\0\1\x6e4f\x6944\x6173\x6c62\x2065\x6550\x6672\x726f\x616d\x636e\x2065\x6f43\x6e75\x6574\x7372\1\0\xffc8\xffff\x72b0'\x7aa8'\x7b20'\xccc8'\xd248'\xd270'\xd290'\xd2f0'\xd348'\xad48(\xd320'\x1d40e\x2630e\xffc8\xffff\x6b76\e\x4b40\0He\a\0\1\5\x6550\x646e\x6e69\x4667\x6c69\x5265\x6e65\x6d61\x4f65\x6570\x6172\x6974\x6e6fs\x6b76\r \0\x6b76\b\b\0\x9aa0Y\3\0\1\x13d5\x3031\x4232\x3530\x3132\xffe0\xffff\x6b76\a\4\x80000\0\1\0\1\0\x6564\x6166\x6c75t\xffe8\xffffDisable\0\0\0\xffd8\xffff\x6b76\t<\0\x1bd8e\2\0\1i\x6d49\x6761\x5065\x7461hide\xffa8\xffff\x6b6e \x3ac4\x18d0\x2ff5\x1c9\0\0\x19f8e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf1c0\\x1e8\0\xffff\xffff\0\0\0\0\n\0\4\0\0\0\5\0\x7045\x636fh4\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x19f8e\1\0\0\0\x31905\xffff\xffff\1\0\x1438e\x1e8\0\xffff\xffff\36\0\0\0\24\0F\0\1\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\0\xffd8\xffff\x6b76\nF\0\x1f48e\2\0\1\0\x6553\x7672\x6369\x4465\x6c6c\0\0\0\xffb0\xffff%SystemRoot%\System32\ipnathlp.dll\0\0\0\0\xffd8\xffff\x6b76\t\32\0\xa040d\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\xffc8\xffff\x6b76\35z\0\x21a0e\1\0\1\0\x7725\x6e69\x6964\x2572\x735c\x7379\x6574\x336d\x5c32\x6573\x7373\x676d\x2e72\x7865\x6565\x6544\b\0\x2380e\x6268\x6e69\x2000e\x1000\0\0\0\0\0\0\0\0\0\0\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x1ec0e\2\0\0\0\x1a70F\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff \0\0\0\0\0\0\0\0\0\16\0\x6946\x6572\x6177\x6c6c\x6f50\x696c\x7963\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2020e\1\0\0\0\x77d85\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff.\0\0\0\0\0\0\0\0\0\r\0\x6f44\x616d\x6e69\x7250\x666f\x6c69\xff65\xffff\xff98\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2080e\1\0\0\0\x40d06\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\n\0\0\0\0\0\0\0\0\0\26\0\x7541\x6874\x726f\x7a69\x6465\x7041\x6c70\x6369\x7461\x6f69\x736e\0\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x20e0e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x2300e\x1e8\0\xffff\xffff\0\0\0\0R\0\x92\0\0\0\4\0\x694c\x7473\0\0\xff80\xffff%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\0\e\xffb8\xffff\x6b76)\x92\0\x2268e\1\0\1\x4955\x7725\x6e69\x6964\x2572\x4e5c\x7465\x6f77\x6b72\x4420\x6169\x6e67\x736f\x6974\x5c63\x7078\x656e\x6474\x6169\x2e67\x7865e\0\x6b76\n\xff68\xffff%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\0}\xfff0\xffff\x1fc0e\x2220e\0\0\xfff0\xffff0017\0\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2020e\2\0\0\0\xd6c8E\xffff\xffff\2\0\xad28[\x1e8\0\xffff\xffff.\0\0\0(\0\4\0\1\0\17\0\x7453\x6e61\x6164\x6472\x7250\x666f\x6c69e\xffd8\xffff\x6b76\v\22\0\x51d8]\1\0\1e\x6944\x7073\x616c\x4e79\x6d61eal\xffe8\xffffEnable\0\0\0\0\xff98\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2320e\1\0\0\0\x17688\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\n\0\0\0\0\0\0\0\0\0\26\0\x7541\x6874\x726f\x7a69\x6465\x7041\x6c70\x6369\x7461\x6f69\x736e\0\xffa8\xffff\x6b6e \x4d1e\xb294\x2fe9\x1c9\0\0\x23c0e\0\0\0\0\xffff\xffff\xffff\xffff!\0\xa680\3\x1e8\0\xffff\xffff\0\0\0\0\xf0\0\x12e\0\0\0\4\0\x694c\x7473\x6b76\a\xffe0\xffff\x6b76\1\16\0\xdfe8d\1\0\1\0001\0\0\0\xffa0\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x0930e\xe588E\xffff\xffff\0\0\0\0\22\0\20\0\4\0\t\0\x7445\x5668\x414c\x494ed\0\0\0\xffd8\xffff\x6b76\t\20\0\x07d8e\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\20\0\xe980g\xea00g\xe6f0g\xfff8\xffff\x2f58e\xffe0\xffff\x6b76\a\4\x80001\0\1\0\1\0\x6564\x6166\x6c75t\xffe0\xffff\x6b76\4\n\0\x98e8$\1\0\1\0\x7974\x6570\0\0\xffe0\xffff\x6b76\3\4\x80001\0\1\0\1\0\x696dn\0\0\xffe0\xffff\x6b76\3\n\0\x91d8$\1\0\1\0\x616dx\0\0\xffe0\xffff\x6b76\1,\0\x25e0e\1\0\1\0000\0\0\0\xffd0\xffff1500 (Standard frame)\0\20\0\xeb98g\xebe0g\x686c\0\xfff0\xffff001B\0t\xffe0\xffff\x6b76\5\32\0\x2a70e\1\0\1v\x7247\x756fpu\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0X\0\x6b6e \x34e\x257e\x1de6\x1c9\0\0\x7b38^\0\0\0\0\xffff\xffff\xffff\xffff\4\0\x3968\20\xffff\xffff\xffff\xffff\0\0\0\0000\0\x86\0\0\0\a\0\x6f43\x746e\x6f72\x6c6c\xff98\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\x0ff0e\xffff\xffff\3\0\x9bf0$\xe588E\xffff\xffff\n\0\0\0\22\0000\0\5\0\22\0\x7445\x5768\x4c4f\x7246\x6d6f\x6f50\x6577\x4f72\x6666\0\0\0\xffc8\xffffWakeOnLAN From PowerOff\0\0\0\xffe8\xffffDisable\0\0\0000\0\x6b76\b\b\0\xa0b0Y\3\0\1\37\x3031\x4232\x3530\x3532\20\0\x8000\xc562\x1c0\x1c1\0\0\xffe8\xffffEnable\0\0\0\0\xffd8\xffff\x6b76\t8\0\x1c18e\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffd8\xffffRPCSS\0Eventlog\0\0\0\0\xffe0\xffff\x6b76\4\n\0\x4c30$\1\0\1\0\x7974\x6570\0\0\b\0\xaf18\35\xffd8\xffffRpcSs\0Ndisuio\0\0\1\0\17\xffd8\xffff\x6b76\t0\0\x2738e\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\b\00016\xffd8\xffff\x6b76\v^\0\xf2d8d\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffd8\xffff\x6b76\vl\0\x0970e\1\0\1\0\x6544\x6373\x6972\x7470\x6f69nys\b\0ys\xffe0\xffffLocalSystem\0\0\0\xffe8\xffffNVENETFD\0\0\xffd0\xffff\x44d0\35\x46b0\35\x43f0\35\x45c0\35\x4610\35\x4c50\35\x7558\37\xae98\37\x5880\e\x1b38!\x2320d\xffe0\xffff\x6b76\a\4\x80001\0\1\0\1\0\x6564\x6166\x6c75t\xffe0\xffff\x6b76\4\n\0\x9e20$\1\0\1\0\x7974\x6570\0\0\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x26d0e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xa4a0$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\xfff0\xffff0011\0\0\20\0\xa0e0i\xa258i\xa108i\xffa8\xffff\x6b6e \x3144\xf343\x2ff4\x1c9\0\0\xe7d0^\1\0\1\0\x16c0B\xa190\x8000\a\0\x1518e\x1e8\0\xffff\xffff\22\0\0\0\30\0<\0\x131\0\b\0\x6457\x3066\x3031\x3030\xffe0\xffffWdfLoadGroup\0o\xffc8\xffffNT AUTHORITY\LocalService\0\xff98\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2320e\1\0\0\0\x19308\xffff\xffff\0\0\xffff\xffff\xe588E\xffff\xffff\n\0\0\0\0\0\0\0\1\0\21\0\x6c47\x626f\x6c61\x796c\x704f\x6e65\x6f50\x7472stsv\xffa8\xffff\x6b6e \xdbca\xf6ff\x2ecd\x1c9\0\0\x2ac8e\0\0\0\0\xffff\xffff\xffff\xffff\6\0\xec00+\xe588E\xffff\xffff\0\0\0\0\20\0v\0\0\0\4\0\x694c\x7473on\xffe0\xffff\x6b76\bf\0\x2ba8e\1\0\1'\x3931\x3030\x553a\x5044\xff90\xffff1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007\0itl\xffe0\xffff\x6b76\bf\0\x2c38e\1\0\1p\x3832\x3936\x543a\x5043\xff90\xffff2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008\0\0\x6b76\5\xffe0\xffff\x6b76\ad\0\x2cc8e\1\0\1\r\x3331\x3a39\x4354P\xff98\xffff139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004\0\xffe0\xffff\x6b76\ad\0\x2d50e\1\0\1r\x3434\x3a35\x4354P\xff98\xffff445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005\0\xffe8\xffffMicrosoft\0\xffe0\xffff\x6b76\ad\0\x2df0e\1\0\1s\x3331\x3a37\x4455P\xff98\xffff137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001\0\xffe0\xffff\x6b76\ad\0\x2e78e\1\0\1\0\x3331\x3a38\x4455\x6e50\xff98\xffff138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002\0\xffe0\xffff\x6b76\a\4\x80001\0\1\0\1\0\x6564\x6166\x6c75t\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x19f8e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x2538e\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\2\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\x3020e\3\0\1\0\x6553\x7563\x6972\x7974\xffd8\xffff\x686c\4\x1e68e\xbe73\x7f4\x1ec0e\xea98\x6e7f\x2f00e\xe2d0\xe465\x1588\0\xb881\x97c\xffa0\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\xf368d\xffff\xffff\3\0\x35a8$\xe588E\xffff\xffff\n\0\0\0\22\0\32\0\2\0\16\0\x7445\x4668\x6f6c\x4377\x6e6f\x7274\x6c6f\0\x6268\x6e69\x3000e\x1000\0\0\0\0\0\0\0\0\0\0\0\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffc8\xffffJumbo Frame Payload Size\0\0\xffa8\xffff\x6b6e \x55b2\x1a67\x1de3\x1c9\0\0\xa4b8e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x2eb8%\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\b\0\x5fb8e\xffe0\xffff\x6b76\1\n\0\xcc68$\1\0\1\0001\0\0\0\xfff0\xffff\x686c\1\x3220e\x02457\xffa0\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\2\0\1\0\x36d8e\x8470\x8000\t\0\x82c8c\x1e8\0\xffff\xffff\26\0\0\0\36\0Z\0\xfd\0\20\0\x6853\x6c65\x486c\x4457\x7465\x6365\x6974\x6e6f \0\x6b76\b\b\0\xa228Y\3\0\1\x1fc2\x3031\x4544\x3130\x3030\xfff8\xffff\x3608e\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x4ee0e\0\0\0\0\xffff\xffff\xffff\xffff\4\0\x1bc0e\xe588E\xffff\xffff\0\0\0\0\2\0,\0\0\0\4\0\x6e65\x6d75\0\0\xffe0\xffff\x6b76\1\n\0\xce00$\1\0\1\0002\0\0\0\xffe0\xffff\x6b76\1\n\0\xd3c8$\1\0\1\0003\0\0\0\xfff0\xffff\x686c\1\x3f48e\x02457\xfff8\xffff\x55d0e\xffe0\xffff\x6b76\5\32\0\x6090e\1\0\1\0\x7247\x756f\x4d70e\xfff0\xffff\x34c8e\x3538e\x3240e\xfff8\xffff\x39b8e\xff30\xffffC:\Program Files\Steam\steamapps\roundnycEmail Removed\day of defeat\hl.exe:*:Enabled:Half-Life Launcher\0\0\0\30\0\x686c\0\xba58h\xe141\xc736\xba58h\xe141\xc736\xffd8\xffff\xd3d8$\xe90+\x26a84\x27904\x40e0e\x3b00e\x3fe0e\x4110e\x5650e\xffd0\xffffFull