Jump to content


Photo

Help me! Been battling this over six months now!


  • This topic is locked This topic is locked
29 replies to this topic

#1 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 29 May 2007 - 07:29 PM

This Trojan / malware / rats have been haunting me for over six months now. I need help. It doesn't matter how many times I reformat my hard drive or put a new drive in I can't get rid of them. I bought a brand new computer and just by turning it on it was infested.

Here is my hijackthis info. Any insight is much appreciated as I have done soooooooooo much already.

-------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:20:01 PM, on 5/29/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\1179314286\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Windows\system32\werfault.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Are you cool\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fortinet Service Scheduler (FA_Scheduler) - Fortinet Inc. - C:\Program Files\Fortinet\FortiClient\scheduler.exe
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WPEServ - Unknown owner - C:\Program Files\Common Files\WPE\wpeserv.exe

#2 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 31 May 2007 - 08:55 AM

StartupList report, 5/31/2007, 6:46:13 AM
StartupList version: 1.52.2
Started from : C:\Users\Are you cool\AppData\Local\Temp\Temp3_hijackthis.zip\HijackThis.EXE
Detected: Unknown Windows (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16386)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\1179314286\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Users\Are you cool\AppData\Local\Temp\Temp3_hijackthis.zip\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\Are you cool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
VersionTracker Pro.lnk = ?

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Windows Defender = C:\Program Files\Windows Defender\MSASCui.exe -hide

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Uniblue SpyEraser = "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

RegCure Program Check.job
RegCure.job
Uniblue SpyEraser.job

--------------------------------------------------

Enumerating Download Program Files:

[{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
CODEBASE = http://fpdownload2.m...ash/swflash.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
CODEBASE = http://javadl-esd.su...ows-i586-jc.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\System32\mswsock.dll
NameSpace #3: C:\Windows\System32\winrnr.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
Protocol #1: C:\Program Files\Fortinet\FortiClient\fortilsp.dll
Protocol #2: C:\Program Files\Fortinet\FortiClient\fortilsp.dll
Protocol #3: C:\Program Files\Fortinet\FortiClient\fortilsp.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll
Protocol #11: C:\Windows\system32\mswsock.dll
Protocol #12: C:\Windows\system32\mswsock.dll
Protocol #13: C:\Windows\system32\mswsock.dll
Protocol #14: C:\Windows\system32\mswsock.dll
Protocol #15: C:\Windows\system32\mswsock.dll
Protocol #16: C:\Windows\system32\mswsock.dll
Protocol #17: C:\Windows\system32\mswsock.dll
Protocol #18: C:\Windows\system32\mswsock.dll
Protocol #19: C:\Windows\system32\mswsock.dll
Protocol #20: C:\Windows\system32\mswsock.dll
Protocol #21: C:\Windows\system32\mswsock.dll
Protocol #22: C:\Windows\system32\mswsock.dll
Protocol #23: C:\Windows\system32\mswsock.dll
Protocol #24: C:\Windows\system32\mswsock.dll
Protocol #25: C:\Windows\system32\mswsock.dll
Protocol #26: C:\Program Files\Fortinet\FortiClient\fortilsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\drivers\acpi.sys (system)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (disabled)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (disabled)
adpu160m: \SystemRoot\system32\drivers\adpu160m.sys (disabled)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (disabled)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Ancilliary Function Driver for Winsock: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
aic78xx: \SystemRoot\system32\drivers\djsvs.sys (disabled)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\drivers\amdagp.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (disabled)
AMD K7 Processor Driver: \SystemRoot\system32\drivers\amdk7.sys (disabled)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (disabled)
AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@appmgmts.dll,-3250: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\drivers\arc.sys (disabled)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (disabled)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\drivers\atapi.sys (system)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: system32\DRIVERS\bcm4sbxp.sys (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
blbdrive: \SystemRoot\system32\drivers\blbdrive.sys (disabled)
Bowser: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\brfiltlo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\brfiltup.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Brother MFC Serial Port Interface Driver (WDM): system32\DRIVERS\BrSerId.sys (manual start)
Brother WDM Serial driver: \SystemRoot\system32\drivers\brserwdm.sys (disabled)
Brother MFC USB Fax Only Modem: \SystemRoot\system32\drivers\brusbmdm.sys (disabled)
Brother MFC USB Serial WDM Driver: system32\DRIVERS\BrUsbSer.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (disabled)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (disabled)
Common Log (CLFS): System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (disabled)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: system32\drivers\crcdisk.sys (system)
Transmeta Crusoe Processor Driver: \SystemRoot\system32\drivers\crusoe.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Offline Files Driver: system32\drivers\csc.sys (system)
@%systemroot%\system32\cscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
Dfs Client Driver: System32\Drivers\dfsc.sys (system)
@dfsrres.dll,-101: %SystemRoot%\system32\DFSR.exe (manual start)
@%SystemRoot%\system32\dhcpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Disk Driver: system32\drivers\disk.sys (system)
DLABMFSM: System32\DLA\DLABMFSM.SYS (autostart)
DLABOIOM: System32\DLA\DLABOIOM.SYS (autostart)
DLACDBHM: System32\Drivers\DLACDBHM.SYS (system)
DLADResM: System32\DLA\DLADResM.SYS (autostart)
DLAIFS_M: System32\DLA\DLAIFS_M.SYS (autostart)
DLAOPIOM: System32\DLA\DLAOPIOM.SYS (autostart)
DLAPoolM: System32\DLA\DLAPoolM.SYS (autostart)
DLARTL_M: System32\Drivers\DLARTL_M.SYS (system)
DLAUDFAM: System32\DLA\DLAUDFAM.SYS (autostart)
DLAUDF_M: System32\DLA\DLAUDF_M.SYS (autostart)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DRVMCDB: System32\Drivers\DRVMCDB.SYS (system)
DRVNDDM: System32\Drivers\DRVNDDM.SYS (autostart)
DSBrokerService: "C:\Program Files\DellSupport\brkrsvc.exe" (manual start)
DSproct: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (manual start)
DellSupport UniDriver: system32\DRIVERS\dsunidrv.sys (autostart)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
Intel® PRO/1000 NDIS 6 Adapter Driver: system32\DRIVERS\E1G60I32.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
ReadyBoost Caching Driver: System32\drivers\ecache.sys (system)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
@%SystemRoot%\ehome\ehstart.dll,-101: %windir%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (disabled)
@%SystemRoot%\system32\emdmgmt.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Fortinet FMonitor: system32\drivers\fortimon.sys (system)
Fortinet RMonitor: system32\drivers\rmon.sys (system)
Fortinet Service Scheduler: "C:\Program Files\Fortinet\FortiClient\scheduler.exe" (disabled)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (disabled)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
File Information FS MiniFilter: system32\drivers\fileinfo.sys (system)
FileTrace: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (disabled)
FltMgr: system32\drivers\fltmgr.sys (system)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
FortiNet Fortidrv Service: system32\DRIVERS\fortidrv.sys (manual start)
Fortigen: system32\drivers\fortigen.sys (system)
FortiPFW: \??\C:\Windows\system32\drivers\FortiPFW.sys (system)
Fortips: \??\C:\Windows\system32\drivers\fortips.sys (autostart)
Fortinet network virtual adapter: system32\DRIVERS\ftvnic.sys (manual start)
BitLocker Drive Encryption Filter Driver: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
GFI LANguard N.S.S. 8.0 Attendant Service: "C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service (autostart)
gmer: System32\DRIVERS\gmer.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft UAA Bus Driver for High Definition Audio: \SystemRoot\system32\drivers\hdaudbus.sys (disabled)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (disabled)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (disabled)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HpCISSs: \SystemRoot\system32\drivers\hpcisss.sys (disabled)
HTTP: system32\drivers\HTTP.sys (manual start)
i2omp: \SystemRoot\system32\drivers\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Intel RAID Controller Vista: \SystemRoot\system32\drivers\iastorv.sys (disabled)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (manual start)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (disabled)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
File Filter Driver: system32\drivers\ikfileflt.sys (system)
File Security Driver: system32\drivers\ikfilesec.sys (system)
System Filter Driver: system32\drivers\iksysflt.sys (system)
System Security Driver: system32\drivers\iksyssec.sys (system)
intelide: system32\drivers\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IPMIDRV: \SystemRoot\system32\drivers\ipmidrv.sys (disabled)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
@%Systemroot%\system32\iprip.dll,-200: %SystemRoot%\System32\svchost.exe -k ipripsvc (autostart)
IR Bus Enumerator: system32\drivers\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: \SystemRoot\system32\drivers\isapnp.sys (disabled)
iScsiPort Driver: system32\DRIVERS\msiscsi.sys (manual start)
ITEATAPI_Service_Install: \SystemRoot\system32\drivers\iteatapi.sys (disabled)
ITERAID_Service_Install: \SystemRoot\system32\drivers\iteraid.sys (disabled)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: \SystemRoot\system32\drivers\kbdhid.sys (disabled)
CNG Key Isolation: %SystemRoot%\system32\lsass.exe (disabled)
KSecDD: System32\Drivers\ksecdd.sys (system)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (disabled)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (disabled)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (disabled)
UAC File Virtualization: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" (autostart)
megasas: \SystemRoot\system32\drivers\megasas.sys (disabled)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Modem: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: \SystemRoot\system32\drivers\mouhid.sys (disabled)
Mount Point Manager: System32\drivers\mountmgr.sys (system)
Microsoft Multi-Path Bus Driver: \SystemRoot\system32\drivers\mpio.sys (disabled)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
Mraid35x: \SystemRoot\system32\drivers\mraid35x.sys (disabled)
WebDav Client Redirector Driver: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
SMB MiniRedirector Wrapper and Engine: system32\DRIVERS\mrxsmb.sys (manual start)
SMB 1.x MiniRedirector: system32\DRIVERS\mrxsmb10.sys (manual start)
SMB 2.0 MiniRedirector: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (disabled)
Microsoft Multi-Path Device Specific Module: \SystemRoot\system32\drivers\msdsm.sys (disabled)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
ISA/EISA Class Driver: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
SQL Server (MSSMLBIZ): "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (autostart)
SQL Server Active Directory Helper: "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" (disabled)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Mup: System32\Drivers\mup.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
NDIS System Driver: system32\drivers\ndis.sys (system)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NETBT: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\netprof.dll,-246: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista: system32\DRIVERS\NETw2v32.sys (manual start)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (disabled)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
NSI proxy service: system32\drivers\nsiproxy.sys (system)
N-trig HID Tablet Driver: \SystemRoot\system32\drivers\ntrigdigi.sys (disabled)
nvlddmkm: system32\DRIVERS\nvlddmkm.sys (manual start)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (disabled)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (disabled)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
NWADI Bus Enumerator: system32\DRIVERS\NWADIenum.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
RICOH OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (disabled)
Partition Manager: System32\drivers\partmgr.sys (system)
Parvdm: \SystemRoot\system32\drivers\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: \SystemRoot\system32\drivers\pciide.sys (disabled)
pcmcia: system32\DRIVERS\pcmcia.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\p2psvc.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (disabled)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (disabled)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
QLogic Fibre Channel Miniport Driver: \SystemRoot\system32\drivers\ql2300.sys (disabled)
QLogic iSCSI Miniport Driver: \SystemRoot\system32\drivers\ql40xx.sys (disabled)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Redirected Buffering Sub Sysytem: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
RDP Encoder Mirror Driver: system32\drivers\rdpencdd.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
SBP-2 Transport/Protocol Bus Driver: \SystemRoot\system32\drivers\sbp2port.sys (disabled)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: \SystemRoot\system32\drivers\serenum.sys (manual start)
Serial Port Driver: \SystemRoot\system32\drivers\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (disabled)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (disabled)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (disabled)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\drivers\sisagp.sys (manual start)
SiSRaid2: \SystemRoot\system32\drivers\sisraid2.sys (disabled)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (disabled)
@%SystemRoot%\system32\SLsvc.exe,-101: %SystemRoot%\system32\SLsvc.exe (autostart)
@%SystemRoot%\system32\SLUINotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (system)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
SQL Server Browser: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" (disabled)
SQL Server VSS Writer: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (manual start)
srv: System32\DRIVERS\srv.sys (manual start)
srv2: System32\DRIVERS\srv2.sys (manual start)
srvnet: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SigmaTel C-Major Audio: system32\drivers\STAC97.sys (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Symc8xx: \SystemRoot\system32\drivers\symc8xx.sys (disabled)
Sym_hi: \SystemRoot\system32\drivers\sym_hi.sys (disabled)
Sym_u3: \SystemRoot\system32\drivers\sym_u3.sys (disabled)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\System32\shsvcs.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
Terminal Services Security Filter Driver: System32\DRIVERS\tssecsrv.sys (manual start)
Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)
Microsoft IPv6 Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
uliahci: \SystemRoot\system32\drivers\uliahci.sys (disabled)
UlSata: \SystemRoot\system32\drivers\ulsata.sys (disabled)
ulsata2: \SystemRoot\system32\drivers\ulsata2.sys (disabled)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
@%SystemRoot%\system32\umrdp.dll,-1000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (disabled)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (disabled)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\drivers\viaagp.sys (manual start)
VIA C7 Processor Driver: \SystemRoot\system32\drivers\viac7.sys (disabled)
viaide: \SystemRoot\system32\drivers\viaide.sys (disabled)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
Dynamic Volume Manager: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (disabled)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
VSTHWICH: system32\DRIVERS\VSTICH3.SYS (manual start)
VST_DPV: system32\DRIVERS\VSTDPV3.SYS (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (disabled)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Remote Access IPv6 ARP Driver: system32\DRIVERS\wanarp.sys (system)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Microsoft Watchdog Timer Driver: \SystemRoot\system32\drivers\wd.sys (disabled)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k wdisvc (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (autostart)
winachsf: system32\DRIVERS\VSTCNXT3.SYS (manual start)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\drivers\wmiacpi.sys (disabled)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" (manual start)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
WPEServ: C:\Program Files\Common Files\WPE\wpeserv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\system32\drivers\ws2ifsl.sys (system)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