autonegotiation\0\0\xfff0\xffff\x686c\1\x97d0e\x02457\xfff0\xffff\x686c\1\x9750e\xe2d0\xe465\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x3198e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x32f0e\x1e8\0\xffff\xffff\0\0\0\0\26\0B\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\0\xffd8\xffff\x6b76\nB\0\x34f0e\2\0\1\0\x6553\x7672\x6369\x4465\x6c6c\0\0\0\xffb8\xffff%SystemRoot%\System32\shsvcs.dll\0\0\xffd8\xffff\x6b76\v:\0\x3560e\1\0\1\0\x6553\x7672\x6369\x4d65\x6961n\0\0\xffc0\xffffHardwareDetectionServiceMain\0\0\xfff0\xffff\x686c\1\x3958e\xea98\x6e7f\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x3198e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3218e\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\x3628e\3\0\1\20\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffe8\xffff\x686c\2\x3468e\xea98\x6e7f\x35b0e\xe2d0\xe465\xffa8\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\xe7d0^\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x37e8e\x1e8\0\xffff\xffff\0\0\0\0\30\0\16\0\xfe\0\6\0\x6953\x626d\x6461a\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\24\0\xffe0\xffff\x6b76\5\16\0\x3790e\1\0\1\0\x7247\x756fp\0\xffe8\xffffFilter\0\3\xd0c0\3\xffe0\xffff\x6b76\5\4\x8000\4\0\4\0\1\0\x7453\x7261t\0\xffe0\xffff\x6b76\3\4\x8000\1\0\4\0\1\x500\x6154g\0\30\xffe8\xffff\x3748e\x3770e\x37a8e\x37c8e\x3800e\xffe0\xffff\x6b76\4\4\x8000\1\0\4\0\0017\x7954\x6570c,\xffa8\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\xe7d0^\1\0\0\0\x35a0e\xffff\xffff\5\0\x3920e\x1e8\0\xffff\xffff\26\0\0\0\30\0\34\0\xff\0\a\0\x7053\x7261\x6f72w\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\x624f\x7153\xffe0\xffff\x6b76\5\34\0\x38c0e\1\0\1\0\x7247\x756fp\0\xffe0\xffffSCSI miniport\0\xffe0\xffff\x6b76\5\4\x8000\4\0\4\0\1\0\x7453\x7261t\0\xffe0\xffff\x6b76\3\4\x8000\a\0\4\0\1,\x6154g,9\xffe8\xffff\x3878e\x38a0e\x38e0e\x3900e\x3938e\xffe0\xffff\x6b76\4\4\x8000\1\0\4\0\1\\x7954\x6570 \xffa0\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3820e\1\0\0\0\x3a70e\xffff\xffff\1\0\x3300e\x1e8\0\xffff\xffff\32\0\0\0,\0\4\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\0\xffd0\xffff\x6b76\26\4\x8000\0\0\4\0\0010\x654c\x6167\x7963\x6441\x7061\x6574\x4472\x7465\x6365\x6974\x6e6fV\xffa0\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3958e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3a68e\x1e8\0\xffff\xffff\0\0\0\0\2\0\4\0\0\0\f\0\x6e50\x4970\x746e\x7265\x6166\x6563Co\xffe0\xffff\x6b76\1\4\x8000\1\0\4\0\1W1,"c\xfff8\xffff\x3a48e\xfff0\xffff\x686c\1\x39e8e\x5aa7\x6bea\xffa8\xffff\x6b6e \xc90e\x7c2\x2ff5\x1c9\0\0\xe7d0^\1\0\1\0\x3b20e\x2490\x8002\5\0\xf570\\x1e8\0\xffff\xffff\22\0\0\0\30\0@\0\x100\0\b\0\x7073\x696c\x7474\x7265 \0\x6b76\b\b\0\x9b60Y\3\0\1`\x3335\x3333\x3139\x3230\xfff8\xffff\x3ca0e\xffe0\xffff\x6b76\b\4\x8000\4\0\4\0\1\17\x7044\x4969\x646e\x7865\xfff0\xffff\x686c\1\x3c48e\xe2d0\xe465\xff98\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\x32b8e\xffff\xffff\3\0\xcd38$\xe588E\xffff\xffff\n\0\0\0\22\0006\0\b\0\26\0\x6f4c\x5077\x776f\x7265\x7453\x7461\x4c65\x6e69\x536b\x6570\x6465\0\xffd8\xffff\x6b76\t6\0\x3bc0e\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\xffc0\xffffLow Power State Link Speed\0\0\0\0\xffe0\xffff\x6b76\a\4\x80001\0\1\0\1\0\x6564\x6166\x6c75t\b\0\x6360e\xffe0\xffff\x6b76\a\n\0\x4440e\1\0\1e\x6553\x7672\x6369e\xffa8\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3a80e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3af8e\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\x3cc0e\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffa8\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\3\0\1\0\x4568e\x8598\x8000\n\0\x7d10c\x1e8\0\xffff\xffff\30\0\0\0\36\0T\0\x101\0\a\0\x7053\x6f6f\x656cr\xffe0\xffff\x6b76\4\n\0\xba30$\1\0\1\0\x7974\x6570\0\0\xfff0\xffff\x3000\0\x2000\0ST\xfff0\xffff\x686c\1\x5e90e#\0\xfff8\xffff\x44b0e\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x15d0e\0\0\0\0\xffff\xffff\xffff\xffff\n\0\x4a88e\xe588E\xffff\xffff\0\0\0\0\2\0002\0\0\0\4\0\x6e65\x6d75\0\0\xffe8\xffffms_psched\0\20\0\xa3c0i\xa3e8i\0\0\xffc8\xffffAutonegotiate for 100FD\0\0\0\xffe0\xffff\x6b76\0012\0\x4a50e\1\0\1\09\0\0\0\xffe0\xffff\x6b76\a\4\x80000\0\1\0\1\0\x6564\x6166\x6c75t\xfff8\xffff\x5938e\xffe8\xffffPerfClose\0\xffe0\xffff\x6b76\4\n\0\xec90$\1\0\1\0\x7974\x6570\0\0\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x3b30e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xf4a0$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\xffe0\xffff\x6b76\1\20\0\x1e28e\1\0\1\0000\0\0\0\xfff0\xffff0019\0\0\20\0\x8000\xc562\x1c0\x1c1\x4e64\x29c4\xffe0\xffff\x6b76\5\4\x8000\xb33\0\4\0\1.\x7053\x6565d\x6e61\x6268\x6e69\x4000e\x1000\0\0\0\0\0\0\0\0\0\0\0\xffe0\xffff\x6b76\1,\0\x4040e\1\0\1\0003\0\0\0\xffd0\xffffForce 100 Half Duplex\0\xffe0\xffff\x6b76\1,\0\x5838e\1\0\1\0004\0\0\0(\0\x6b76\4\x468\0\xb248g\n\0\1\0\x6f52\x746f\xe458\5\b\0\x3b98e\xffe0\xffff\x6b76\5\24\0\x3f10e\1\0\1\0\x6c43\x736fe\0\xfff8\xffff\x4820e\xffd0\xffff\x6b76\22\4\x8000\0\0\4\0\1a\x7250\x636f\x7365\x6973\x676e\x6944\x6173\x6c62\x6465\0\x6b76\16\xffe0\xffff\x6b76\6\4\x8000\xb33\0\4\0\1\x6976\x7053\x6565\x5964g\xffa0\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3d70e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\0\0\0\0\0\0\0\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372ll \xffa0\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3d70e\0\0\0\0\xffff\xffff\xffff\xffff\v\0\x4410e\x1e8\0\xffff\xffff\0\0\0\0*\0\32\0\1\0\v\0\x6550\x6672\x726f\x616d\x636ee\0\0\xffe0\xffff\x6b76\a\30\0\x4210e\1\0\1\x500\x6f43\x6c6c\x6365t\xffe0\xffffPerfCollect\0\0\0\xfff0\xffff1450\0\3\xffd8\xffff\x6b76\17\4\x8000\x7d0\0\4\0\1.\x6f43\x6c6c\x6365\x2074\x6954\x656d\x756ft\xffe0\xffff\x6b76\a\32\0\x4288e\1\0\1C\x694c\x7262\x7261y\xffe0\xffffwinspool.drv\0n\xffe8\xffff\x7e77\x9db2\x3501\x1ad8\x82d9\x2b8a\x4405\x9634\0\0\xffd8\xffff\x6b76\v\n\0\x4230e\1\0\1\0\x624f\x656a\x7463\x4c20\x7369t\x101\0\xffe0\xffff\x6b76\4\22\0\x4308e\1\0\1\17\x704f\x6e65\0\x500\xffe8\xffffPerfOpen\0\0\xfff0\xffff\x6000\x99bd\x4f53\x1c2\0\0\xfff8\xffff\x52f0e\xfff8\xffff\x50c0e\xffd8\xffff\x6b76\f\4\x8000\xfa0\0\4\0\1h\x704f\x6e65\x5420\x6d69\x6f65\x7475wT\xffd0\xffff\x6b76\25\20\0\x42a8e\3\0\1\17\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x6e67\x7461\x7275\x5665\17\xffd8\xffff\x6b76\16\4\x8000\0\0\4\0\1\17\x6257\x6d65\x6441\x7061\x7453\x7461\x7375"\xffd8\xffff\x6b76\20\b\0\x4320e\3\0\1\0\x6257\x6d65\x6441\x7061\x6946\x656c\x6954\x656d\xffd8\xffff\x6b76\20\4\x8000\x3c00\2\4\0\1\0\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x657a\xffd0\xffff\x40b8e\x41f0e\x4240e\x4268e\x42c0e\x42e8e\x4340e\x4368e\x43c0e\x43e8e\x4398e\xfff0\xffffUdfs\0&\xfff8\xffff\x4db0e\xffa8\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3d70e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3e08e\xf278E\xffff\xffff\0\0\0\0\20\0\x90\0\2\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x44d0e\3\0\1E\x6553\x7563\x6972\x7974\xff68\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0io\xffd8\xffff\x686c\3\x4130e\xea98\x6e7f\x4190e\x436\x3087\x4458e\xe2d0\xe465\0\0\0\0\xff98\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\xe7d0^\1\0\0\0\x1d188\xffff\xffff\b\0\x48b0e\x7858C\xffff\xffff\22\0\0\0\36\0\xd6\0\x102\0\26\0\x5153\x414c\x6567\x746e\x5324\x4e4f\x5f59\x454d\x4944\x4d41\x5247y\xffe0\xffff\x6b76\4\4\x8000\20\0\4\0\1;\x7954\x6570\P\xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\1s\x7453\x7261ti\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1s\x7245\x6f72\x4372\x6e6f\x7274\x6c6fat\xffd8\xffff\x6b76\t\xd6\0\x4688e&#
iexplore.exe is not infected
--- Checking for other Goldun, Spybanker and Haxdoor files ---
no other Haxdoor or Goldun files found
--- Catchme logfile - thank you Gmer ---
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 23:15:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager]
"PendingFileRenameOperations"=str(7):"\x6264\2\x04d8ee\0\xffe0\xffff\xe4e8d\xebb0d\xe2c8d\xe2f0d\xffc0d\x1378e\xfd30d\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\xfb38d\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xebd0d\x1e8\0\xffff\xffff\0\0\0\0\26\0F\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372lde\xffd8\xffff\x6b76\nF\0\x0100e\2\0\1o\x6553\x7672\x6369\x4465\x6c6ce D\xffb0\xffff%SystemRoot%\system32\schedsvc.dll\0\0Au\xffd8\xffff\x6b76\v"\0\x0178e\1\0\1c\x6553\x7672\x6369\x4d65\x6961nMa\xffd8\xffffSchedServiceMain\0n\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\xfb38d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfdb0d\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x0218e\3\0\1\20\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffe8\xffff\x686c\2xe\xea98\x6e7f\x01a0e\xe2d0\xe465\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\xe7d0^\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfff0d\xe588E\xffff\xffff\0\0\0\0\22\0V\0\xf5\0\b\0\x6353\x6973\x6f50\x7472\xffd8\xffff\x6b76\tV\0\x0360e\2\0\1W\x6d49\x6761\x5065\x7461hs S\xffa0\xffff%SystemRoot%\system32\drivers\scsiport.sys\0 Pr\xffa8\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\1\0\1\0\x04e8e\x7ff0\x8000\6\0\x3560`\x1e8\0\xffff\xffff\22\0\0\0\30\08\0\xf6\0\6\0\x6553\x6463\x7672\0\xffe0\xffff\x6b76\4\4\x8000\1\0\4\0\1g\x7954\x6570SS\xffd8\xffff\x6b76\17 \0\x27f8e\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xff88\xffffProvides automatic configuration for the 802.11 adapters\0\0\xfff0\xffff\xe020h\x6020i\0o\xfff0\xffff\x686c\1\x05b0e\xe2d0\xe465\xfff8\xffff\x0c58e\xff70\xffff\??