*No items found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 49,008 bytes
Report generated in 0.406 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


--------------------------

I updated my highjackthis log.. can anyone help me please?

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 01 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 03 June 2007 - 05:32 AM

anyone?

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 04 June 2007 - 01:16 PM

Hi,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.


It doesn't matter how many times I reformat my hard drive or put a new drive in I can't get rid of them.

Can't get rid of what.

Nothing suspicious was found on your log.

Disable Spyware Doctor:
Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor
Once your log is clean you can re-enable Spyware Doctor.

Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
<-- If these O6 items were set by a LAN Adminitrator do not fix them, ask him/her first. Fixing these 06 items will reset your Control Panel Menu options
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 <-- Please note that many Administrator at offices lock this down on purpose so having HijackThis fix this may be a breach or corporate policy. If you are the Administrator and it has been enabled without your permission, then have HijackThis fix it.

Click on Fix Checked when finished and exit HijackThis.

Enable the protection software.

Let me know what problem persist.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 05 June 2007 - 06:49 PM

Hi,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.


It doesn't matter how many times I reformat my hard drive or put a new drive in I can't get rid of them.

Can't get rid of what.

Nothing suspicious was found on your log.

Disable Spyware Doctor:
Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor
Once your log is clean you can re-enable Spyware Doctor.

Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
<-- If these O6 items were set by a LAN Adminitrator do not fix them, ask him/her first. Fixing these 06 items will reset your Control Panel Menu options
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 <-- Please note that many Administrator at offices lock this down on purpose so having HijackThis fix this may be a breach or corporate policy. If you are the Administrator and it has been enabled without your permission, then have HijackThis fix it.

Click on Fix Checked when finished and exit HijackThis.

Enable the protection software.

Let me know what problem persist.


Here is my new hijackthis log:

*** Keep in mind I do not have an NT system and this is my home computer. The restrictions in control panel, etc. were placed by the hackers.

----------------------------

StartupList report, 6/5/2007, 4:30:15 PM
StartupList version: 1.52.2
Started from : C:\Users\Are you cool\AppData\Local\Temp\Temp5_hijackthis.zip\HijackThis.EXE
Detected: Unknown Windows (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16386)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Windows\system32\Dwm.exe -- part of the hackers
C:\Windows\Explorer.EXE -- part of the hackers
C:\Windows\system32\taskeng.exe -- part of the hackers
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\1179314286\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe -- part of the hackers
C:\Program Files\iTunes\iTunesHelper.exe -- part of the hackers
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Are you cool\AppData\Local\Temp\Temp5_hijackthis.zip\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

--------------------------------------------------

*** The hacker setup the profile roaming along with others ***

Listing of startup folders:

Shell folders Startup:
[C:\Users\Are you cool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

*** The entire NT stuff was setup by the hacker ***

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Windows Defender = C:\Program Files\Windows Defender\MSASCui.exe -hide
BrMfcWnd = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
ControlCenter3 = C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
NuonSoft Wallpaper Cycler 3 StartupHelper = C:\Program Files\NuonSoft\WallpaperCycler3\StartupHelper.exe
NuonSoft ShellEnhancer StartupHelper = C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" --- hacker uses java
pdfFactory Pro Dispatcher v3 = "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Uniblue SpyEraser = "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
Installation Diagnostics = "C:\Program Files\Brother\Brmfl04g\Brinstck.exe" /I MFC-7820N LAN

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command


(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command


[color="#FF0000"](Default) = C:\Windows\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Advanced WindowsCare Personal Startup.job
RegCure Program Check.job
RegCure.job
Uniblue SpyEraser.job

--------------------------------------------------

Enumerating Download Program Files:

[F-Secure Online Scanner 3.1]
InProcServer32 = C:\Windows\Downloaded Program Files\fscax.dll
CODEBASE = http://support.f-sec...m/ols/fscax.cab

[CKAVWebScan Object]
InProcServer32 = C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
CODEBASE = http://fpdownload2.m...ash/swflash.cab

[WMI Class]
CODEBASE = http://support.dell....r/SysProExe.CAB

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
CODEBASE = http://javadl-esd.su...ows-i586-jc.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\System32\mswsock.dll
NameSpace #3: C:\Windows\System32\winrnr.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
Protocol #1: C:\Program Files\Fortinet\FortiClient\fortilsp.dll
Protocol #2: C:\Program Files\Fortinet\FortiClient\fortilsp.dll
Protocol #3: C:\Program Files\Fortinet\FortiClient\fortilsp.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll
Protocol #11: C:\Windows\system32\mswsock.dll
Protocol #12: C:\Windows\system32\mswsock.dll
Protocol #13: C:\Windows\system32\mswsock.dll
Protocol #14: C:\Windows\system32\mswsock.dll
Protocol #15: C:\Windows\system32\mswsock.dll
Protocol #16: C:\Windows\system32\mswsock.dll
Protocol #17: C:\Windows\system32\mswsock.dll
Protocol #18: C:\Windows\system32\mswsock.dll
Protocol #19: C:\Windows\system32\mswsock.dll
Protocol #20: C:\Windows\system32\mswsock.dll
Protocol #21: C:\Windows\system32\mswsock.dll
Protocol #22: C:\Windows\system32\mswsock.dll
Protocol #23: C:\Windows\system32\mswsock.dll
Protocol #24: C:\Windows\system32\mswsock.dll
Protocol #25: C:\Windows\system32\mswsock.dll
Protocol #26: C:\Program Files\Fortinet\FortiClient\fortilsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\drivers\acpi.sys (system)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (disabled)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (disabled)
adpu160m: \SystemRoot\system32\drivers\adpu160m.sys (disabled)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (disabled)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Ancilliary Function Driver for Winsock: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
aic78xx: \SystemRoot\system32\drivers\djsvs.sys (disabled)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\drivers\amdagp.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (disabled)
AMD K7 Processor Driver: \SystemRoot\system32\drivers\amdk7.sys (disabled)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (disabled)
AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@appmgmts.dll,-3250: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\drivers\arc.sys (disabled)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (disabled)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\drivers\atapi.sys (system)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: system32\DRIVERS\bcm4sbxp.sys (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
blbdrive: \SystemRoot\system32\drivers\blbdrive.sys (disabled)
Bowser: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\brfiltlo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\brfiltup.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Brother MFC Serial Port Interface Driver (WDM): system32\DRIVERS\BrSerId.sys (manual start)
Brother WDM Serial driver: \SystemRoot\system32\drivers\brserwdm.sys (disabled)
Brother MFC USB Fax Only Modem: \SystemRoot\system32\drivers\brusbmdm.sys (disabled)
Brother MFC USB Serial WDM Driver: system32\DRIVERS\BrUsbSer.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (disabled)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (disabled)
Common Log (CLFS): System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (disabled)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: system32\drivers\crcdisk.sys (system)
Transmeta Crusoe Processor Driver: \SystemRoot\system32\drivers\crusoe.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Offline Files Driver: system32\drivers\csc.sys (system)
@%systemroot%\system32\cscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (disabled)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
Dfs Client Driver: System32\Drivers\dfsc.sys (system)
@dfsrres.dll,-101: %SystemRoot%\system32\DFSR.exe (disabled)
@%SystemRoot%\system32\dhcpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Disk Driver: system32\drivers\disk.sys (system)
DLABMFSM: System32\DLA\DLABMFSM.SYS (autostart)
DLABOIOM: System32\DLA\DLABOIOM.SYS (autostart)
DLACDBHM: System32\Drivers\DLACDBHM.SYS (system)
DLADResM: System32\DLA\DLADResM.SYS (autostart)
DLAIFS_M: System32\DLA\DLAIFS_M.SYS (autostart)
DLAOPIOM: System32\DLA\DLAOPIOM.SYS (autostart)
DLAPoolM: System32\DLA\DLAPoolM.SYS (autostart)
DLARTL_M: System32\Drivers\DLARTL_M.SYS (system)
DLAUDFAM: System32\DLA\DLAUDFAM.SYS (autostart)
DLAUDF_M: System32\DLA\DLAUDF_M.SYS (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (disabled)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DRVMCDB: System32\Drivers\DRVMCDB.SYS (system)
DRVNDDM: System32\Drivers\DRVNDDM.SYS (autostart)
DSBrokerService: "C:\Program Files\DellSupport\brkrsvc.exe" (manual start)
DSproct: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (manual start)
DellSupport UniDriver: system32\DRIVERS\dsunidrv.sys (autostart)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
Intel® PRO/1000 NDIS 6 Adapter Driver: system32\DRIVERS\E1G60I32.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
ReadyBoost Caching Driver: System32\drivers\ecache.sys (system)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
@%SystemRoot%\ehome\ehstart.dll,-101: %windir%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (disabled)
@%SystemRoot%\system32\emdmgmt.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Fortinet FMonitor: system32\drivers\fortimon.sys (system)
Fortinet RMonitor: system32\drivers\rmon.sys (system)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (disabled)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
File Information FS MiniFilter: system32\drivers\fileinfo.sys (system)
FileTrace: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (disabled)
FltMgr: system32\drivers\fltmgr.sys (system)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Fortigen: system32\drivers\fortigen.sys (system)
FortiPFW: \??\C:\Windows\system32\drivers\FortiPFW.sys (system)
Fortips: \??\C:\Windows\system32\drivers\fortips.sys (autostart)
BitLocker Drive Encryption Filter Driver: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
GFI LANguard N.S.S. 8.0 Attendant Service: "C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service (autostart)
gmer: System32\DRIVERS\gmer.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
Microsoft UAA Bus Driver for High Definition Audio: \SystemRoot\system32\drivers\hdaudbus.sys (disabled)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (disabled)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (disabled)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HpCISSs: \SystemRoot\system32\drivers\hpcisss.sys (disabled)
HTTP: system32\drivers\HTTP.sys (manual start)
i2omp: \SystemRoot\system32\drivers\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Intel RAID Controller Vista: \SystemRoot\system32\drivers\iastorv.sys (disabled)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (manual start)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (disabled)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (disabled)
intelide: system32\drivers\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IPMIDRV: \SystemRoot\system32\drivers\ipmidrv.sys (disabled)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
@%Systemroot%\system32\iprip.dll,-200: %SystemRoot%\System32\svchost.exe -k ipripsvc (autostart)
IR Bus Enumerator: system32\drivers\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: \SystemRoot\system32\drivers\isapnp.sys (disabled)
iScsiPort Driver: system32\DRIVERS\msiscsi.sys (manual start)
ITEATAPI_Service_Install: \SystemRoot\system32\drivers\iteatapi.sys (disabled)
ITERAID_Service_Install: \SystemRoot\system32\drivers\iteraid.sys (disabled)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: \SystemRoot\system32\drivers\kbdhid.sys (disabled)
CNG Key Isolation: %SystemRoot%\system32\lsass.exe (disabled)
KSecDD: System32\Drivers\ksecdd.sys (system)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (disabled)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (disabled)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (disabled)
UAC File Virtualization: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" (autostart)
megasas: \SystemRoot\system32\drivers\megasas.sys (disabled)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Modem: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: \SystemRoot\system32\drivers\mouhid.sys (disabled)
Mount Point Manager: System32\drivers\mountmgr.sys (system)
Microsoft Multi-Path Bus Driver: \SystemRoot\system32\drivers\mpio.sys (disabled)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
Mraid35x: \SystemRoot\system32\drivers\mraid35x.sys (disabled)
WebDav Client Redirector Driver: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
SMB MiniRedirector Wrapper and Engine: system32\DRIVERS\mrxsmb.sys (manual start)
SMB 1.x MiniRedirector: system32\DRIVERS\mrxsmb10.sys (manual start)
SMB 2.0 MiniRedirector: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (disabled)
Microsoft Multi-Path Device Specific Module: \SystemRoot\system32\drivers\msdsm.sys (disabled)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
ISA/EISA Class Driver: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
SQL Server (MSSMLBIZ): "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (autostart)
SQL Server Active Directory Helper: "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" (disabled)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Mup: System32\Drivers\mup.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
NDIS System Driver: system32\drivers\ndis.sys (system)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NETBT: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\netprof.dll,-246: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista: system32\DRIVERS\NETw2v32.sys (manual start)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (disabled)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Netgroup Packet Filter: system32\drivers\npf.sys (manual start)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
NSI proxy service: system32\drivers\nsiproxy.sys (system)
N-trig HID Tablet Driver: \SystemRoot\system32\drivers\ntrigdigi.sys (disabled)
nvlddmkm: system32\DRIVERS\nvlddmkm.sys (manual start)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (disabled)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (disabled)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
NWADI Bus Enumerator: system32\DRIVERS\NWADIenum.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
RICOH OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (disabled)
Partition Manager: System32\drivers\partmgr.sys (system)
Parvdm: \SystemRoot\system32\drivers\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: \SystemRoot\system32\drivers\pciide.sys (disabled)
pcmcia: system32\DRIVERS\pcmcia.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\p2psvc.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (disabled)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (disabled)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (autostart)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
QLogic Fibre Channel Miniport Driver: \SystemRoot\system32\drivers\ql2300.sys (disabled)
QLogic iSCSI Miniport Driver: \SystemRoot\system32\drivers\ql40xx.sys (disabled)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Redirected Buffering Sub Sysytem: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
RDP Encoder Mirror Driver: system32\drivers\rdpencdd.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
SBP-2 Transport/Protocol Bus Driver: \SystemRoot\system32\drivers\sbp2port.sys (disabled)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: \SystemRoot\system32\drivers\serenum.sys (manual start)
Serial Port Driver: \SystemRoot\system32\drivers\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (disabled)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (disabled)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (disabled)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\drivers\sisagp.sys (manual start)
SiSRaid2: \SystemRoot\system32\drivers\sisraid2.sys (disabled)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (disabled)
@%SystemRoot%\system32\SLsvc.exe,-101: %SystemRoot%\system32\SLsvc.exe (autostart)
@%SystemRoot%\system32\SLUINotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (system)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
SQL Server Browser: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" (disabled)
SQL Server VSS Writer: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (manual start)
srv: System32\DRIVERS\srv.sys (manual start)
srv2: System32\DRIVERS\srv2.sys (manual start)
srvnet: System32\DRIVERS\srvnet.sys (manual start)
SSDP Discovery: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SigmaTel C-Major Audio: system32\drivers\STAC97.sys (manual start)
Still Serial Digital Camera Driver: system32\DRIVERS\serscan.sys (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Symc8xx: \SystemRoot\system32\drivers\symc8xx.sys (disabled)
Sym_hi: \SystemRoot\system32\drivers\sym_hi.sys (disabled)
Sym_u3: \SystemRoot\system32\drivers\sym_u3.sys (disabled)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\System32\shsvcs.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
Terminal Services Security Filter Driver: System32\DRIVERS\tssecsrv.sys (manual start)
Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)
Microsoft IPv6 Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
uliahci: \SystemRoot\system32\drivers\uliahci.sys (disabled)
UlSata: \SystemRoot\system32\drivers\ulsata.sys (disabled)
ulsata2: \SystemRoot\system32\drivers\ulsata2.sys (disabled)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
@%SystemRoot%\system32\umrdp.dll,-1000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (disabled)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (disabled)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\drivers\viaagp.sys (manual start)
VIA C7 Processor Driver: \SystemRoot\system32\drivers\viac7.sys (disabled)
viaide: \SystemRoot\system32\drivers\viaide.sys (disabled)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
Dynamic Volume Manager: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (disabled)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
VSTHWICH: system32\DRIVERS\VSTICH3.SYS (manual start)
VST_DPV: system32\DRIVERS\VSTDPV3.SYS (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (disabled)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Remote Access IPv6 ARP Driver: system32\DRIVERS\wanarp.sys (system)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Microsoft Watchdog Timer Driver: \SystemRoot\system32\drivers\wd.sys (disabled)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k wdisvc (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (disabled)
winachsf: system32\DRIVERS\VSTCNXT3.SYS (manual start)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\drivers\wmiacpi.sys (disabled)

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 06 June 2007 - 07:17 AM

Please submit a fresh HijackThis log. Not the Startup List.

The items you formatted in red are all good. You have Windows vista and the files and items listed are not to be removed.

Let me know what your problem is. You said you have formatted the drive and reinstall the operating system. Not sure how you can think that you have malware.

Very few of us helpers are experts in the Vista Operating system. I'll see what I can do.

p.s.

When replying to your topic, please use the Posted Image button.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 06 June 2007 - 03:27 PM

Please submit a fresh HijackThis log. Not the Startup List.

The items you formatted in red are all good. You have Windows vista and the files and items listed are not to be removed.

Let me know what your problem is. You said you have formatted the drive and reinstall the operating system. Not sure how you can think that you have malware.

Very few of us helpers are experts in the Vista Operating system. I'll see what I can do.

p.s.

When replying to your topic, please use the Posted Image button.