\C:\Documents and Settings\ep0xy\Desktop\wowglider\vhndlqwivh.sys\0\x6369\xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\1r\x7453\x7261tv\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x03c0e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfff8d\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x0628e\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x19d\2\x101\0\0\x500\4\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffa8\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\2\0\1\0\x0d10e\x8128\x8000\a\0\xf720b\x1e8\0\xffff\xffff\26\0\0\0\30\0\x1bc\0\xf7\0\b\0\x6573\x6c63\x676f\x6e6f\xffd0\xffff\xd50`\xd70`\xdea0c\xdec8c\xfd58d\x0438e\x1c58e\x0948e\x0e48e\x08e0e2\\xffd0\xffff\x2d00[\x2fa8[\x2390d\x28c8d\x27c8d\x2228d\x16b0e\xfd80d\x2780d\x0908e\0o\xffd8\xffff192.168.1.1\000255\0\0\0\xffe0\xffff\x6b76\1\20\0\x4f10d\1\0\1\0000\0\0\0\xffe8\xffffVLAN Id\0\0\0\xffc8\xffff\x3d10'\x8588'\x7ad0'\x7390'\x7af8'\x7270'\x72d0'\x72f8'\xcfd8'\xce40'\xcd50'\xe640\34\x2870e\20\0\xe240g\xe2c0g\xe2e8g\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\x0f70e\xffff\xffff\3\0\x53c8$\xe588E\xffff\xffff\n\0\0\0\22\0\32\0\3\0\a\0\x7445\x5668\x414cN\xffd8\xffff\x6b76\t\32\0\x1ba0e\1\0\1\x72e1\x6150\x6172\x446d\x7365\x9e63"\x711b\xd760\xffd8\xffff\x5180\1\0\0\0\0\2\0 S\1\0\xea60\0\1\0\xea60\0\xffd8\xffff\x6b76\v\x272\0\xa8g\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xffd8\xffff\x6b76\vr\0\x0460e\1\0\1\xffff\x6544\x6373\x6972\x7470\x6f69nX\0\xffe8\xffff\x2500e\x2540e\x2560e\x2580e\x25a0e\xffd8\xffff\x6b76\n\30\0\x28f8e\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xff90\xffffMonitors system security settings and configurations.\0\xffd8\xffff\xd90`\xdb0`\x1bb0b\x1bd8b\x2340d\x2258d\xfd30d\x28c8eua\xffa8\xffff\x6b6e \x3144\xf343\x2ff4\x1c9\0\0\xe7d0^\1\0\1\0\x7820>\x9410\x8000\a\0\x28a8d\x1e8\0\xffff\xffff\22\0\0\0\30\0V\0\x119\0\6\0\x6d74\x6f63\x6d6dn \0\x6b76\b\b\0\x8f58Y\3\0\1\x6cb8\x3031\x4232\x3530\x3032\xffc0\xffffRemote Access IP ARP Driver\0\0\0\xffe8\xffffDisable\0\0\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x06d8e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xef48d\x1e8\0\xffff\xffff\0\0\0\0\26\0F\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\0\xffd8\xffff\x6b76\nF\0\x0b60e\2\0\1L\x6553\x7672\x6369\x4465\x6c6c003\xffb0\xffff%SystemRoot%\System32\seclogon.dll\0\nHK\xffd8\xffff\x6b76\v$\0\x0bd8e\1\0\1\0\x6553\x7672\x6369\x4d65\x6961\xe16e\24\0\xffd8\xffffSvcEntry_Seclogon\0\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x06d8e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x04f8e\xf278E\xffff\xffff\0\0\0\0\20\0\x90\0\1\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x0c78e\3\0\1e\x6553\x7563\x6972\x7974\xff68\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0A\xffe8\xffff\x686c\2\x0ad8e\xea98\x6e7f\x0c00e\xe2d0\xe465\xffa8\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\2\0\1\0\x1308e\x8240\x8000\t\0\x1980c\x1e8\0\xffff\xffff\26\0\0\0\36\0\x100\0\xf8\0\4\0\x4553\x534eib\xffe0\xffff\x6b76\4\n\0\x7e30$\1\0\1\0\x7974\x6570\0\0\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x0838e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x8fd0$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\xffe0\xffff\x6b76\1\20\0\x8fe8d\1\0\1\0000\0\0\0\b\0\0\0\xffe0\xffffLocalSystem\0le\b\0\x0e48e\xffd8\xffff\x6b76\16$\0\x08b8e\3\0\1\0\x6146\x6c69\x7275\x4165\x7463\x6f69\x736e\0\20\0atm\0\0\0\xffa0\xffff\x6b76F\xc8\0\xcf0g\1\0\1^\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x535c\x6574\x6d61\x735c\x6574\x6d61\x7061\x7370\x625c\x6e75\x4067\x6179\x6379\x616c\x2e6e\x6f63\x5c6d\x6164\x2079\x666f\x6420\x6665\x6165\x5c74\x6c68\x652e\x6578\t\xff70\xffff\??\C:\Documents and Settings\ep0xy\Desktop\wowglider\ydzodmzw.sys\0\0\x686c\0\xfff0\xffff\x686c\1\x0da0e\x02457\xfff8\xffff\x1188e\xfff0\xffff\x686c\1\x1830e\xea98\x6e7f\xffc0\xffffSystem32\DRIVERS\wanarp.sys\0\0\0\20\0\xe478g\xe4b8g\0a\xfff8\xffff\x1250e\xfff0\xffff\x686c\1\x29a0e\x02457\x6268\x6e69\x1000e\x1000\0\0\0\0\0\0\0\0\0\0\0\xff70\xffffC:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui\0\xffe0\xffff\x6b76\3\4\x8000\1\0\4\0\1t\x6154gn \xffb0\xffffWindows Management Instrumentation\0\0\0\0\b\0\xb119\xe182\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x0d28e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0f80e\x1e8\0\xffff\xffff\0\0\0\0\24\0>\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\30\xffd8\xffff\x6b76\n>\0\x11b0e\2\0\1o\x6553\x7672\x6369\x4465\x6c6cppl\xffb8\xffff%SystemRoot%\system32\sens.dll\000280\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x0d28e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0fe8e\xf278E\xffff\xffff\0\0\0\0\20\0\x90\0\1\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x1270e\3\0\1w\x6553\x7563\x6972\x7974\xff68\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0b\0\xffe8\xffff\x686c\2\x1128e\xea98\x6e7f\x11f8e\xe2d0\xe465\xffa8\xffff\x6b6e \xe1ba\xf353\x2ff4\x1c9\0\0\xe7d0^\0\0\1\0\xffff\xffff\x170\x8001\a\0\x2e60c\x1e8\0\xffff\xffff\n\0\0\0\30\0:\0\xf9\0\a\0\x6573\x6572\x756em\xffd8\xffff\x6b76\v8\0\xf380d\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xffd0\xffff\x6b76\21\4\x8000\xe5cc\x48f7\4\0\1\0\x654c\x7361\x4f65\x7462\x6961\x656e\x5464\x6d69e\0\0\0\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x2fa0e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x50e0$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\xfff0\xffff\x686c\1\x3e10e\x02457\xfff8\xffff\x1f20e\xfff0\xffff002e\0\x29c4\xffc0\xffff\x40c0_\x40e8_\x2470`\x2378b\x23a0b\xe1b8c\xe220c\xe248c\x13a0e\xe200c\x2320d\x1c80e\x750\0\x1258\0s\\xffb0\xffff\x6b762\x92\0\x1950e\1\0\1o\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x475c\x6f6f\x6c67\x5c65\x6f47\x676f\x656c\x5420\x6c61\x5c6b\x6f67\x676f\x656c\x6174\x6b6c\x652e\x6578\0\x686c\0\xffe0\xffff\x6b76\1\16\0\x8e10d\1\0\1\0001\0\0\0\xffe8\xffffEnable\0\0\0\0\xffe0\xffff\x0418e\x0590e\x1a58e\x10b0e\x1e40e\x2380e\x2630e\xffa8\xffff\x6b6e \xe1ba\xf353\x2ff4\x1c9\0\0\xe7d0^\1\0\1\0\x0f88e\xffe8\x8000\f\0\x3288c\x1e8\0\xffff\xffff\26\0\0\0\36\08\0\xfa\0\6\0\x6553\x6972\x6c61\0\xffe0\xffff\x6b76\1\20\0\x0ac0e\1\0\1\0000\0\0\0\xffe0\xffff\x6b76\1\16\0\x1500e\1\0\1\0001\0\0\0\xffa0\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\x1428e\xffff\xffff\3\0\xb498$\xe588E\xffff\xffff\n\0\0\0\22\0,\0\6\0\r\0\x6f46\x6372\x5365\x6570\x6465\x7044x\0\xffd8\xffff\x6b76\t,\0\x1658e\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\xffd0\xffffSpeed/duplex settings\0\xffe0\xffff\x6b76\a\4\x80000\0\1\0\1\0\x6564\x6166\x6c75t\b\0\x3537\x3635\xffd8\xffff\x6b76\17\36\0\x2848e\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x35e0d\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x3310$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\b\0\0\0\xffa8\xffff\x6b6e \xc3b6\x1b17\x1de3\x1c9\0\0\x2a18e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xffe8d\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\xa990g\3\0\1\0\x6553\x7563\x6972\x7974\xff80\xffff\??\C:\Documents and Settings\ep0xy\Desktop\wowglider\ztb.sys\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x1538e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\0\0\0\0\0\0\0\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\x500\xffa8\xffff\x6b6e \xe2\xf907\x2ff4\x1c9\0\0\xe7d0^\0\0\1\0\xffff\xffff\xc578\x8001\6\0\x32e0c\x1e8\0\xffff\xffff\n\0\0\0\32\0\36\0\xfb\0\a\0\x6653\x6f6c\x7070y\xff98\xffff\x6b76P\xbe\0\x16e8g\1\0\1a\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x535c\x6574\x6d61\x735c\x6574\x6d61\x7061\x7370\x6e5c\x6869\x6c69\x7369\x7074\x6f72\x6170\x6167\x646e\x5c61\x6164\x2079\x666f\x6420\x6665\x6165\x2074\x6f73\x7275\x6563\x685c\x326c\x652e\x6578\xff68\xffffC:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk\0l\20\0\x8000\xc562\x1c0\x1c1\0\0\xffa0\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\4\0\1\0\x2f78e\x8350\x8000\t\0\x7710c\x1e8\0\xffff\xffff\26\0\0\0\36\0\x116\0\xfc\0\f\0\x6853\x7261\x6465\x6341\x6563\x7373ra\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1r\x7245\x6f72\x4372\x6e6f\x7274\x6c6ftw\xfee0\xffff\\?\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c041&Rev_4600&MI_00&HidFilt#8&211afbb7&0&00#{d21a038a-7762-4451-a518-d571b1a7a24a}\0X\xd020X\xffe0\xffffVLAN Support\0\0\xffe8\xffff\x25c0e\x3168e\x3278e\x3298e\x4070e\xffc0\xffffsystem32\DRIVERS\Wdf01000.sys\0\xffc0\xffffsystem32\drivers\wdmaud.sys\0\0\0\xffd8\xffff\x6b76\r\2\x8000\0\0\a\0\1\0\x6544\x6570\x646e\x6e4f\x7247\x756fp\0\xffd0\xffff\x6b76\23\4\x8000\x374c\x48f9\4\0\1\17\x654c\x7361\x5465\x7265\x696d\x616e\x6574\x5473\x6d69e\xfe18\17\b\0\xfe18\17\xffd8\xffff\x6b76\17\20\0\x1250[\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffa0\xffff\xc268 \xc320 \xc400 \x41306\x9698G\x408g\x488g\x4d28f\xd510f\x0860f\x0980f\x84f0d\xa538e\xa438e\xc490 \xa3d0_\x5020e\xc588 \x4d28\35\x4440\35\x1490e\x1490e\x6b76\17\xffc8\xffff\x6b76\34\4\x8000\0\0\4\0\1\x6e4f\x6944\x6173\x6c62\x2065\x6550\x6672\x726f\x616d\x636e\x2065\x6f43\x6e75\x6574\x7372\1\0\xffc8\xffff\x72b0'\x7aa8'\x7b20'\xccc8'\xd248'\xd270'\xd290'\xd2f0'\xd348'\xad48(\xd320'\x1d40e\x2630e\xffc8\xffff\x6b76\e\x4b40\0He\a\0\1\5\x6550\x646e\x6e69\x4667\x6c69\x5265\x6e65\x6d61\x4f65\x6570\x6172\x6974\x6e6fs\x6b76\r \0\x6b76\b\b\0\x9aa0Y\3\0\1\x13d5\x3031\x4232\x3530\x3132\xffe0\xffff\x6b76\a\4\x80000\0\1\0\1\0\x6564\x6166\x6c75t\xffe8\xffffDisable\0\0\0\xffd8\xffff\x6b76\t<\0\x1bd8e\2\0\1i\x6d49\x6761\x5065\x7461hide\xffa8\xffff\x6b6e \x3ac4\x18d0\x2ff5\x1c9\0\0\x19f8e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf1c0\\x1e8\0\xffff\xffff\0\0\0\0\n\0\4\0\0\0\5\0\x7045\x636fh4\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x19f8e\1\0\0\0\x31905\xffff\xffff\1\0\x1438e\x1e8\0\xffff\xffff\36\0\0\0\24\0F\0\1\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\0\xffd8\xffff\x6b76\nF\0\x1f48e\2\0\1\0\x6553\x7672\x6369\x4465\x6c6c\0\0\0\xffb0\xffff%SystemRoot%\System32\ipnathlp.dll\0\0\0\0\xffd8\xffff\x6b76\t\32\0\xa040d\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\xffc8\xffff\x6b76\35z\0\x21a0e\1\0\1\0\x7725\x6e69\x6964\x2572\x735c\x7379\x6574\x336d\x5c32\x6573\x7373\x676d\x2e72\x7865\x6565\x6544\b\0\x2380e\x6268\x6e69\x2000e\x1000\0\0\0\0\0\0\0\0\0\0\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x1ec0e\2\0\0\0\x1a70F\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff \0\0\0\0\0\0\0\0\0\16\0\x6946\x6572\x6177\x6c6c\x6f50\x696c\x7963\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2020e\1\0\0\0\x77d85\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff.\0\0\0\0\0\0\0\0\0\r\0\x6f44\x616d\x6e69\x7250\x666f\x6c69\xff65\xffff\xff98\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2080e\1\0\0\0\x40d06\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\n\0\0\0\0\0\0\0\0\0\26\0\x7541\x6874\x726f\x7a69\x6465\x7041\x6c70\x6369\x7461\x6f69\x736e\0\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x20e0e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x2300e\x1e8\0\xffff\xffff\0\0\0\0R\0\x92\0\0\0\4\0\x694c\x7473\0\0\xff80\xffff%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\0\e\xffb8\xffff\x6b76)\x92\0\x2268e\1\0\1\x4955\x7725\x6e69\x6964\x2572\x4e5c\x7465\x6f77\x6b72\x4420\x6169\x6e67\x736f\x6974\x5c63\x7078\x656e\x6474\x6169\x2e67\x7865e\0\x6b76\n\xff68\xffff%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\0}\xfff0\xffff\x1fc0e\x2220e\0\0\xfff0\xffff0017\0\0\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2020e\2\0\0\0\xd6c8E\xffff\xffff\2\0\xad28[\x1e8\0\xffff\xffff.\0\0\0(\0\4\0\1\0\17\0\x7453\x6e61\x6164\x6472\x7250\x666f\x6c69e\xffd8\xffff\x6b76\v\22\0\x51d8]\1\0\1e\x6944\x7073\x616c\x4e79\x6d61eal\xffe8\xffffEnable\0\0\0\0\xff98\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2320e\1\0\0\0\x17688\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\n\0\0\0\0\0\0\0\0\0\26\0\x7541\x6874\x726f\x7a69\x6465\x7041\x6c70\x6369\x7461\x6f69\x736e\0\xffa8\xffff\x6b6e \x4d1e\xb294\x2fe9\x1c9\0\0\x23c0e\0\0\0\0\xffff\xffff\xffff\xffff!\0\xa680\3\x1e8\0\xffff\xffff\0\0\0\0\xf0\0\x12e\0\0\0\4\0\x694c\x7473\x6b76\a\xffe0\xffff\x6b76\1\16\0\xdfe8d\1\0\1\0001\0\0\0\xffa0\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x0930e\xe588E\xffff\xffff\0\0\0\0\22\0\20\0\4\0\t\0\x7445\x5668\x414c\x494ed\0\0\0\xffd8\xffff\x6b76\t\20\0\x07d8e\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\20\0\xe980g\xea00g\xe6f0g\xfff8\xffff\x2f58e\xffe0\xffff\x6b76\a\4\x80001\0\1\0\1\0\x6564\x6166\x6c75t\xffe0\xffff\x6b76\4\n\0\x98e8$\1\0\1\0\x7974\x6570\0\0\xffe0\xffff\x6b76\3\4\x80001\0\1\0\1\0\x696dn\0\0\xffe0\xffff\x6b76\3\n\0\x91d8$\1\0\1\0\x616dx\0\0\xffe0\xffff\x6b76\1,\0\x25e0e\1\0\1\0000\0\0\0\xffd0\xffff1500 (Standard frame)\0\20\0\xeb98g\xebe0g\x686c\0\xfff0\xffff001B\0t\xffe0\xffff\x6b76\5\32\0\x2a70e\1\0\1v\x7247\x756fpu\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0X\0\x6b6e \x34e\x257e\x1de6\x1c9\0\0\x7b38^\0\0\0\0\xffff\xffff\xffff\xffff\4\0\x3968\20\xffff\xffff\xffff\xffff\0\0\0\0000\0\x86\0\0\0\a\0\x6f43\x746e\x6f72\x6c6c\xff98\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\x0ff0e\xffff\xffff\3\0\x9bf0$\xe588E\xffff\xffff\n\0\0\0\22\0000\0\5\0\22\0\x7445\x5768\x4c4f\x7246\x6d6f\x6f50\x6577\x4f72\x6666\0\0\0\xffc8\xffffWakeOnLAN From PowerOff\0\0\0\xffe8\xffffDisable\0\0\0000\0\x6b76\b\b\0\xa0b0Y\3\0\1\37\x3031\x4232\x3530\x3532\20\0\x8000\xc562\x1c0\x1c1\0\0\xffe8\xffffEnable\0\0\0\0\xffd8\xffff\x6b76\t8\0\x1c18e\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffd8\xffffRPCSS\0Eventlog\0\0\0\0\xffe0\xffff\x6b76\4\n\0\x4c30$\1\0\1\0\x7974\x6570\0\0\b\0\xaf18\35\xffd8\xffffRpcSs\0Ndisuio\0\0\1\0\17\xffd8\xffff\x6b76\t0\0\x2738e\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\b\00016\xffd8\xffff\x6b76\v^\0\xf2d8d\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffd8\xffff\x6b76\vl\0\x0970e\1\0\1\0\x6544\x6373\x6972\x7470\x6f69nys\b\0ys\xffe0\xffffLocalSystem\0\0\0\xffe8\xffffNVENETFD\0\0\xffd0\xffff\x44d0\35\x46b0\35\x43f0\35\x45c0\35\x4610\35\x4c50\35\x7558\37\xae98\37\x5880\e\x1b38!\x2320d\xffe0\xffff\x6b76\a\4\x80001\0\1\0\1\0\x6564\x6166\x6c75t\xffe0\xffff\x6b76\4\n\0\x9e20$\1\0\1\0\x7974\x6570\0\0\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x26d0e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xa4a0$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\xfff0\xffff0011\0\0\20\0\xa0e0i\xa258i\xa108i\xffa8\xffff\x6b6e \x3144\xf343\x2ff4\x1c9\0\0\xe7d0^\1\0\1\0\x16c0B\xa190\x8000\a\0\x1518e\x1e8\0\xffff\xffff\22\0\0\0\30\0<\0\x131\0\b\0\x6457\x3066\x3031\x3030\xffe0\xffffWdfLoadGroup\0o\xffc8\xffffNT AUTHORITY\LocalService\0\xff98\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x2320e\1\0\0\0\x19308\xffff\xffff\0\0\xffff\xffff\xe588E\xffff\xffff\n\0\0\0\0\0\0\0\1\0\21\0\x6c47\x626f\x6c61\x796c\x704f\x6e65\x6f50\x7472stsv\xffa8\xffff\x6b6e \xdbca\xf6ff\x2ecd\x1c9\0\0\x2ac8e\0\0\0\0\xffff\xffff\xffff\xffff\6\0\xec00+\xe588E\xffff\xffff\0\0\0\0\20\0v\0\0\0\4\0\x694c\x7473on\xffe0\xffff\x6b76\bf\0\x2ba8e\1\0\1'\x3931\x3030\x553a\x5044\xff90\xffff1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007\0itl\xffe0\xffff\x6b76\bf\0\x2c38e\1\0\1p\x3832\x3936\x543a\x5043\xff90\xffff2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008\0\0\x6b76\5\xffe0\xffff\x6b76\ad\0\x2cc8e\1\0\1\r\x3331\x3a39\x4354P\xff98\xffff139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004\0\xffe0\xffff\x6b76\ad\0\x2d50e\1\0\1r\x3434\x3a35\x4354P\xff98\xffff445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005\0\xffe8\xffffMicrosoft\0\xffe0\xffff\x6b76\ad\0\x2df0e\1\0\1s\x3331\x3a37\x4455P\xff98\xffff137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001\0\xffe0\xffff\x6b76\ad\0\x2e78e\1\0\1\0\x3331\x3a38\x4455\x6e50\xff98\xffff138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002\0\xffe0\xffff\x6b76\a\4\x80001\0\1\0\1\0\x6564\x6166\x6c75t\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x19f8e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x2538e\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\2\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\x3020e\3\0\1\0\x6553\x7563\x6972\x7974\xffd8\xffff\x686c\4\x1e68e\xbe73\x7f4\x1ec0e\xea98\x6e7f\x2f00e\xe2d0\xe465\x1588\0\xb881\x97c\xffa0\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\xf368d\xffff\xffff\3\0\x35a8$\xe588E\xffff\xffff\n\0\0\0\22\0\32\0\2\0\16\0\x7445\x4668\x6f6c\x4377\x6e6f\x7274\x6c6f\0\x6268\x6e69\x3000e\x1000\0\0\0\0\0\0\0\0\0\0\0\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffc8\xffffJumbo Frame Payload Size\0\0\xffa8\xffff\x6b6e \x55b2\x1a67\x1de3\x1c9\0\0\xa4b8e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x2eb8%\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\b\0\x5fb8e\xffe0\xffff\x6b76\1\n\0\xcc68$\1\0\1\0001\0\0\0\xfff0\xffff\x686c\1\x3220e\x02457\xffa0\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\2\0\1\0\x36d8e\x8470\x8000\t\0\x82c8c\x1e8\0\xffff\xffff\26\0\0\0\36\0Z\0\xfd\0\20\0\x6853\x6c65\x486c\x4457\x7465\x6365\x6974\x6e6f \0\x6b76\b\b\0\xa228Y\3\0\1\x1fc2\x3031\x4544\x3130\x3030\xfff8\xffff\x3608e\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x4ee0e\0\0\0\0\xffff\xffff\xffff\xffff\4\0\x1bc0e\xe588E\xffff\xffff\0\0\0\0\2\0,\0\0\0\4\0\x6e65\x6d75\0\0\xffe0\xffff\x6b76\1\n\0\xce00$\1\0\1\0002\0\0\0\xffe0\xffff\x6b76\1\n\0\xd3c8$\1\0\1\0003\0\0\0\xfff0\xffff\x686c\1\x3f48e\x02457\xfff8\xffff\x55d0e\xffe0\xffff\x6b76\5\32\0\x6090e\1\0\1\0\x7247\x756f\x4d70e\xfff0\xffff\x34c8e\x3538e\x3240e\xfff8\xffff\x39b8e\xff30\xffffC:\Program Files\Steam\steamapps\roundnycEmail Removed\day of defeat\hl.exe:*:Enabled:Half-Life Launcher\0\0\0\30\0\x686c\0\xba58h\xe141\xc736\xba58h\xe141\xc736\xffd8\xffff\xd3d8$\xe90+\x26a84\x27904\x40e0e\x3b00e\x3fe0e\x4110e\x5650e\xffd0\xffffFull autonegotiation\0\0\xfff0\xffff\x686c\1\x97d0e\x02457\xfff0\xffff\x686c\1\x9750e\xe2d0\xe465\xffa0\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x3198e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x32f0e\x1e8\0\xffff\xffff\0\0\0\0\26\0B\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\0\xffd8\xffff\x6b76\nB\0\x34f0e\2\0\1\0\x6553\x7672\x6369\x4465\x6c6c\0\0\0\xffb8\xffff%SystemRoot%\System32\shsvcs.dll\0\0\xffd8\xffff\x6b76\v:\0\x3560e\1\0\1\0\x6553\x7672\x6369\x4d65\x6961n\0\0\xffc0\xffffHardwareDetectionServiceMain\0\0\xfff0\xffff\x686c\1\x3958e\xea98\x6e7f\xffa8\xffff\x6b6e \x3a4e\x1b0e\x1de3\x1c9\0\0\x3198e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3218e\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\x3628e\3\0\1\20\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffe8\xffff\x686c\2\x3468e\xea98\x6e7f\x35b0e\xe2d0\xe465\xffa8\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\xe7d0^\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x37e8e\x1e8\0\xffff\xffff\0\0\0\0\30\0\16\0\xfe\0\6\0\x6953\x626d\x6461a\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\24\0\xffe0\xffff\x6b76\5\16\0\x3790e\1\0\1\0\x7247\x756fp\0\xffe8\xffffFilter\0\3\xd0c0\3\xffe0\xffff\x6b76\5\4\x8000\4\0\4\0\1\0\x7453\x7261t\0\xffe0\xffff\x6b76\3\4\x8000\1\0\4\0\1\x500\x6154g\0\30\xffe8\xffff\x3748e\x3770e\x37a8e\x37c8e\x3800e\xffe0\xffff\x6b76\4\4\x8000\1\0\4\0\0017\x7954\x6570c,\xffa8\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\xe7d0^\1\0\0\0\x35a0e\xffff\xffff\5\0\x3920e\x1e8\0\xffff\xffff\26\0\0\0\30\0\34\0\xff\0\a\0\x7053\x7261\x6f72w\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\x624f\x7153\xffe0\xffff\x6b76\5\34\0\x38c0e\1\0\1\0\x7247\x756fp\0\xffe0\xffffSCSI miniport\0\xffe0\xffff\x6b76\5\4\x8000\4\0\4\0\1\0\x7453\x7261t\0\xffe0\xffff\x6b76\3\4\x8000\a\0\4\0\1,\x6154g,9\xffe8\xffff\x3878e\x38a0e\x38e0e\x3900e\x3938e\xffe0\xffff\x6b76\4\4\x8000\1\0\4\0\1\\x7954\x6570 \xffa0\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3820e\1\0\0\0\x3a70e\xffff\xffff\1\0\x3300e\x1e8\0\xffff\xffff\32\0\0\0,\0\4\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372\0\0\0\xffd0\xffff\x6b76\26\4\x8000\0\0\4\0\0010\x654c\x6167\x7963\x6441\x7061\x6574\x4472\x7465\x6365\x6974\x6e6fV\xffa0\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3958e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3a68e\x1e8\0\xffff\xffff\0\0\0\0\2\0\4\0\0\0\f\0\x6e50\x4970\x746e\x7265\x6166\x6563Co\xffe0\xffff\x6b76\1\4\x8000\1\0\4\0\1W1,"c\xfff8\xffff\x3a48e\xfff0\xffff\x686c\1\x39e8e\x5aa7\x6bea\xffa8\xffff\x6b6e \xc90e\x7c2\x2ff5\x1c9\0\0\xe7d0^\1\0\1\0\x3b20e\x2490\x8002\5\0\xf570\\x1e8\0\xffff\xffff\22\0\0\0\30\0@\0\x100\0\b\0\x7073\x696c\x7474\x7265 \0\x6b76\b\b\0\x9b60Y\3\0\1`\x3335\x3333\x3139\x3230\xfff8\xffff\x3ca0e\xffe0\xffff\x6b76\b\4\x8000\4\0\4\0\1\17\x7044\x4969\x646e\x7865\xfff0\xffff\x686c\1\x3c48e\xe2d0\xe465\xff98\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x6820d\1\0\0\0\x32b8e\xffff\xffff\3\0\xcd38$\xe588E\xffff\xffff\n\0\0\0\22\0006\0\b\0\26\0\x6f4c\x5077\x776f\x7265\x7453\x7461\x4c65\x6e69\x536b\x6570\x6465\0\xffd8\xffff\x6b76\t6\0\x3bc0e\1\0\1\0\x6150\x6172\x446d\x7365c\0\0\0\xffc0\xffffLow Power State Link Speed\0\0\0\0\xffe0\xffff\x6b76\a\4\x80001\0\1\0\1\0\x6564\x6166\x6c75t\b\0\x6360e\xffe0\xffff\x6b76\a\n\0\x4440e\1\0\1e\x6553\x7672\x6369e\xffa8\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3a80e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3af8e\xf278E\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\x3cc0e\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffa8\xffff\x6b6e \xceea\xf340\x2ff4\x1c9\0\0\xe7d0^\3\0\1\0\x4568e\x8598\x8000\n\0\x7d10c\x1e8\0\xffff\xffff\30\0\0\0\36\0T\0\x101\0\a\0\x7053\x6f6f\x656cr\xffe0\xffff\x6b76\4\n\0\xba30$\1\0\1\0\x7974\x6570\0\0\xfff0\xffff\x3000\0\x2000\0ST\xfff0\xffff\x686c\1\x5e90e#\0\xfff8\xffff\x44b0e\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x15d0e\0\0\0\0\xffff\xffff\xffff\xffff\n\0\x4a88e\xe588E\xffff\xffff\0\0\0\0\2\0002\0\0\0\4\0\x6e65\x6d75\0\0\xffe8\xffffms_psched\0\20\0\xa3c0i\xa3e8i\0\0\xffc8\xffffAutonegotiate for 100FD\0\0\0\xffe0\xffff\x6b76\0012\0\x4a50e\1\0\1\09\0\0\0\xffe0\xffff\x6b76\a\4\x80000\0\1\0\1\0\x6564\x6166\x6c75t\xfff8\xffff\x5938e\xffe8\xffffPerfClose\0\xffe0\xffff\x6b76\4\n\0\xec90$\1\0\1\0\x7974\x6570\0\0\xffa8\xffff\x6b6e \xf358\x1a64\x1de3\x1c9\0\0\x3b30e\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xf4a0$\xe588E\xffff\xffff\0\0\0\0\2\0\20\0\0\0\4\0\x6e65\x6d75\0\0\xffe0\xffff\x6b76\1\20\0\x1e28e\1\0\1\0000\0\0\0\xfff0\xffff0019\0\0\20\0\x8000\xc562\x1c0\x1c1\x4e64\x29c4\xffe0\xffff\x6b76\5\4\x8000\xb33\0\4\0\1.\x7053\x6565d\x6e61\x6268\x6e69\x4000e\x1000\0\0\0\0\0\0\0\0\0\0\0\xffe0\xffff\x6b76\1,\0\x4040e\1\0\1\0003\0\0\0\xffd0\xffffForce 100 Half Duplex\0\xffe0\xffff\x6b76\1,\0\x5838e\1\0\1\0004\0\0\0(\0\x6b76\4\x468\0\xb248g\n\0\1\0\x6f52\x746f\xe458\5\b\0\x3b98e\xffe0\xffff\x6b76\5\24\0\x3f10e\1\0\1\0\x6c43\x736fe\0\xfff8\xffff\x4820e\xffd0\xffff\x6b76\22\4\x8000\0\0\4\0\1a\x7250\x636f\x7365\x6973\x676e\x6944\x6173\x6c62\x6465\0\x6b76\16\xffe0\xffff\x6b76\6\4\x8000\xb33\0\4\0\1\x6976\x7053\x6565\x5964g\xffa0\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3d70e\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x1e8\0\xffff\xffff\0\0\0\0\0\0\0\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372ll \xffa0\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3d70e\0\0\0\0\xffff\xffff\xffff\xffff\v\0\x4410e\x1e8\0\xffff\xffff\0\0\0\0*\0\32\0\1\0\v\0\x6550\x6672\x726f\x616d\x636ee\0\0\xffe0\xffff\x6b76\a\30\0\x4210e\1\0\1\x500\x6f43\x6c6c\x6365t\xffe0\xffffPerfCollect\0\0\0\xfff0\xffff1450\0\3\xffd8\xffff\x6b76\17\4\x8000\x7d0\0\4\0\1.\x6f43\x6c6c\x6365\x2074\x6954\x656d\x756ft\xffe0\xffff\x6b76\a\32\0\x4288e\1\0\1C\x694c\x7262\x7261y\xffe0\xffffwinspool.drv\0n\xffe8\xffff\x7e77\x9db2\x3501\x1ad8\x82d9\x2b8a\x4405\x9634\0\0\xffd8\xffff\x6b76\v\n\0\x4230e\1\0\1\0\x624f\x656a\x7463\x4c20\x7369t\x101\0\xffe0\xffff\x6b76\4\22\0\x4308e\1\0\1\17\x704f\x6e65\0\x500\xffe8\xffffPerfOpen\0\0\xfff0\xffff\x6000\x99bd\x4f53\x1c2\0\0\xfff8\xffff\x52f0e\xfff8\xffff\x50c0e\xffd8\xffff\x6b76\f\4\x8000\xfa0\0\4\0\1h\x704f\x6e65\x5420\x6d69\x6f65\x7475wT\xffd0\xffff\x6b76\25\20\0\x42a8e\3\0\1\17\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x6e67\x7461\x7275\x5665\17\xffd8\xffff\x6b76\16\4\x8000\0\0\4\0\1\17\x6257\x6d65\x6441\x7061\x7453\x7461\x7375"\xffd8\xffff\x6b76\20\b\0\x4320e\3\0\1\0\x6257\x6d65\x6441\x7061\x6946\x656c\x6954\x656d\xffd8\xffff\x6b76\20\4\x8000\x3c00\2\4\0\1\0\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x657a\xffd0\xffff\x40b8e\x41f0e\x4240e\x4268e\x42c0e\x42e8e\x4340e\x4368e\x43c0e\x43e8e\x4398e\xfff0\xffffUdfs\0&\xfff8\xffff\x4db0e\xffa8\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\x3d70e\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x3e08e\xf278E\xffff\xffff\0\0\0\0\20\0\x90\0\2\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\x90\0\x44d0e\3\0\1E\x6553\x7563\x6972\x7974\xff68\xffff\1\x8014x\0\x84\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2H\3\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x1fd\2\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0io\xffd8\xffff\x686c\3\x4130e\xea98\x6e7f\x4190e\x436\x3087\x4458e\xe2d0\xe465\0\0\0\0\xff98\xffff\x6b6e \x9ca8\x1b10\x1de3\x1c9\0\0\xe7d0^\1\0\0\0\x1d188\xffff\xffff\b\0\x48b0e\x7858C\xffff\xffff\22\0\0\0\36\0\xd6\0\x102\0\26\0\x5153\x414c\x6567\x746e\x5324\x4e4f\x5f59\x454d\x4944\x4d41\x5247y\xffe0\xffff\x6b76\4\4\x8000\20\0\4\0\1;\x7954\x6570\P\xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\1s\x7453\x7261ti\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1s\x7245\x6f72\x4372\x6e6f\x7274\x6c6fat\xffd8\xffff\x6b76\t\xd6\0\x4688e&#
11
Tech Clinic / ohnoes! i think i've been hacked.
« on: October 16, 2008, 07:51:42 PM »
\' /> ohnoes! i think i've been hacked.Ok well i was searching for a fix to crack smartftp... i know im a bad boy and im prob getting what i deserve :\
I found a torrent for a crack, i dl'd it and replaced the icon with this new one it came with two i replaced the icons mcafee didnt pop up nothing. I double clicked on the new icons and i go a hour glass... nothing happened... nor did smart ftp open.
I tryed to open internet explorer... oddly it comes up with ie encountered a problem and needs to close.. IE wont work.. what the heck..
i noticed on my process list i had some strange junk.. first off is rundll32 on the lsit under the "username" i don't know..
then i saw a process called "player.exe" after a reboot Internet explorer works again...
BUT all my cookies have been deleted or something cause all my sites what me to enter my user name and pw's again... instresting eh.. soo im little sketched out...
Here's my hijack this (files) and i say files cause i saved one made some checks and scaned again soo ima show you the first one and then the second.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:14 PM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Excursion9.5\mIRC.ExCurSioN.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Player] C:\Documents and Settings\ep0xy\Application Data\Adobe\Player.exe
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4564 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:35 PM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: gzipmod - C:\WINDOWS\SYSTEM32\gzipmod.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4223 bytes
ALSO WHAT IS AWWSERVICE.EXE
Please help thanks!