Sir, with all due respect. Someone has hijacked my laptop. People log into my system every day. Without my authorization. It says I have an NT system. I dont! I have a vista. I just tried installing a pdf software for vista but the software halted because it said it cannot install on an NT system.

Logfile of HijackThis v1.99.1
Scan saved at 1:23:40 PM, on 6/6/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\1179314286\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
C:\Program Files\Microsoft Office\Office12\MSPUB.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\eFax Messenger 4.3\J2GPBook.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Users\Are you cool\AppData\Local\Temp\Temp6_hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NuonSoft Wallpaper Cycler 3 StartupHelper] C:\Program Files\NuonSoft\WallpaperCycler3\StartupHelper.exe
O4 - HKLM\..\Run: [NuonSoft ShellEnhancer StartupHelper] C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Installation Diagnostics] "C:\Program Files\Brother\Brmfl04g\Brinstck.exe" /I MFC-7820N LAN
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell....r/SysProExe.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

The files I highlighted in red in my previous posts are files these hijackers use on my system. Just moments ago someone who was logged in to my system deleted all my documents. I am pulling my hair out!

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 07 June 2007 - 07:59 AM

You cannot go on the internet without any Virus and a Firewall.

Install this one for now.

Avast!
Home Edition. Free Edition.
http://www.avast.com/eng/download.html

Install a Firewall, see links in my signature.

This should stop all inbound infections.

Submit a fresh HijackThis log and will take it from there.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 07 June 2007 - 06:03 PM

You cannot go on the internet without any Virus and a Firewall.

Install this one for now.

Avast!
Home Edition. Free Edition.
http://www.avast.com/eng/download.html

Install a Firewall, see links in my signature.

This should stop all inbound infections.

Submit a fresh HijackThis log and will take it from there.



Can I hire you to get my problem fixed? While I thank you for your help to date this is turning into weeks. If you recall from prior messages you asked me to disable my firewall and anto virus programs. How do you want me to proceed? I have reinstated my programs. Please tell me how? Have you looked at my previous hijackthis logs?

Edited by KevYaeger72, 07 June 2007 - 06:06 PM.


#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 07 June 2007 - 06:56 PM

Now that the programs have veen enable, let me see a fresh HijackThis log for review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 08 June 2007 - 03:14 AM

Now that the programs have veen enable, let me see a fresh HijackThis log for review.


Im disappointed

#13 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 08 June 2007 - 03:32 AM

Now that the programs have veen enable, let me see a fresh HijackThis log for review.


Logfile of HijackThis v1.99.1
Scan saved at 1:18:28 AM, on 06/08/07
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
** hacker used***

C:\Windows\Explorer.EXE
** hacker used***

C:\Windows\system32\taskeng.exe
** hacker used***

C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\1179314286\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Internet Explorer\IEUser.exe
** hacker used***

C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Are you cool\AppData\Local\Temp\Temp7_hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
** hacker used***

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
** hacker used***

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
** hacker used***

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
** hacker used***

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
** hacker used***

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
** hacker used***

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
** hacker used***

O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Installation Diagnostics] "C:\Program Files\Brother\Brmfl04g\Brinstck.exe" /I MFC-7820N LAN
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
** hacker used***

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
** hacker used***

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
** hacker used***

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
** hacker used***

O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll

O11 - Options group: [INTERNATIONAL] International*
** hacker used***

O13 - Gopher Prefix:
*** what is this???***

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} -

http://fpdownload2.m...ash/swflash.cab
***THis launches everytime I launch any program ***

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell....r/SysProExe.CAB

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
*** I uninstalled Java.. this is here still ***

O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
*** this is my check program so they can monitor the checks I write ***

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
*** what is this ***

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
*** Seaches on google say this is a trojan? ***


O23 - Service: A1Monitor86723728 - A1Tech Software www.a1tech.com - C:\Program Files\A1Monitor\VMonitor.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
*** this is used by the hacker ***

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
*** this is used by the hacker ***

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
*** this is used by the hacker *** *** I can uninstall this and it reinstalls by it self ***


-- Keep in mind I do NOT have any Win NT system running. Never have. The seclogon is used by the hacker. Most of the services running above are used by the hacker. Everytime I delete something it either A) does not delete; B) reinstalls automatically. This hacker uses known system files such as internet explorer, etc.

I have many notes above. Please look out for all

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 08 June 2007 - 05:08 AM

I respecfully request that you start listening.



Submit a fresh HijackThis log for my review.

Must of the items you feel are comming from the hackers are not and they are needed by the Vista Operating system.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 10 June 2007 - 08:32 PM

I respecfully request that you start listening.



Submit a fresh HijackThis log for my review.

Must of the items you feel are comming from the hackers are not and they are needed by the Vista Operating system.


The last psot I made had a current hijackthis..

#16 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 10 June 2007 - 08:38 PM

I respecfully request that you start listening.



Submit a fresh HijackThis log for my review.

Must of the items you feel are comming from the hackers are not and they are needed by the Vista Operating system.



Logfile of HijackThis v1.99.1
Scan saved at 6:33:22 PM, on 06/10/07
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\1179314286\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\System32\spool\drivers\w32x86\3\fppdis3a.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Macromedia\Fireworks 8\Fireworks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Are you cool\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell....r/SysProExe.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: A1Monitor86723728 - Unknown owner - C:\Program Files\A1Monitor\VMonitor.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


Sir, maybe you mis-understood what I have been trying to say. These files that are used by Vista are also being used by the hacker. The hacker is disguising itself using these files to go undetected

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 11 June 2007 - 07:42 AM

Nothing suspicious was found on your log.

Let's hope these scans can be completed on your Vista Operating System.

Kaspersky on line scan.
http://kaspersky.com...kavwebscan.html

Go to Kaspersky Online Scanner http://kaspersky.com...kavwebscan.html and click Accept
When the updates are finished downloading, click Next>>Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

=*=

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-sec...home/ols3.shtml
  • Click the Online Virus Scanner link. (Bottom of the page)
  • When prompted, choose to install the software.
  • After the software has installed, click Accept.
  • Click Custom Scan and check the option for Scan inside archives, then click Start.
  • The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
  • If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
  • After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
  • In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 12 June 2007 - 10:47 PM

Nothing suspicious was found on your log.

Let's hope these scans can be completed on your Vista Operating System.

Kaspersky on line scan.
http://kaspersky.com...kavwebscan.html

Go to Kaspersky Online Scanner http://kaspersky.com...kavwebscan.html and click Accept
When the updates are finished downloading, click Next>>Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

=*=

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-sec...home/ols3.shtml

  • Click the Online Virus Scanner link. (Bottom of the page)
  • When prompted, choose to install the software.
  • After the software has installed, click Accept.
  • Click Custom Scan and check the option for Scan inside archives, then click Start.
  • The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
  • If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
  • After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
  • In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
06/12/2007 8:01:52 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/06/2007
Kaspersky Anti-Virus database records: 342808
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 124007
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:55:11

Infected Object Name / Virus Name / Last Action
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\GFI\EndPointSecurity 3.0\DebugLogs\Logger.csv Object is locked skipped
C:\ProgramData\AOL\ACS\1.0\ph Object is locked skipped
C:\ProgramData\AOL\ACS\1.0\variable Object is locked skipped
C:\ProgramData\AOL\C_AOL 9.0\idb\SNMaster.idx Object is locked skipped
C:\ProgramData\AOL\C_AOL 9.0\idb\zboica\MyDB.idx Object is locked skipped
C:\ProgramData\AOL\C_AOL 9.0\idb\zboica\toolbar.lst Object is locked skipped
C:\ProgramData\AOL\C_AOL 9.0\organize\CACHE\zboi00 Object is locked skipped
C:\ProgramData\AOL\C_AOL 9.0\organize\zboica Object is locked skipped
C:\ProgramData\AOL\C_AOL 9.0\organize\zboica.abi Object is locked skipped
C:\ProgramData\AOL\C_AOL 9.0\organize\zboica.aby Object is locked skipped
C:\ProgramData\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped
C:\ProgramData\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped
C:\ProgramData\AOL\TopSpeed\3.0\cache.db Object is locked skipped
C:\ProgramData\AOL\TopSpeed\3.0\ncoc Object is locked skipped
C:\ProgramData\AOL\TopSpeed\3.0\server.lock Object is locked skipped
C:\ProgramData\Brother\BrLog\BrCollectDir\BR_Compress_20070523_023039_1_1 Object is locked skipped
C:\ProgramData\Brother\BrLog\BrCollectDir\BR_PC_CHK.txt Object is locked skipped
C:\ProgramData\Brother\BrLog\BrCollectDir\Progress_log_Compress.txt Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04622d8367a31cd6c73bf3c335a5f035_7722544a-0953-4fe6-a7c8-b531c2f1f83c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79c71194995476d5b4bb4b6c1e82e3fd_7722544a-0953-4fe6-a7c8-b531c2f1f83c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db842668a23e88533f6bc89da136d4a4_7722544a-0953-4fe6-a7c8-b531c2f1f83c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df2953ee3260556099dea5412a56568d_7722544a-0953-4fe6-a7c8-b531c2f1f83c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e09d7819fc34d1dbbae29b90fefd144b_7722544a-0953-4fe6-a7c8-b531c2f1f83c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ecd61e8a97a959695c68f4325cd66cf2_7722544a-0953-4fe6-a7c8-b531c2f1f83c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_7722544a-0953-4fe6-a7c8-b531c2f1f83c Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\LNSS_MONITOR_USR.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk Object is locked skipped
C:\Users\Are you cool\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\UsrClass.dat{0a1d0701-038d-11dc-bf4b-0013ce12f35f}.TM.blf Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\UsrClass.dat{0a1d0701-038d-11dc-bf4b-0013ce12f35f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows\UsrClass.dat{0a1d0701-038d-11dc-bf4b-0013ce12f35f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Are you cool\AppData\Local\Microsoft\Windows Defender\FileTracker\{6A2432EE-8DE2-4D64-88EB-19965B5C67D9} Object is locked skipped
C:\Users\Are you cool\AppData\Local\Mozilla\Firefox\Profiles\n1940tj2.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Are you cool\AppData\Local\Mozilla\Firefox\Profiles\n1940tj2.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Are you cool\AppData\Local\Mozilla\Firefox\Profiles\n1940tj2.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Are you cool\AppData\Local\Mozilla\Firefox\Profiles\n1940tj2.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Are you cool\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\AOL\C_AOL 9.0\IDB\Apps.Lst Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\AOL\C_AOL 9.0\IDB\art.idx Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\AOL\C_AOL 9.0\IDB\sap.dat Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\AOL\C_AOL 9.0\IDB\spool.lst Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\AOL\C_AOL 9.0\IDB\sysnews.lst Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\Mozilla\Firefox\Profiles\n1940tj2.default\cert8.db Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\Mozilla\Firefox\Profiles\n1940tj2.default\formhistory.dat Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\Mozilla\Firefox\Profiles\n1940tj2.default\history.dat Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\Mozilla\Firefox\Profiles\n1940tj2.default\key3.db Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\Mozilla\Firefox\Profiles\n1940tj2.default\parent.lock Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\Mozilla\Firefox\Profiles\n1940tj2.default\search.sqlite Object is locked skipped
C:\Users\Are you cool\AppData\Roaming\Mozilla\Firefox\Profiles\n1940tj2.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Are you cool\Desktop\keylogger-download.zip/HomeKeyLogger-setup.exe/data0006 Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.162 skipped
C:\Users\Are you cool\Desktop\keylogger-download.zip/HomeKeyLogger-setup.exe/data0007 Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped
C:\Users\Are you cool\Desktop\keylogger-download.zip/HomeKeyLogger-setup.exe Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped
C:\Users\Are you cool\Desktop\keylogger-download.zip ZIP: infected - 3 skipped
C:\Users\Are you cool\ntuser.dat Object is locked skipped
C:\Users\Are you cool\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Are you cool\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Are you cool\ntuser.dat{d41138c1-0e34-11dc-8b3d-00123fddda37}.TM.blf Object is locked skipped
C:\Users\Are you cool\ntuser.dat{d41138c1-0e34-11dc-8b3d-00123fddda37}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Are you cool\ntuser.dat{d41138c1-0e34-11dc-8b3d-00123fddda37}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSIBFD8.tmp Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9DC15A4F-313B-492B-BC2C-FD4B4F07EA3D}.crmlog Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\components Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\default Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\sam Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\security Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\software Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\system Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\21D7529435092A1DD242FD6ACF494493.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A20D7181B570E2E2142FB6261D170A2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\B8F066315788F9A2DF744CF3A9F7F3D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ForwardedEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Plug and Browse.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\RegCure Program Check.job Object is locked skipped
C:\Windows\Tasks\RegCure.job Object is locked skipped
C:\Windows\Tasks\Uniblue SpyEraser.job Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.


---------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:54:02 PM, on 06/12/07
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\1179314286\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\freedom GUi\freedom GUi.exe
C:\Users\Are you cool\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [acc] C:\PROGRA~1\acc\acc.exe
O4 - Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 8.0\statusmonitor.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Plug and Browse.lnk = C:\Program Files\Interactive Studios\Plug and Browse\PbSysTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fortinet\forticlient\fortilsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell....r/SysProExe.CAB
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: plugbrowse - PbEvtNot.dll (file missing)
O23 - Service: A1Monitor86723728 - Unknown owner - C:\Program Files\A1Monitor\VMonitor.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI EndpointSecurity LoggerService - Unknown owner - C:\Program Files\GFI\EndPointSecurity 3.0\LoggerService.exe
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service (file missing)
O23 - Service: Global Network Inventory service (GniServ) - Magneto Software - C:\Program Files\Magneto Software\GlobalNetworkInventory\gniserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: Plug and Browse Service (PlugAndBrowse) - Interactive Studios Inc. - C:\Program Files\Interactive Studios\Plug and Browse\PlugBrowseSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

-----------------------

My system wont run the f-secure online scanner. It freezes. I've tried about ten times. This hacker created a user profile called "roaming". I do not use ANY pnp devices. The keylogger is mine.

Edited by KevYaeger72, 12 June 2007 - 11:59 PM.


#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 13 June 2007 - 07:48 AM

Your log is clean of malware.

I googled this string "\AppData\Roaming\" no quotes and I found out that AppData\Roaming folder in Windows Vista is the same as the Documents and Settings\username\Application Data folder in Windows XP. Nothing to worry about.

The falso positives issued by Kaspersky are from your keylogger.

There is nothing else I can do here.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#20 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 13 June 2007 - 07:43 PM

Your log is clean of malware.

I googled this string "\AppData\Roaming\" no quotes and I found out that AppData\Roaming folder in Windows Vista is the same as the Documents and Settings\username\Application Data folder in Windows XP. Nothing to worry about.

The falso positives issued by Kaspersky are from your keylogger.

There is nothing else I can do here.


People are logging into my computer. How can I stop this from happening?

#21 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 13 June 2007 - 07:53 PM

[quote name='KevYaeger72' post='551675' date='Jun 13 2007, 05:43 PM']
[quote name='nasdaq' post='551526' date='Jun 13 2007, 05:48 AM']
Your log is clean of malware.

I googled this string "\AppData\Roaming\" no quotes and I found out that AppData\Roaming folder in Windows Vista is the same as the Documents and Settings\username\Application Data folder in Windows XP. Nothing to worry about.

The falso positives issued by Kaspersky are from your keylogger.

There is nothing else I can do here.
[/quote]

StartupList report, 06/13/07, 5:50:21 PM
StartupList version 2.02.0
Started from: C:\Users\Are you cool\AppData\Local\Temp\Temp1_startuplist.zip\StartupList.EXE
Detected: Windows Vista (WinNT 6.00.6000)
Logged on as 'Are you cool' to 'AREYOUCOOL-PC'
* Using default options (see end of log for possible options)
==================================================

Running processes (14):

[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe (142)]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ACE.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatFNP.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeLinguistic.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Adobelm.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeUpdater.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AGM.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\BIB.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\CoolType.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\LIBMYSQLD.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Accessibility.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\AcroForm.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\ADBC.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Annots.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Catalog.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Checkers.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\DigSig.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\DistillerPI.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\DVA.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\eBook.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Editor.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\EScript.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\EWH32.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\HLS.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\HTML2PDF.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\IA32.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\ImageConversion.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\ImageViewer.API
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\InDesignPI.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\JDFProdDef.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\MakeAccessible.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Multimedia.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\PaperCapture.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\PDDom.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\PPKLite.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Preflight.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\ReadOutLoud.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\reflow.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\SaveAsRTF.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\SaveAsXML.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Scan.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Search.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Search5.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\SendMail.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Spelling.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\TablePicker.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\TouchUp.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\Updater.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\weblink.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\WebPDF.api
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins\XPS2PDF.api
C:\Program Files\AOL 9.0\idleproc.dll
C:\Program Files\Fortinet\FortiClient\fortilsp.dll
C:\Windows\System32\actxprxy.dll
C:\Windows\system32\ADVAPI32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\browseui.dll
C:\Windows\system32\CLBCatQ.DLL
C:\Windows\system32\comdlg32.dll
C:\Windows\system32\credssp.dll
C:\Windows\system32\CRYPT32.dll
C:\Windows\System32\CSCAPI.dll
C:\Windows\System32\CSCDLL.dll
C:\Windows\System32\cscui.dll
C:\Windows\system32\dhcpcsvc.DLL
C:\Windows\system32\dhcpcsvc6.DLL
C:\Windows\system32\DNSAPI.dll
C:\Windows\system32\DUser.dll
C:\Windows\system32\GDI32.dll
C:\Windows\system32\ieframe.dll
C:\Windows\system32\iertutil.dll
C:\Windows\system32\imagehlp.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\system32\IPHLPAPI.DLL
C:\Windows\system32\kernel32.dll
C:\Windows\system32\LPK.DLL
C:\Windows\system32\MSASN1.dll
C:\Windows\system32\mscms.dll
C:\Windows\system32\MSCTF.dll
C:\Windows\system32\MSIMG32.dll
C:\Windows\System32\msshsq.dll
C:\Windows\system32\MSVCP60.dll
C:\Windows\system32\MSVCR71.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\System32\mswsock.dll
C:\Windows\system32\napinsp.dll
C:\Windows\system32\NETAPI32.dll
C:\Windows\system32\NetworkExplorer.dll
C:\Windows\system32\NLAapi.dll
C:\Windows\system32\Normaliz.dll
C:\Windows\system32\NSI.dll
C:\Windows\system32\ntdll.dll
C:\Windows\system32\NTMARTA.DLL
C:\Windows\system32\ntshrui.dll
C:\Windows\system32\ole32.dll
C:\Windows\system32\OLEACC.dll
C:\Windows\system32\OLEAUT32.dll
C:\Windows\system32\oledlg.dll
C:\Windows\system32\pnrpnsp.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\system32\PSAPI.DLL
C:\Windows\system32\rasadhlp.dll
C:\Windows\system32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\system32\SAMLIB.dll
C:\Windows\system32\schannel.dll
C:\Windows\system32\Secur32.dll
C:\Windows\system32\SETUPAPI.dll
C:\Windows\system32\SHDOCVW.dll
C:\Windows\system32\SHELL32.dll
C:\Windows\system32\SHLWAPI.dll
C:\Windows\system32\slc.dll
C:\Windows\system32\snmpapi.dll
C:\Windows\system32\thumbcache.dll
C:\Windows\system32\urlmon.dll
C:\Windows\system32\USER32.dll
C:\Windows\system32\USERENV.dll
C:\Windows\system32\USP10.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\VERSION.dll
C:\Windows\system32\WindowsCodecs.dll
C:\Windows\system32\WINHTTP.dll
C:\Windows\system32\WININET.dll
C:\Windows\system32\WINMM.dll
C:\Windows\system32\WINNSI.DLL
C:\Windows\System32\winrnr.dll
C:\Windows\system32\WINSPOOL.DRV
C:\Windows\system32\WINTRUST.dll
C:\Windows\system32\WLDAP32.dll
C:\Windows\system32\ws2_32.dll
C:\Windows\System32\wship6.dll
C:\Windows\System32\wshtcpip.dll
C:\Windows\system32\WSOCK32.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\MSVCP80.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\MSVCR80.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe (57)]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
C:\Program Files\AOL 9.0\idleproc.dll
C:\Windows\system32\ADVAPI32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\CLBCatQ.DLL
C:\Windows\system32\comdlg32.dll
C:\Windows\system32\CRYPT32.dll
C:\Windows\system32\dhcpcsvc.DLL
C:\Windows\system32\dhcpcsvc6.DLL
C:\Windows\system32\DNSAPI.dll
C:\Windows\system32\GDI32.dll
C:\Windows\system32\imagehlp.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\system32\iphlpapi.dll
C:\Windows\system32\kernel32.dll
C:\Windows\system32\LPK.DLL
C:\Windows\system32\MSASN1.dll
C:\Windows\system32\MSCTF.dll
C:\Windows\system32\MSVCR71.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\System32\mswsock.dll
C:\Windows\system32\NSI.dll
C:\Windows\system32\ntdll.dll
C:\Windows\system32\NTMARTA.DLL
C:\Windows\system32\ole32.dll
C:\Windows\system32\OLEACC.dll
C:\Windows\system32\OLEAUT32.dll
C:\Windows\system32\oledlg.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\system32\PSAPI.DLL
C:\Windows\system32\rasadhlp.dll
C:\Windows\system32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\system32\SAMLIB.dll
C:\Windows\system32\Secur32.dll
C:\Windows\system32\SETUPAPI.dll
C:\Windows\system32\SHELL32.dll
C:\Windows\system32\SHLWAPI.dll
C:\Windows\system32\USER32.dll
C:\Windows\system32\USERENV.dll
C:\Windows\system32\USP10.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\VERSION.dll
C:\Windows\system32\WINMM.dll
C:\Windows\system32\WINNSI.DLL
C:\Windows\system32\WINSPOOL.DRV
C:\Windows\system32\WINTRUST.dll
C:\Windows\system32\WLDAP32.dll
C:\Windows\system32\WS2_32.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\MSVCP80.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\MSVCR80.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