12
Tech Clinic / Time for a check up!
« on: March 03, 2008, 11:59:02 PM »
Yep were good , Thanks soo much.
cheers!
cheers!
13
Tech Clinic / Time for a check up!
« on: March 03, 2008, 11:43:34 PM »
c:\windows\$ntservicepackuninstall$\sptip.dll
Version: 5.1.2600.1106
Created: 2/1/2007 7:09:27 PM
Modified: 8/29/2002 7:00:00 AM
Size: 235,520 bytes
Attributes: Compressed
c:\windows\ime\sptip.dll
Version: 5.1.2600.2180
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive
c:\windows\servicepackfiles\i386\sptip.dll
Version: 5.1.2600.2180
Created: 8/4/2004 2:56:45 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
c:\windows\system32\dllcache\sptip.dll
Version: 5.1.2600.2180
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive Compressed
Version: 5.1.2600.1106
Created: 2/1/2007 7:09:27 PM
Modified: 8/29/2002 7:00:00 AM
Size: 235,520 bytes
Attributes: Compressed
c:\windows\ime\sptip.dll
Version: 5.1.2600.2180
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive
c:\windows\servicepackfiles\i386\sptip.dll
Version: 5.1.2600.2180
Created: 8/4/2004 2:56:45 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
c:\windows\system32\dllcache\sptip.dll
Version: 5.1.2600.2180
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive Compressed
14
Tech Clinic / Time for a check up!
« on: March 03, 2008, 11:36:31 PM »
ok did it, rebooted error is gone! thats been baffling me for months couldnt fix it. soo nice to not see those msg anymore
15
Tech Clinic / Time for a check up!
« on: March 03, 2008, 11:17:31 PM »
yep i did a search for this string c:\windows\system32\dllcache\sptip.dll
copyed thefile when into thewindows folder fould windows32.. and over wrote ran theprogram serchfor both posted logs
wow i can right click again !!!!!!! i bet i dont get tha tsptip msg on reboot either!!!
Very nice questolo you sure know yourstuff
copyed thefile when into thewindows folder fould windows32.. and over wrote ran theprogram serchfor both posted logs
wow i can right click again !!!!!!! i bet i dont get tha tsptip msg on reboot either!!!
Very nice questolo you sure know yourstuff
16
Tech Clinic / Time for a check up!
« on: March 03, 2008, 11:06:15 PM »
ok first those boxes were already were unchecked.
heres te logs:
c:\windows\$ntservicepackuninstall$\sptip.dll
Version: 5.1.2600.1106
Created: 2/1/2007 7:09:27 PM
Modified: 8/29/2002 7:00:00 AM
Size: 235,520 bytes
Attributes: Compressed
c:\windows\ime\sptip.dll
Version:
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive
c:\windows\servicepackfiles\i386\sptip.dll
Version: 5.1.2600.2180
Created: 8/4/2004 2:56:45 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
c:\windows\system32\dllcache\sptip.dll
Version: 5.1.2600.2180
Created: 8/29/2002 7:00:00 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive Compressed
c:\windows\system32\sptip.dll
Version: 5.1.2600.2180
Created: 3/3/2008 11:14:35 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive
c:\windows\$ntservicepackuninstall$\themeui.dll
Version: 6.0.2800.1106
Created: 2/1/2007 7:09:13 PM
Modified: 8/29/2002 7:00:00 AM
Size: 384,000 bytes
Attributes: Compressed
c:\windows\servicepackfiles\i386\themeui.dll
Version: 6.0.2900.2180
Created: 8/4/2004 2:56:46 AM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Compressed
c:\windows\system32\dllcache\themeui.dll
Version: 6.0.2900.2180
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive Compressed
c:\windows\system32\themeui.dll
Version: 6.0.2900.2180
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive
heres te logs:
c:\windows\$ntservicepackuninstall$\sptip.dll
Version: 5.1.2600.1106
Created: 2/1/2007 7:09:27 PM
Modified: 8/29/2002 7:00:00 AM
Size: 235,520 bytes
Attributes: Compressed
c:\windows\ime\sptip.dll
Version:
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive
c:\windows\servicepackfiles\i386\sptip.dll
Version: 5.1.2600.2180
Created: 8/4/2004 2:56:45 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
c:\windows\system32\dllcache\sptip.dll
Version: 5.1.2600.2180
Created: 8/29/2002 7:00:00 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive Compressed
c:\windows\system32\sptip.dll
Version: 5.1.2600.2180
Created: 3/3/2008 11:14:35 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive
c:\windows\$ntservicepackuninstall$\themeui.dll
Version: 6.0.2800.1106
Created: 2/1/2007 7:09:13 PM
Modified: 8/29/2002 7:00:00 AM
Size: 384,000 bytes
Attributes: Compressed
c:\windows\servicepackfiles\i386\themeui.dll
Version: 6.0.2900.2180
Created: 8/4/2004 2:56:46 AM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Compressed
c:\windows\system32\dllcache\themeui.dll
Version: 6.0.2900.2180
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive Compressed
c:\windows\system32\themeui.dll
Version: 6.0.2900.2180
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive
17
Tech Clinic / Time for a check up!
« on: March 03, 2008, 09:33:14 PM »
c:\windows\$ntservicepackuninstall$\sptip.dll
Version: 5.1.2600.1106
Created: 2/1/2007 7:09:27 PM
Modified: 8/29/2002 7:00:00 AM
Size: 235,520 bytes
Attributes: Compressed
c:\windows\ime\sptip.dll
Version:
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive
c:\windows\servicepackfiles\i386\sptip.dll
Version: 5.1.2600.2180
Created: 8/4/2004 2:56:45 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
c:\windows\system32\dllcache\sptip.dll
Version: 5.1.2600.2180
Created: 8/29/2002 7:00:00 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive Compressed
Version: 5.1.2600.1106
Created: 2/1/2007 7:09:27 PM
Modified: 8/29/2002 7:00:00 AM
Size: 235,520 bytes
Attributes: Compressed
c:\windows\ime\sptip.dll
Version:
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive
c:\windows\servicepackfiles\i386\sptip.dll
Version: 5.1.2600.2180
Created: 8/4/2004 2:56:45 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
c:\windows\system32\dllcache\sptip.dll
Version: 5.1.2600.2180
Created: 8/29/2002 7:00:00 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive Compressed
18
Tech Clinic / Time for a check up!
« on: March 03, 2008, 01:40:52 AM »
ok heres the new hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:40 AM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\ep0xy\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4635 bytes
Also i never mentioned this almost forgot:
each and every time i reboot my PC i get this message:
The application or DLL C:\WINDOWS\IME\sptip.dll is not a valid Windows image. Please check this against your installation diskette.
heres the fileinfo.vbs when i searched themeeui:
c:\windows\$ntservicepackuninstall$\themeui.dll
Version: 6.0.2800.1106
Created: 2/1/2007 7:09:13 PM
Modified: 8/29/2002 7:00:00 AM
Size: 384,000 bytes
Attributes: Compressed
c:\windows\servicepackfiles\i386\themeui.dll
Version: 6.0.2900.2180
Created: 8/4/2004 2:56:46 AM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Compressed
c:\windows\system32\dllcache\themeui.dll
Version: 6.0.2900.2180
Created: 8/29/2002 7:00:00 AM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive Compressed
c:\windows\system32\themeui.dll
Version:
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive
and in reguards to what i tryed that made the pc loop to loop reboot crash , well it wasa whileago i read if you type a certain command in the run tab it searchs against your windows disk and fixes problems i did and it prompted meto insert thewindows disk i did and it ran the scan found theproblem andit was over . i then was able to right click my desk top and slect properites it worked fine.
BUT when i rebooted thats what happened intill i slected last cfg thatworked and i was able to get back on windows corupt file was there again.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:40 AM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\ep0xy\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4635 bytes
Also i never mentioned this almost forgot:
each and every time i reboot my PC i get this message:
The application or DLL C:\WINDOWS\IME\sptip.dll is not a valid Windows image. Please check this against your installation diskette.
heres the fileinfo.vbs when i searched themeeui:
c:\windows\$ntservicepackuninstall$\themeui.dll
Version: 6.0.2800.1106
Created: 2/1/2007 7:09:13 PM
Modified: 8/29/2002 7:00:00 AM
Size: 384,000 bytes
Attributes: Compressed
c:\windows\servicepackfiles\i386\themeui.dll
Version: 6.0.2900.2180
Created: 8/4/2004 2:56:46 AM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Compressed
c:\windows\system32\dllcache\themeui.dll
Version: 6.0.2900.2180
Created: 8/29/2002 7:00:00 AM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive Compressed
c:\windows\system32\themeui.dll
Version:
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive
and in reguards to what i tryed that made the pc loop to loop reboot crash , well it wasa whileago i read if you type a certain command in the run tab it searchs against your windows disk and fixes problems i did and it prompted meto insert thewindows disk i did and it ran the scan found theproblem andit was over . i then was able to right click my desk top and slect properites it worked fine.
BUT when i rebooted thats what happened intill i slected last cfg thatworked and i was able to get back on windows corupt file was there again.
19
Tech Clinic / Time for a check up!
« on: March 03, 2008, 12:04:54 AM »
i didnt get the extra.txt , i recvived a yes or no box i clicked yes and recived that one txt i pasted.
Heres what yourasked for:
Ad-Aware SE Personal
Adobe Flash Player ActiveX
AOL Instant Messenger
ASUS Probe V2.24.10
AsusUpdate
BitTornado 0.3.17
Cabela's Trophy Bucks
Call of Duty 4: Modern Warfare
CDDRV_Installer
Counter-Strike
Excursion 9.5
Fraps (remove only)
Google Talk (remove only)
Half-Life 2: Deathmatch
HijackThis 2.0.2
HLSW v1.1.5
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Indeo® software
iTunes
KhalInstallWrapper
K-Lite Codec Pack 3.01 Basic
Logitech MouseWare 9.79
Logitech SetPoint
Macromedia Dreamweaver 8
Macromedia Extension Manager
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.12)
MultiMon TaskBar 2.1
Nostromo Array Programming Software
NVIDIA Drivers
NVIDIA WDM Drivers
NVTweak
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SmartFTP Client
SmartFTP Client 2.0 Setup Files (remove only)
SmartFTP Client 2.5 Setup Files (remove only)
Sony Media Manager 2.0
Sony Vegas 6.0
Spybot - Search & Destroy 1.4
Steam
Team Fortress 2
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Ventrilo Client
VideoMach 4.0.4
Winamp
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
Xvid 1.1.2 final uninstall
EDIT found theextra .txt MY bad :
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 3071.48 MiB / 2375.19 MiB
Pagefile Memory (total/avail): 9904.48 MiB / 9331.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.46 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 23.11 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800BB-00CAA1 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntivirusOverride is set.
FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\ExcursionXBeta\\mIRC.exe"="C:\\ExcursionXBeta\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\ep0xy\\Local Settings\\Temp\\nskE9.tmp\\utorrent.exe"="C:\\Documents and Settings\\ep0xy\\Local Settings\\Temp\\nskE9.tmp\\utorrent.exe:*:Enabled:µTorrent"
"C:\\mIRC-TPG\\mirc.exe"="C:\\mIRC-TPG\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\source sdk base\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:hlsw"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\dirtstarEmail Removed\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\dirtstarEmail Removed\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\roundnycEmail Removed\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\roundnycEmail Removed\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\opposing force\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\opposing force\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\redrockEmail Removed\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\redrockEmail Removed\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Excursion9.5\\mIRC.ExCurSioN.exe"="C:\\Excursion9.5\\mIRC.ExCurSioN.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"="C:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe:*:Enabled:iw3mp"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ep0xy\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JASON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ep0xy
LOGONSERVER=\\JASON
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ep0xy\LOCALS~1\Temp
TMP=C:\DOCUME~1\ep0xy\LOCALS~1\Temp
USERDOMAIN=JASON
USERNAME=ep0xy
USERPROFILE=C:\Documents and Settings\ep0xy
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
ep0xy (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ASUS Probe V2.24.10 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
Cabela's Trophy Bucks --> MsiExec.exe /I{D17C4B85-A12C-442F-81A6-21EAB64F014A}
Call of Duty 4: Modern Warfare --> "C:\Program Files\Steam\steam.exe" steam://uninstall/7940
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
Excursion 9.5 --> C:\WINDOWS\unvise32.exe C:\Excursion9.5\uninstal.log
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Half-Life 2: Deathmatch --> "C:\program files\steam\steam.exe" steam://uninstall/320
HijackThis 2.0.2 --> "C:\Documents and Settings\ep0xy\Desktop\HijackThis.exe" /uninstall
HLSW v1.1.5 --> "C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
K-Lite Codec Pack 3.01 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\mIRC-TPG\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MultiMon TaskBar 2.1 --> "C:\Program Files\MMTaskbar\unins000.exe"
Nostromo Array Programming Software --> MsiExec.exe /X{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
NVTweak --> MsiExec.exe /I{39D385DF-53BA-4792-BED3-68132EEB488F}
Opposing Force --> "C:\program files\steam\steam.exe" steam://uninstall/50
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sid Meier's Civilization IV --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3900
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
Sony Media Manager 2.0 --> MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0 --> MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoMach 4.0.4 --> C:\Program Files\VideoMach-4.0.4\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type1701 / Error
Event Submitted/Written: 02/26/2008 03:32:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module explorer.exe, version 6.0.2900.3156, fault address 0x000238fa.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type1700 / Error
Event Submitted/Written: 02/25/2008 09:15:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ventrilo.exe, version 3.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x4b435553.