[C:\Program Files\AOL 9.0\shellmon.exe (20)]
C:\Windows\system32\ADVAPI32.dll
C:\Windows\system32\GDI32.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\system32\kernel32.dll
C:\Windows\system32\LPK.DLL
C:\Windows\system32\MSCTF.dll
C:\Windows\system32\MSIMG32.dll
C:\Windows\system32\MSVCR71.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\system32\ntdll.dll
C:\Windows\system32\ole32.dll
C:\Windows\system32\RPCRT4.dll
C:\Windows\system32\Secur32.dll
C:\Windows\system32\SHLWAPI.dll
C:\Windows\system32\USER32.dll
C:\Windows\system32\USERENV.dll
C:\Windows\system32\USP10.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\VERSION.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

[C:\Program Files\AOL 9.0\waol.exe (184)]
C:\Program Files\AOL 9.0\ABOOK.dll
C:\Program Files\AOL 9.0\acfBase.DLL
C:\Program Files\AOL 9.0\APPDATA.dll
C:\Program Files\AOL 9.0\comm.dll
C:\Program Files\AOL 9.0\Components\DataSvcs.dll
C:\Program Files\AOL 9.0\Components\Tier2Svc.dll
C:\Program Files\AOL 9.0\COOLAPI.dll
C:\Program Files\AOL 9.0\coolcore46.dll
C:\Program Files\AOL 9.0\DUNZIP32.dll
C:\Program Files\AOL 9.0\idleproc.dll
C:\Program Files\AOL 9.0\manager.dll
C:\Program Files\AOL 9.0\Media\NmpXChat\nmpxchat.dll
C:\Program Files\AOL 9.0\Media\NmpXChat\Plugins\in_midi.dll
C:\Program Files\AOL 9.0\Media\NmpXChat\Plugins\in_mp3.dll
C:\Program Files\AOL 9.0\Media\NmpXChat\Plugins\in_wave.dll
C:\Program Files\AOL 9.0\Media\NmpXChat\Plugins\out_ds.dll
C:\Program Files\AOL 9.0\Media\NmpXChat\Plugins\out_mm2.dll
C:\Program Files\AOL 9.0\ProxyMgr.dll
C:\Program Files\AOL 9.0\resource.dll
C:\Program Files\AOL 9.0\supersub.dll
C:\Program Files\AOL 9.0\SYNCCORE.dll
C:\Program Files\AOL 9.0\TOOL\actvx.rct
C:\Program Files\AOL 9.0\TOOL\chat.tol
C:\Program Files\AOL 9.0\TOOL\coretool.rct
C:\Program Files\AOL 9.0\TOOL\htmlview.tol
C:\Program Files\AOL 9.0\TOOL\imfdecode.rct
C:\Program Files\AOL 9.0\TOOL\lvi.tol
C:\Program Files\AOL 9.0\TOOL\mip.tol
C:\Program Files\AOL 9.0\TOOL\rich.rct
C:\Program Files\AOL 9.0\TOOL\sec.cct
C:\Program Files\AOL 9.0\TOOL\talk.tol
C:\Program Files\AOL 9.0\TOOL\www.tol
C:\Program Files\AOL 9.0\waol.dll
C:\Program Files\AOL 9.0\xmlparse.dll
C:\Program Files\AOL 9.0\xmltok.dll
C:\Program Files\AOL 9.0\xprt5.dll
C:\Program Files\AOL 9.0\zlib.dll
C:\Program Files\Common Files\AOL\1179314286\ee\AOLSvcMgr.dll
c:\program files\common files\aol\1179314286\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll
C:\Program Files\Common Files\AOL\1179314286\ee\tai2.dll
C:\Program Files\Common Files\AOL\ACF\ActCntxt.dll
C:\Program Files\Common Files\AOL\ACF\StaActvr.dll
C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll
C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
C:\Program Files\Common Files\AOL\Proofreader\proofread.dll
C:\Program Files\Common Files\AOL\Proofreader\ssce5432.dll
C:\Program Files\Common Files\AOL\Proofreader\wgram32.dll
C:\Program Files\Common Files\AOL\Proofreader\wpos32.dll
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\pdm.dll
C:\Program Files\Fortinet\FortiClient\fortilsp.dll
C:\Windows\System32\actxprxy.dll
C:\Windows\system32\ADVAPI32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\ATL.DLL
C:\Windows\System32\audioeng.dll
C:\Windows\System32\audioses.dll
C:\Windows\system32\AVRT.dll
C:\Windows\system32\BCRYPT.dll
C:\Windows\system32\browseui.dll
C:\Windows\system32\Cabinet.dll
C:\Windows\system32\CLBCatQ.DLL
C:\Windows\system32\comdlg32.dll
C:\Windows\system32\comsvcs.dll
C:\Windows\system32\corpol.dll
C:\Windows\system32\credssp.dll
C:\Windows\system32\CRYPT32.dll
C:\Windows\system32\cryptnet.dll
C:\Windows\System32\CSCAPI.dll
C:\Windows\System32\CSCDLL.dll
C:\Windows\System32\cscui.dll
C:\Windows\system32\DCIMAN32.dll
C:\Windows\system32\DDRAW.dll
C:\Windows\system32\ddrawex.dll
C:\Windows\system32\devenum.dll
C:\Windows\system32\dhcpcsvc.DLL
C:\Windows\system32\dhcpcsvc6.DLL
C:\Windows\system32\DNSAPI.dll
C:\Windows\system32\DSOUND.dll
C:\Windows\system32\dssenh.dll
C:\Windows\system32\DUser.dll
C:\Windows\system32\dwmapi.dll
C:\Windows\system32\Dxtmsft.dll
C:\Windows\system32\Dxtrans.dll
C:\Windows\system32\GDI32.dll
C:\Windows\system32\GPAPI.dll
C:\Windows\system32\IEFRAME.dll
C:\Windows\system32\iepeers.dll
C:\Windows\system32\iertutil.dll
C:\Windows\system32\imagehlp.dll
C:\Windows\system32\ImgUtil.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\system32\iphlpapi.dll
C:\Windows\system32\jgdw400.dll
C:\Windows\system32\jgpl400.dll
C:\Windows\system32\jscript.dll
C:\Windows\system32\kernel32.dll
C:\Windows\system32\ksuser.dll
C:\Windows\system32\LINKINFO.dll
C:\Windows\system32\LPK.DLL
C:\Windows\system32\Macromed\Flash\Flash8.ocx
C:\Windows\system32\midimap.dll
C:\Windows\system32\mlang.dll
C:\Windows\system32\MMDevAPI.DLL
C:\Windows\system32\MSACM32.dll
C:\Windows\system32\msacm32.drv
C:\Windows\system32\MSASN1.dll
C:\Windows\system32\MSCTF.dll
C:\Windows\system32\msdmo.dll
C:\Windows\system32\mshtml.dll
C:\Windows\system32\mshtmled.dll
C:\Windows\system32\MSIMG32.dll
C:\Windows\system32\msimtf.dll
C:\Windows\system32\msls31.dll
C:\Windows\System32\msshsq.dll
C:\Windows\system32\MSVCP60.dll
C:\Windows\system32\MSVCP71.dll
C:\Windows\system32\MSVCR71.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\system32\MSVCRT20.dll
C:\Windows\system32\mswsock.dll
C:\Windows\System32\msxml3.dll
C:\Windows\system32\msxml4.dll
C:\Windows\system32\napinsp.dll
C:\Windows\system32\ncrypt.dll
C:\Windows\system32\NETAPI32.dll
C:\Windows\system32\NLAapi.dll
C:\Windows\system32\Normaliz.dll
C:\Windows\system32\NSI.dll
C:\Windows\system32\ntdll.dll
C:\Windows\system32\NTMARTA.DLL
C:\Windows\system32\ntshrui.dll
C:\Windows\system32\nvd3dum.dll
C:\Windows\system32\ole32.dll
C:\Windows\system32\OLEACC.dll
C:\Windows\system32\OLEAUT32.dll
C:\Windows\system32\pngfilt.dll
C:\Windows\system32\pnrpnsp.dll
C:\Windows\system32\POWRPROF.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\system32\PSAPI.DLL
C:\Windows\system32\rasadhlp.dll
C:\Windows\system32\RASAPI32.dll
C:\Windows\system32\rasman.dll
C:\Windows\system32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\system32\rtutils.dll
C:\Windows\system32\SAMLIB.dll
C:\Windows\system32\schannel.dll
C:\Windows\system32\Secur32.dll
C:\Windows\system32\SensApi.dll
C:\Windows\system32\SETUPAPI.dll
C:\Windows\system32\SHDOCVW.dll
C:\Windows\system32\SHELL32.dll
C:\Windows\system32\SHLWAPI.dll
C:\Windows\system32\slc.dll
C:\Windows\system32\SXS.DLL
C:\Windows\system32\TAPI32.dll
C:\Windows\system32\thumbcache.dll
C:\Windows\system32\urlmon.dll
C:\Windows\system32\user32.dll
C:\Windows\system32\USERENV.dll
C:\Windows\system32\USP10.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\vb script:1
vb script:1
vb script:1
acrobat:2
mailto:2
file:2