Processing media-specific event for [ventrilo.exe!ws!]
Event Record #/Type1696 / Error
Event Submitted/Written: 02/20/2008 08:19:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]
Event Record #/Type1690 / Warning
Event Submitted/Written: 02/17/2008 01:03:28 AM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355
Event Record #/Type1685 / Error
Event Submitted/Written: 02/14/2008 00:48:43 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1618 / Error
Event Submitted/Written: 03/02/2008 06:13:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PSTRIP service failed to start due to the following error:
%%2
Event Record #/Type1613 / Warning
Event Submitted/Written: 03/02/2008 06:10:57 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.
Event Record #/Type1612 / Warning
Event Submitted/Written: 03/02/2008 06:10:57 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.
Event Record #/Type1611 / Warning
Event Submitted/Written: 03/02/2008 06:10:55 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.
Event Record #/Type1610 / Warning
Event Submitted/Written: 03/02/2008 06:10:55 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.
-- End of Deckard's System Scanner: finished at 2008-03-02 23:45:59 ------------
Heres what yourasked for:
Ad-Aware SE Personal
Adobe Flash Player ActiveX
AOL Instant Messenger
ASUS Probe V2.24.10
AsusUpdate
BitTornado 0.3.17
Cabela's Trophy Bucks
Call of Duty 4: Modern Warfare
CDDRV_Installer
Counter-Strike
Excursion 9.5
Fraps (remove only)
Google Talk (remove only)
Half-Life 2: Deathmatch
HijackThis 2.0.2
HLSW v1.1.5
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Indeo® software
iTunes
KhalInstallWrapper
K-Lite Codec Pack 3.01 Basic
Logitech MouseWare 9.79
Logitech SetPoint
Macromedia Dreamweaver 8
Macromedia Extension Manager
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.12)
MultiMon TaskBar 2.1
Nostromo Array Programming Software
NVIDIA Drivers
NVIDIA WDM Drivers
NVTweak
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SmartFTP Client
SmartFTP Client 2.0 Setup Files (remove only)
SmartFTP Client 2.5 Setup Files (remove only)
Sony Media Manager 2.0
Sony Vegas 6.0
Spybot - Search & Destroy 1.4
Steam
Team Fortress 2
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Ventrilo Client
VideoMach 4.0.4
Winamp
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
Xvid 1.1.2 final uninstall
EDIT found theextra .txt MY bad :
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 3071.48 MiB / 2375.19 MiB
Pagefile Memory (total/avail): 9904.48 MiB / 9331.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.46 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 23.11 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800BB-00CAA1 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntivirusOverride is set.
FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\ExcursionXBeta\\mIRC.exe"="C:\\ExcursionXBeta\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\ep0xy\\Local Settings\\Temp\\nskE9.tmp\\utorrent.exe"="C:\\Documents and Settings\\ep0xy\\Local Settings\\Temp\\nskE9.tmp\\utorrent.exe:*:Enabled:µTorrent"
"C:\\mIRC-TPG\\mirc.exe"="C:\\mIRC-TPG\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\source sdk base\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:hlsw"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\dirtstarEmail Removed\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\dirtstarEmail Removed\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\roundnycEmail Removed\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\roundnycEmail Removed\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\opposing force\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\opposing force\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\redrockEmail Removed\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\redrockEmail Removed\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Excursion9.5\\mIRC.ExCurSioN.exe"="C:\\Excursion9.5\\mIRC.ExCurSioN.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"="C:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe:*:Enabled:iw3mp"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ep0xy\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JASON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ep0xy
LOGONSERVER=\\JASON
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ep0xy\LOCALS~1\Temp
TMP=C:\DOCUME~1\ep0xy\LOCALS~1\Temp
USERDOMAIN=JASON
USERNAME=ep0xy
USERPROFILE=C:\Documents and Settings\ep0xy
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
ep0xy (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ASUS Probe V2.24.10 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
Cabela's Trophy Bucks --> MsiExec.exe /I{D17C4B85-A12C-442F-81A6-21EAB64F014A}
Call of Duty 4: Modern Warfare --> "C:\Program Files\Steam\steam.exe" steam://uninstall/7940
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
Excursion 9.5 --> C:\WINDOWS\unvise32.exe C:\Excursion9.5\uninstal.log
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Half-Life 2: Deathmatch --> "C:\program files\steam\steam.exe" steam://uninstall/320
HijackThis 2.0.2 --> "C:\Documents and Settings\ep0xy\Desktop\HijackThis.exe" /uninstall
HLSW v1.1.5 --> "C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
K-Lite Codec Pack 3.01 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\mIRC-TPG\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MultiMon TaskBar 2.1 --> "C:\Program Files\MMTaskbar\unins000.exe"
Nostromo Array Programming Software --> MsiExec.exe /X{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
NVTweak --> MsiExec.exe /I{39D385DF-53BA-4792-BED3-68132EEB488F}
Opposing Force --> "C:\program files\steam\steam.exe" steam://uninstall/50
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sid Meier's Civilization IV --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3900
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
Sony Media Manager 2.0 --> MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0 --> MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoMach 4.0.4 --> C:\Program Files\VideoMach-4.0.4\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type1701 / Error
Event Submitted/Written: 02/26/2008 03:32:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module explorer.exe, version 6.0.2900.3156, fault address 0x000238fa.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type1700 / Error
Event Submitted/Written: 02/25/2008 09:15:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ventrilo.exe, version 3.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x4b435553.
Processing media-specific event for [ventrilo.exe!ws!]
Event Record #/Type1696 / Error
Event Submitted/Written: 02/20/2008 08:19:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]
Event Record #/Type1690 / Warning
Event Submitted/Written: 02/17/2008 01:03:28 AM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355
Event Record #/Type1685 / Error
Event Submitted/Written: 02/14/2008 00:48:43 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1618 / Error
Event Submitted/Written: 03/02/2008 06:13:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PSTRIP service failed to start due to the following error:
%%2
Event Record #/Type1613 / Warning
Event Submitted/Written: 03/02/2008 06:10:57 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.
Event Record #/Type1612 / Warning
Event Submitted/Written: 03/02/2008 06:10:57 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.
Event Record #/Type1611 / Warning
Event Submitted/Written: 03/02/2008 06:10:55 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.
Event Record #/Type1610 / Warning
Event Submitted/Written: 03/02/2008 06:10:55 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.
-- End of Deckard's System Scanner: finished at 2008-03-02 23:45:59 ------------
20
Tech Clinic / Time for a check up!
« on: March 02, 2008, 11:40:57 PM »
Here's the dss:
Deckard's System Scanner v20071014.68
Run by ep0xy on 2008-03-02 23:44:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
77: 2008-03-03 04:44:29 UTC - RP207 - Deckard's System Scanner Restore Point
76: 2008-03-03 01:19:06 UTC - RP206 - System Checkpoint
75: 2008-03-02 01:15:24 UTC - RP205 - System Checkpoint
74: 2008-02-29 08:25:26 UTC - RP204 - System Checkpoint
73: 2008-02-28 08:08:04 UTC - RP203 - System Checkpoint
-- First Restore Point --
1: 2007-12-04 07:59:23 UTC - RP131 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as ep0xy.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:11 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Excursion9.5\mIRC.ExCurSioN.exe
C:\mIRC-TPG\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ep0xy\Desktop\dss.exe
C:\DOCUME~1\ep0xy\Desktop\ep0xy.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WIW7YLXI\INDEX_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VQK9TBIO\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\ACTION~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\PI3QGOAK\LEFT_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ME482Q8E\UPLOAD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G8WP4X2U\NAVBAR~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\U4JD2YC9\PERSON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0TDT3PWU\RIGHT_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\BOTTOM~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IYLT7VZ9\PRICIN~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVH9YENS\INE36B~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VY22VHTB\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1NTPR890\BUTTON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SGJH9UIN\AIMTOD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\GHKFNT6B\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X3YTGO1X\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\947_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ISZ0Q28G\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\9MVBS671\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4IQRBNHF\953_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\CMLYAJFH\958_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMP
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 7066 bytes
-- File Associations -----------------------------------------------------------
[color=\"red\"].js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
S2 PSTRIP - c:\windows\system32\drivers\pstrip.sys (file missing)
S3 bainigne - c:\documents and settings\ep0xy\desktop\wowglider\bainigne.sys (file missing)
S3 flt - c:\documents and settings\ep0xy\desktop\wowglider\flt.sys (file missing)
S3 gkhapfhdp - c:\documents and settings\ep0xy\desktop\wowglider\gkhapfhdp.sys (file missing)
S3 glgwukb - c:\documents and settings\ep0xy\desktop\wowglider\glgwukb.sys (file missing)
S3 jrf - c:\documents and settings\ep0xy\desktop\wowglider\jrf.sys (file missing)
S3 uuhu - c:\documents and settings\ep0xy\desktop\wowglider\uuhu.sys (file missing)
S3 vhndlqwivh - c:\documents and settings\ep0xy\desktop\wowglider\vhndlqwivh.sys (file missing)
S3 ydzodmzw - c:\documents and settings\ep0xy\desktop\wowglider\ydzodmzw.sys (file missing)
S3 ztb - c:\documents and settings\ep0xy\desktop\wowglider\ztb.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&13699180&0&3848
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&13699180&0&3848
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10061102&REV_00\4&13699180&0&4048
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10061102&REV_00\4&13699180&0&4048
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\74C63211D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\74C63211D800
Service: NIC1394
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-03-02 05:32:00 300 --a------ C:\WINDOWS\Tasks\Ad-Aware SE Personal.job
2008-03-02 03:19:31 356 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-29 06:35:00 264 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy.job
2008-02-15 01:46:43 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job
-- Files created between 2008-02-02 and 2008-03-02 -----------------------------
2008-02-23 16:49:51 0 d-------- C:\World of Warcraft
2008-02-16 00:02:49 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-14 20:25:17 0 d-------- C:\Documents and Settings\ep0xy\Application Data\skypePM
2008-02-14 20:25:17 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-14 20:20:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-07 19:39:45 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
-- Find3M Report ---------------------------------------------------------------
2008-03-02 22:24:25 0 d-------- C:\Program Files\Steam
2008-03-02 21:23:18 0 d-------- C:\Program Files\HLSW
2008-02-16 00:02:49 0 d-------- C:\Program Files\Common Files
2008-02-13 22:25:41 0 d-------- C:\Program Files\Winamp
2008-02-07 19:40:12 0 d-------- C:\Program Files\SmartFTP Client
2008-01-22 16:12:30 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-22 01:35:22 13668 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-21 22:27:06 0 d-------- C:\Documents and Settings\ep0xy\Application Data\Adobe
2008-01-21 22:27:04 1158 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Logitech Utility"="Logi_MwX.Exe" [11/07/2003 04:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 05:54 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 02:32 PM C:\WINDOWS\KHALMNPR.Exe]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 02:32 PM C:\WINDOWS\KHALMNPR.Exe]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 01:33 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/13/2007 04:14 PM]
"nwiz"="nwiz.exe" [08/13/2007 04:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/13/2007 04:14 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Steam"="c:\program files\steam\steam.exe" [11/29/2007 07:05 PM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" []
"DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.exe" [07/25/2007 02:10 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SGJH9UIN\AIMTOD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\GHKFNT6B\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X3YTGO1X\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\947_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ISZ0Q28G\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\9MVBS671\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4IQRBNHF\953_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\CMLYAJFH\958_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IHBKB3OC\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\7XJZ016Z\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KXGIKGRM\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NOE230T4\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NOE230T4\955_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EXCHSH0M\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\7XJZ016Z\974_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EXCHSH0M\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\F0AH2DGF\CS_45_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TBU6FADW\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5VVTD208\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TBU6FADW\985_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\MOTD_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVELPOSX\INDEX_~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\ADS_4_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\@MIDDL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\@MIDDL~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\273792~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X18WK7X1\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\988_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\972_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X18WK7X1\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\2DW2YSJO\IN591D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\2DW2YSJO\CS_19_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EXCHSH0M\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OYMEGBP2\INDEX_~4.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0B9ONMV3\1005_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WH2RX6IW\INAFAD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G5JCMA5L\IN552D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KXGIKGRM\SEBFA6~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IL2DD3OF\JAVASC~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\V_2_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\I2C9RPLU\IN592D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\IN5D1D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\2SBIRV2N\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WH2RX6IW\IN592D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVELPOSX\1009_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WH2RX6IW\SHOWTH~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0B9ONMV3\BRUCEL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X18WK7X1\INDEX_~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\76LUWPN1\INDEX_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JQP3UBLD\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SHV22XQ0\1018_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4VQ7VX0J\1020_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NDHTJ08F\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JLYZA6CU\1025_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EJ3YMDTL\IFRAME~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IR6BBB9J\UPDATE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1MU9FQND\A37119~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\THVBVFOF\1026_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\47Y30XDT\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WWKK71WC\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1MU9FQND\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JLYZA6CU\1030_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\MJC9LK0Y\DOC_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N4ANSA8G\DOC_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WWKK71WC\GOOGLE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\THVBVFOF\INDEXC~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KPR4Q6L3\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\PBEULA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\@MIDDL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\THVBVFOF\@MIDDL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\C2BBMXAK\WIRELE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WWKK71WC\V_3_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N4ANSA8G\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4VQ7VX0J\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\HREAZS89\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\SHOWTH~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OYPNQ4ZN\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\IN5D1D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\32XOB6AV\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NDHTJ08F\1064_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JXHNFUHS\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\CONTEN~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\R2EVCQ81\CS_5_2~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SD43F0W8\1067_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1MU9FQND\1077_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4VQ7VX0J\CS_44_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SD43F0W8\IN512D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\32XOB6AV\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NDHTJ08F\IN11F1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\R2EVCQ81\ITEM-D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N4ANSA8G\CS_21_~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\47Y30XDT\1101_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0YYMU162\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\E7W4IVR3\1106_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KDRFHVY7\INF496~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0YYMU162\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G3B2DKXF\1108_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\754NDAGZ\1119_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\C2I2ZT03\AIM_UA~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N7JRQFH9\CS_46_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\7I7MMF4F\LM_INF~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5C7TSVE1\1130_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QZRIV274\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G8WP4X2U\CS_14_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6B3AQLME\1136_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IYLT7VZ9\IND3E3~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVH9YENS\1140_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5C7TSVE1\1136_1~1.SH!
C:\Documents and Settings\ep0xy\Start Menu\Programs\Startup\
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [6/24/2003 1:31:35 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/28/2007 9:31:30 PM]
MultiMon Taskbar.lnk - C:\Program Files\MMTaskbar\MultiMon.exe [2/20/2007 6:17:39 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
-- End of Deckard's System Scanner: finished at 2008-03-02 23:45:59 ------------
heres my error msg:
The appliction or DLL C:\WINDOWS\System32\themeui.dll is not a valid Windows image. Please check this against your installation diskette.
(now ive down what it said before and itsfixed it. sweet NO what happened after was i rebooted and its got stuck in a loop to loop back to back crashes and would never reboot windows again.
Intill i to thecomp in bio's to load the last cfg thatworked and it would reboot , sweet .. NO no the error was back..
soo yeah ive just left it anywayz let me know what you think.
Edit: ooo i almost forgot no i never wanted that spyware cleaner i didnt even know i had it , never seen it before in my life
Thanks a bunch
Deckard's System Scanner v20071014.68
Run by ep0xy on 2008-03-02 23:44:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
77: 2008-03-03 04:44:29 UTC - RP207 - Deckard's System Scanner Restore Point
76: 2008-03-03 01:19:06 UTC - RP206 - System Checkpoint
75: 2008-03-02 01:15:24 UTC - RP205 - System Checkpoint
74: 2008-02-29 08:25:26 UTC - RP204 - System Checkpoint
73: 2008-02-28 08:08:04 UTC - RP203 - System Checkpoint
-- First Restore Point --
1: 2007-12-04 07:59:23 UTC - RP131 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as ep0xy.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:11 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Excursion9.5\mIRC.ExCurSioN.exe
C:\mIRC-TPG\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ep0xy\Desktop\dss.exe
C:\DOCUME~1\ep0xy\Desktop\ep0xy.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WIW7YLXI\INDEX_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VQK9TBIO\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\ACTION~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\PI3QGOAK\LEFT_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ME482Q8E\UPLOAD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G8WP4X2U\NAVBAR~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\U4JD2YC9\PERSON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0TDT3PWU\RIGHT_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\BOTTOM~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IYLT7VZ9\PRICIN~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVH9YENS\INE36B~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VY22VHTB\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1NTPR890\BUTTON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SGJH9UIN\AIMTOD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\GHKFNT6B\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X3YTGO1X\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\947_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ISZ0Q28G\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\9MVBS671\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4IQRBNHF\953_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\CMLYAJFH\958_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMP
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 7066 bytes
-- File Associations -----------------------------------------------------------
[color=\"red\"].js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
S2 PSTRIP - c:\windows\system32\drivers\pstrip.sys (file missing)
S3 bainigne - c:\documents and settings\ep0xy\desktop\wowglider\bainigne.sys (file missing)
S3 flt - c:\documents and settings\ep0xy\desktop\wowglider\flt.sys (file missing)
S3 gkhapfhdp - c:\documents and settings\ep0xy\desktop\wowglider\gkhapfhdp.sys (file missing)
S3 glgwukb - c:\documents and settings\ep0xy\desktop\wowglider\glgwukb.sys (file missing)
S3 jrf - c:\documents and settings\ep0xy\desktop\wowglider\jrf.sys (file missing)
S3 uuhu - c:\documents and settings\ep0xy\desktop\wowglider\uuhu.sys (file missing)
S3 vhndlqwivh - c:\documents and settings\ep0xy\desktop\wowglider\vhndlqwivh.sys (file missing)
S3 ydzodmzw - c:\documents and settings\ep0xy\desktop\wowglider\ydzodmzw.sys (file missing)
S3 ztb - c:\documents and settings\ep0xy\desktop\wowglider\ztb.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&13699180&0&3848
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&13699180&0&3848
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10061102&REV_00\4&13699180&0&4048
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10061102&REV_00\4&13699180&0&4048
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\74C63211D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\74C63211D800
Service: NIC1394
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-03-02 05:32:00 300 --a------ C:\WINDOWS\Tasks\Ad-Aware SE Personal.job
2008-03-02 03:19:31 356 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-29 06:35:00 264 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy.job
2008-02-15 01:46:43 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job
-- Files created between 2008-02-02 and 2008-03-02 -----------------------------
2008-02-23 16:49:51 0 d-------- C:\World of Warcraft
2008-02-16 00:02:49 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-14 20:25:17 0 d-------- C:\Documents and Settings\ep0xy\Application Data\skypePM
2008-02-14 20:25:17 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-14 20:20:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-07 19:39:45 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
-- Find3M Report ---------------------------------------------------------------
2008-03-02 22:24:25 0 d-------- C:\Program Files\Steam
2008-03-02 21:23:18 0 d-------- C:\Program Files\HLSW
2008-02-16 00:02:49 0 d-------- C:\Program Files\Common Files
2008-02-13 22:25:41 0 d-------- C:\Program Files\Winamp
2008-02-07 19:40:12 0 d-------- C:\Program Files\SmartFTP Client
2008-01-22 16:12:30 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-22 01:35:22 13668 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-21 22:27:06 0 d-------- C:\Documents and Settings\ep0xy\Application Data\Adobe
2008-01-21 22:27:04 1158 --a------ C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Logitech Utility"="Logi_MwX.Exe" [11/07/2003 04:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 05:54 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 02:32 PM C:\WINDOWS\KHALMNPR.Exe]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 02:32 PM C:\WINDOWS\KHALMNPR.Exe]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 01:33 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/13/2007 04:14 PM]
"nwiz"="nwiz.exe" [08/13/2007 04:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/13/2007 04:14 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Steam"="c:\program files\steam\steam.exe" [11/29/2007 07:05 PM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" []
"DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.exe" [07/25/2007 02:10 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SGJH9UIN\AIMTOD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\GHKFNT6B\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X3YTGO1X\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\947_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ISZ0Q28G\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\9MVBS671\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4IQRBNHF\953_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\CMLYAJFH\958_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IHBKB3OC\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\7XJZ016Z\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KXGIKGRM\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NOE230T4\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NOE230T4\955_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EXCHSH0M\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\7XJZ016Z\974_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EXCHSH0M\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\F0AH2DGF\CS_45_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TBU6FADW\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5VVTD208\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TBU6FADW\985_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\MOTD_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVELPOSX\INDEX_~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\ADS_4_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\@MIDDL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\@MIDDL~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\273792~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X18WK7X1\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\988_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\972_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X18WK7X1\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\2DW2YSJO\IN591D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\2DW2YSJO\CS_19_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EXCHSH0M\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OYMEGBP2\INDEX_~4.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0B9ONMV3\1005_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WH2RX6IW\INAFAD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G5JCMA5L\IN552D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KXGIKGRM\SEBFA6~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IL2DD3OF\JAVASC~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\V_2_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\I2C9RPLU\IN592D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\IN5D1D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\2SBIRV2N\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WH2RX6IW\IN592D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVELPOSX\1009_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WH2RX6IW\SHOWTH~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0B9ONMV3\BRUCEL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X18WK7X1\INDEX_~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\76LUWPN1\INDEX_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JQP3UBLD\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SHV22XQ0\1018_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4VQ7VX0J\1020_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NDHTJ08F\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JLYZA6CU\1025_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EJ3YMDTL\IFRAME~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IR6BBB9J\UPDATE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1MU9FQND\A37119~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\THVBVFOF\1026_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\47Y30XDT\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WWKK71WC\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1MU9FQND\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JLYZA6CU\1030_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\MJC9LK0Y\DOC_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N4ANSA8G\DOC_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WWKK71WC\GOOGLE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\THVBVFOF\INDEXC~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KPR4Q6L3\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\PBEULA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\@MIDDL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\THVBVFOF\@MIDDL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\C2BBMXAK\WIRELE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WWKK71WC\V_3_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N4ANSA8G\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4VQ7VX0J\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\HREAZS89\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\SHOWTH~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OYPNQ4ZN\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\IN5D1D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\32XOB6AV\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NDHTJ08F\1064_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JXHNFUHS\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\CONTEN~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\R2EVCQ81\CS_5_2~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SD43F0W8\1067_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1MU9FQND\1077_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4VQ7VX0J\CS_44_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SD43F0W8\IN512D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\32XOB6AV\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NDHTJ08F\IN11F1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\R2EVCQ81\ITEM-D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N4ANSA8G\CS_21_~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\47Y30XDT\1101_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0YYMU162\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\E7W4IVR3\1106_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KDRFHVY7\INF496~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0YYMU162\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G3B2DKXF\1108_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\754NDAGZ\1119_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\C2I2ZT03\AIM_UA~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N7JRQFH9\CS_46_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\7I7MMF4F\LM_INF~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5C7TSVE1\1130_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QZRIV274\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G8WP4X2U\CS_14_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6B3AQLME\1136_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IYLT7VZ9\IND3E3~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVH9YENS\1140_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5C7TSVE1\1136_1~1.SH!
C:\Documents and Settings\ep0xy\Start Menu\Programs\Startup\
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [6/24/2003 1:31:35 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/28/2007 9:31:30 PM]
MultiMon Taskbar.lnk - C:\Program Files\MMTaskbar\MultiMon.exe [2/20/2007 6:17:39 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
-- End of Deckard's System Scanner: finished at 2008-03-02 23:45:59 ------------
heres my error msg:
The appliction or DLL C:\WINDOWS\System32\themeui.dll is not a valid Windows image. Please check this against your installation diskette.
(now ive down what it said before and itsfixed it. sweet NO what happened after was i rebooted and its got stuck in a loop to loop back to back crashes and would never reboot windows again.
Intill i to thecomp in bio's to load the last cfg thatworked and it would reboot , sweet .. NO no the error was back..
soo yeah ive just left it anywayz let me know what you think.
Edit: ooo i almost forgot no i never wanted that spyware cleaner i didnt even know i had it , never seen it before in my life
Thanks a bunch
Pages: [1] 2