- Software\Policies\Microsoft\Internet Explorer\Control Panel (3)
SecurityTab = dword: 0
ConnectionsTab = dword: 0
SecChangeSettings = dword: 0

- Software\Policies\Microsoft\Internet Explorer\Restrictions (6)
NoBrowserOptions = dword: 0
NoBrowserSaveAs = dword: 0
NoFavorites = dword: 0
NoFileNew = dword: 0
NoFileOpen = dword: 0
NoTheaterMode = dword: 0

- Software\Policies\Microsoft\Peernet (1)
Disabled = dword: 0

- Software\Policies\Microsoft\Windows\DriverSearching (2)
DontSearchWindowsUpdate = dword: 0
DontPromptForWindowsUpdate = dword: 1

- Software\Policies\Microsoft\Windows\Network Connections (1)
NC_PersonalFirewallConfig = dword: 0

- Software\Policies\Microsoft\Windows\safer\codeidentifiers (1)
authenticodeenabled = dword: 0

- Software\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork (1)
Category = dword: 0

- Software\Policies\Microsoft\Windows NT\Windows File Protection (1)
KnownDllList = nlhtml.dll

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Attachments (1)
ScanWithAntiVirus = dword: 3

- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (10)
NoCDBurning = dword: 0
NoResolveTrack = dword: 1
NoPropertiesMyComputer = dword: 0
NoViewContextMenu = dword: 0
NoFileAssociate = dword: 0
NoFind = dword: 0
NoRun = dword: 0
NoClose = dword: 0
StartMenuLogoff = dword: 0
NoSMHelp = dword: 0

- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32

- Software\Microsoft\Windows\CurrentVersion\policies\System (17)
ConsentPromptBehaviorAdmin = dword: 2
ConsentPromptBehaviorUser = dword: 1
EnableSecureUIAPaths = dword: 1
EnableVirtualization = dword: 1
ValidateAdminCodeSignatures = dword: 0
legalnoticecaption =
legalnoticetext =
scforceoption = dword: 0
undockwithoutlogon = dword: 1
FilterAdministratorToken = dword: 0
EnableLUA = dword: 1
ShutdownWithoutLogon = dword: 0
NoDispCPL = dword: 0
NoDispBackgroundPage = dword: 0
NoDispSettingsPage = dword: 0
NoDispScrSavPage = dword: 0
DisableRegistryTools = dword: 0

- Software\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats (7)
CF_TEXT = dword: 1
CF_BITMAP = dword: 2
CF_OEMTEXT = dword: 7
CF_DIB = dword: 8
CF_PALETTE = dword: 9
CF_UNICODETEXT = dword: 13
CF_DIBV5 = dword: 17

- Software\Microsoft\Windows\CurrentVersion\policies\Uninstall (2)
NoRemovePage = dword: 0
NoWindowsSetupPage = dword: 0



--------------------

Browser Helper Objects (2):

Adobe PDF Conversion Toolbar Helper = {AE7CD045-E861-484f-8273-0445EE161910} = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
Adobe PDF Reader Link Helper = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

--------------------

ActiveX objects (9):

BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
IE4_SHELLID - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[This user]
* ShellBrowser (1) *
(no name) - ITBar7Layout - (no file)

* WebBrowser (1) *
Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll


--------------------

Internet Explorer menu extensions:

[This user (9)]
Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html

--------------------

Internet Explorer Bands (3):

Adobe PDF - {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\Windows\system32\ieframe.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll

--------------------

Downloaded Program Files (4):

F-Secure Online Scanner 3.1 - {0B79F48A-E8D6-11DB-9283-E25056D89593} - C:\Windows\Downloaded Program Files\fscax.dll - http://support.f-sec...m/ols/fscax.cab
CKAVWebScan Object - {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - http://www.kaspersky...can_unicode.cab
(no name) - {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - (no file) - http://fpdownload2.m...ash/swflash.cab
WMI Class - {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - (no file) - http://support.dell....r/SysProExe.CAB

--------------------

URL search hooks:

[This user (1)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\ieframe.dll

--------------------

Explorer clones:

C:\Windows\explorer.exe

--------------------

ContextMenuHandlers:

[* (10)]
Adobe.Acrobat.ContextMenu = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
avast = {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HotShellExt_40 = {6872D785-FE43-44cb-9B2A-2DF4C5EB13B2} = C:\Program Files\eFax Messenger 4.3\J2GShell.dll
HotShellExtj2_40 = {D5B3B5F0-5876-41c5-9E75-E7A207E4DEF0} = C:\Program Files\j2 Messenger 4.2\J2GShell.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\Windows\system32\shell32.dll
SASContextMenu Class = {CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\Windows\system32\shell32.dll
WO4_ContextMenuHandler = {B83DE149-CEFA-5D3A-82DB-A22864B1E3A9} = C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll

[Drive (6)]
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
Portable Devices Menu = {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = C:\Windows\system32\wpdshext.dll
Previous Versions Property Page = {596AB062-B4D2-4215-9F74-E9109B0A8153} = C:\Windows\system32\twext.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\Windows\system32\shell32.dll
WO4_ContextMenuHandler = {B83DE149-CEFA-5D3A-82DB-A22864B1E3A9} = C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll

[Folder (5)]
Adobe.Acrobat.ContextMenu = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
avast = {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Offline Files = {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} = C:\Windows\System32\cscui.dll
WO4_ContextMenuHandler = {B83DE149-CEFA-5D3A-82DB-A22864B1E3A9} = C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\Windows\system32\zipfldr.dll

[Directory (5)]
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\Windows\system32\shell32.dll
Offline Files = {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} = C:\Windows\System32\cscui.dll
Previous Versions Property Page = {596AB062-B4D2-4215-9F74-E9109B0A8153} = C:\Windows\system32\twext.dll
SASContextMenu Class = {CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[Directory\Background (1)]
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\Windows\system32\shell32.dll

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = C:\Windows\system32\ieframe.dll

[AllFileSystemObjects (4)]
(no name) = {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} = C:\Windows\System32\cscui.dll
CopyAsPathMenu = {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} = C:\Windows\system32\shell32.dll
Previous Versions Property Page = {596AB062-B4D2-4215-9F74-E9109B0A8153} = C:\Windows\system32\twext.dll
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\Windows\system32\shell32.dll

--------------------

ColumnHandlers (1):

PDF Shell Extension - {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

--------------------

Approved Shell Extensions:

[All users (297)]
- {17cd9488-1228-4b2f-88ce-4298e93e0966} - C:\Windows\System32\shdocvw.dll
- {335a31dd-f04b-4d76-a925-d6b47cf360df} - C:\Windows\system32\shdocvw.dll
- {4D1209BD-36E2-4e2f-840D-6C7FB879DD9E} - C:\Windows\System32\shdocvw.dll
- {58E3C745-D971-4081-9034-86E34B30836A} - C:\Windows\System32\shdocvw.dll
- {60632754-c523-4b62-b45c-4172da012619} - C:\Windows\System32\shdocvw.dll
- {78F3955E-3B90-4184-BD14-5397C15F1EFC} - C:\Windows\System32\shdocvw.dll
- {8E908FC9-BECC-40f6-915B-F4CA0E70D03D} - C:\Windows\System32\shdocvw.dll
- {96AE8D84-A250-4520-95A5-A47A7E3C548B} - C:\Windows\System32\shdocvw.dll
- {9C60DE1E-E5FC-40f4-A487-460851A8D915} - C:\Windows\System32\shdocvw.dll
- {BB06C0E4-D293-4f75-8A90-CB05B6477EEE} - C:\Windows\System32\shdocvw.dll
- {D555645E-D4F8-4c29-A827-D93C859C4F2A} - C:\Windows\System32\shdocvw.dll
- {E7DE9B1A-7533-4556-9484-B26FB486475E} - C:\Windows\system32\shdocvw.dll
- {E95A4861-D57A-4be1-AD0F-35267E261739} - C:\Windows\System32\shdocvw.dll
- {ED834ED6-4B5A-4bfe-8F11-A626DCB6A921} - C:\Windows\System32\shdocvw.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll
&Links - {F2CF5485-4E02-4f68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
.cab or .zip files - {911051fa-c21c-4246-b470-070cd8df6dc4} -
.contact shell extension handler - {8082C5E6-4C27-48ec-A809-B8E1122E8F97} - %CommonProgramFiles%\System\wab32.dll
.cpl, .dll, .exe, .ocx, .rll or .sys files - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\Windows\system32\shell32.dll
.fon, .otf, .ttc or .ttf files - {0AFCCBA6-BF90-4A4E-8482-0AC960981F5B} - C:\Windows\system32\shell32.dll
.group shell extension handler - {4F58F63F-244B-4c07-B29F-210BE59BE9B4} - %CommonProgramFiles%\System\wab32.dll
ActiveDirectory Folder - {1b24a030-9b20-49bc-97ac-1be4426f9e59} -
ActiveDirectory Folder - {34449847-FD14-4fc8-A75A-7432F5181EFB} -
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\Windows\system32\occache.dll
Add New Hardware - {7A979262-40CE-46ff-AEEE-7884AC3B6136} -
Address EditBox - {a542e116-8088-4146-a352-b0d06e7f6af6} - C:\Windows\system32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\Windows\System32\shdocvw.dll
Adobe.Acrobat.ContextMenu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
Alphabetical Categorizer - {3c2654c6-7372-4f6b-b310-55d6128f49d2} - C:\Windows\system32\shell32.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\Windows\System32\mediametadatahandler.dll
avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\Alwil Software\Avast4\ashShell.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\Windows\system32\browseui.dll
BitLocker Drive Encryption CPL - {D9EF8727-CAC2-4e60-809E-86F80A666C91} - C:\Windows\system32\shdocvw.dll
Bitmap Image - {d3e34b21-9d75-101a-8c3d-00aa001a1652} -
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
Client application shell extension - {25585dc7-4da0-438d-ad04-e42c8d2d64b9} - C:\Windows\system32\shell32.dll
Client Side Cache Namespace Extension - {BD7A2E7B-21CB-41b2-A086-B309680C6B7E} - C:\Windows\system32\mssvp.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\Windows\system32\webcheck.dll
Color Control Panel Applet - {b2c761c6-29bc-4f19-9251-e6195265baf1} -
Command Folder - {437ff9c0-a07f-4fa0-af80-84b6c6440a16} - C:\Windows\system32\shell32.dll
Common Places Folder - {D34A6CA6-62C2-4C34-8A7C-14709C1AD938} - C:\Windows\System32\shdocvw.dll
Compatibility Property Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - %windir%\system32\acppage.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Drop Handler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\Windows\system32\zipfldr.dll
Computers and Devices - {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} - C:\Windows\system32\NetworkExplorer.dll
contact_wab_auto_file - {CF67796C-F57F-45F8-92FB-AD698826C602} - %CommonProgramFiles%\System\wab32.dll
Contacts folder - {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} -
Control Panel - {21ec2020-3aea-1069-a2dd-08002b30309d} - shell32.dll
Control Panel command object for Start menu - {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} -
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\Windows\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\Windows\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\Windows\system32\browseui.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\Windows\System32\appwiz.cpl
Default Programs command object for Start menu - {E44E5D18-0652-4508-A4E2-8A090067BCB0} -
Desktop Shortcut - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\Windows\System32\sendmail.dll
Device Manager - {74246bfc-4c96-11d0-abef-0020af6b0b7a} - C:\Windows\System32\devmgr.dll
DfsShell.DfsShell Property Sheet - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - DfsShlEx.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\Windows\system32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\Windows\system32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\Windows\system32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\Windows\system32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\Windows\system32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
DropTarget Object for Photo Printing Wizard - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\Windows\system32\photowiz.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
eFax Messenger - Shell Extension - {6872d785-fe43-44cb-9b2a-2df4c5eb13b2} - C:\Program Files\eFax Messenger 4.3\J2GShell.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\Windows\System32\shdocvw.dll
EMDFileProperties - {BB6B2374-3D79-41DB-87F4-896C91846510} - emdmgmt.dll
Execute Folder - {11dbb47c-a525-400b-9e80-a54615a090c0} - ExplorerFrame.dll
Explorer Browser - {71f96385-ddd6-48d3-a0c1-ae06e8b055fb} - C:\Windows\system32\shell32.dll
Explorer Navigation Bar - {056440FD-8568-48e7-A632-72157243B55B} - C:\Windows\system32\browseui.dll
Explorer Query Band - {2C2577C2-63A7-40e3-9B7F-586602617ECB} -
Explorer Search Band - {6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F} - C:\Windows\system32\browseui.dll
Explorer Travel Band - {C4EC38BD-4E9E-4b5e-935A-D1BFF237D980} - C:\Windows\system32\browseui.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\Windows\system32\extmgr.dll
File Backup Index - {877ca5ac-cb41-4842-9c69-9136e42d47e2} - C:\Windows\system32\sdshext.dll
File Open Dialog - {DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} - C:\Windows\System32\comdlg32.dll
File Save Dialog - {C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} - C:\Windows\System32\comdlg32.dll
Folder Options - {6dfd7c5c-2451-11d3-a299-00c04f8ef6af} -
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\Windows\System32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - %ProgramFiles%\Windows Mail\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\Windows\system32\msieftp.dll
Games Folder - {ED228FDF-9EA8-4870-83B1-96B02CFE0D52} - C:\Windows\System32\gameux.dll
GameUX.RichGameMediaThumbnail - {4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} - C:\Windows\System32\gameux.dll
Get Programs Online - {3e7efb4c-faf1-453d-89eb-56026875ef90} -
Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\Windows\system32\browseui.dll
group_wab_auto_file - {16C2C29D-0E5F-45f3-A445-03E03F587B7D} - %CommonProgramFiles%\System\wab32.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\Windows\System32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\Windows\System32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\Windows\system32\ieframe.dll
HTML Document - {25336920-03f9-11cf-8fd0-00aa00686f13} - C:\Windows\system32\mshtml.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\Windows\system32\colorui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\Windows\System32\colorui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\Windows\system32\colorui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - C:\Windows\System32\colorui.dll
IE AutoComplete - {3028902F-6374-48b2-8DC6-9725E775B926} - C:\Windows\system32\ieframe.dll
IE BandProxy - {73CFD649-CD48-4fd8-A272-2070EA56526B} - C:\Windows\system32\ieframe.dll
IE Custom MRU AutoCompleted List - {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} - C:\Windows\system32\ieframe.dll
IE Fade Task - {1C1EDB47-CE22-4bbb-B608-77B48F83C823} - C:\Windows\system32\ieframe.dll
IE IShellFolderBand - {6CF48EF8-44CD-45d2-8832-A16EA016311B} - C:\Windows\system32\ieframe.dll
IE Menu Band - {4B78D326-D922-44f9-AF2A-07805C2A3560} - C:\Windows\system32\ieframe.dll
IE Menu Desk Bar - {205D7A97-F16D-4691-86EF-F3075DCCA57D} - C:\Windows\system32\ieframe.dll
IE Menu Site - {44C76ECD-F7FA-411c-9929-1B77BA77F524} - C:\Windows\system32\ieframe.dll
IE Microsoft BrowserBand - {07C45BB1-4A8C-4642-A1F5-237E7215FF66} - C:\Windows\system32\ieframe.dll
IE Microsoft History AutoComplete List - {6038EF75-ABFC-4e59-AB6F-12D397F6568D} - C:\Windows\system32\ieframe.dll
IE Microsoft Multiple AutoComplete List Container - {B31C5FAE-961F-415b-BAF0-E697A5178B94} - C:\Windows\system32\ieframe.dll
IE Microsoft Shell Folder AutoComplete List - {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} - C:\Windows\system32\ieframe.dll
IE MRU AutoComplete List - {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} - C:\Windows\system32\ieframe.dll
IE Navigation Bar - {43886CD5-6529-41c4-A707-7B3C92C05E68} - C:\Windows\system32\ieframe.dll
IE Registry Tree Options Utility - {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} - C:\Windows\system32\ieframe.dll
IE RSS Feeder Folder - {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} - C:\Windows\system32\ieframe.dll
IE Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\Windows\system32\ieframe.dll
IE Shell Band Site Menu - {E6EE9AAC-F76B-4947-8260-A9F136138E11} - C:\Windows\system32\ieframe.dll
IE Shell Rebar BandSite - {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} - C:\Windows\system32\ieframe.dll
IE Tracking Shell Menu - {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} - C:\Windows\system32\ieframe.dll
IE User Assist - {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} - C:\Windows\system32\ieframe.dll
IGD Property Sheet Handler - {4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} - C:\Windows\System32\icsigd.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\Windows\system32\browseui.dll
Install New Programs - {15eae92e-f17a-4431-9f28-805e482dafd4} - C:\Windows\System32\appwiz.cpl
Installed Updates - {d450a8a1-9568-45c7-9c0e-b4f9fb4537bd} - C:\Windows\System32\appwiz.cpl
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\Windows\System32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\Windows\system32\ieframe.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\Windows\system32\ieframe.dll
IPropertyStore Handler for Images - {a38b883c-1682-497e-97b0-0a3a9e801682} - C:\Windows\system32\PhotoMetadataHandler.dll
iSCSI Initiator - {a304259d-52b8-4526-8b1a-a1d6cecc8243} -
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - C:\Program Files\iTunes\iTunesMiniPlayer.dll
j2 Messenger - Shell Extension - {d5b3b5f0-5876-41c5-9e75-e7a207e4def0} - C:\Program Files\j2 Messenger 4.2\J2GShell.dll
Layout Folder - {328B0346-7EAF-4BBE-A479-7CB88A095F5B} - C:\Windows\system32\shell32.dll
Mail Service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\Windows\System32\sendmail.dll
Manage Wireless Networks - {1FA9085F-25A2-489B-85D4-86326EEDCD87} - C:\Windows\system32\wlanpref.dll
MAPI Search Namespace Extension - {89D83576-6BD1-4c86-9454-BEB04E94C819} - C:\Windows\system32\mssvp.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\Windows\MSAgent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\Windows\system32\browseui.dll
Microsoft Breadcrumb Bar - {596742A5-1393-4e13-8765-AE1DF71ACAFB} - C:\Windows\system32\browseui.dll
Microsoft Browser Architecture - {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} - C:\Windows\system32\ieframe.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\Windows\system32\browseui.dll
Microsoft CommBand - {4d5c8c2a-d075-11d0-b416-00c04fb90376} - C:\Windows\system32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - %CommonProgramFiles%\System\Ole DB\oledb32.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\Windows\system32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\Windows\system32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\Windows\system32\browseui.dll
Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\Office12\msohevi.dll
Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Office Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
Microsoft Office Outlook Desktop Icon Handler - {00020d75-0000-0000-c000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Power Options - {025A5937-A6BE-4686-A844-36FE4BEC8B6D} - C:\Windows\System32\shdocvw.dll
Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\Windows\system32\browseui.dll
Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\Windows\system32\ieframe.dll
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\ieframe.dll
Microsoft Web Browser - {8856f961-340a-11d0-a96b-00c04fd705a2} - C:\Windows\system32\ieframe.dll
Microsoft Windows Font File Context Menu Handler - {1a184871-359e-4f67-aad9-5b9905d62232} - fontext.dll
Microsoft Windows Font File Icon Handler - {2BC0DA0E-F1BC-43AB-B4B5-738EB6B51E7E} - fontext.dll
Microsoft Windows Font Folder - {BD84B380-8CA2-1069-AB1D-08000948F534} - C:\Windows\system32\fontext.dll
Microsoft Windows Font Previewer - {8a7cae0e-5951-49cb-bf20-ab3fa1e44b01} - fontext.dll
Microsoft Windows Mail Html Preview Handler - {92dbad9f-5025-49b0-9078-2d78f935e341} - C:\Windows\system32\inetcomm.dll
Microsoft Windows Mail Html Preview Handler - {b9815375-5d7f-4ce2-9245-c9d4da436930} - C:\Windows\system32\inetcomm.dll
Microsoft Windows Mail Html Preview Handler - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - C:\Windows\system32\inetcomm.dll
Microsoft Windows MAPI Preview Handler - {53BEDF0B-4E5B-4183-8DC9-B844344FA104} - C:\Windows\system32\mssvp.dll
Microsoft Windows RTF Preview Handler - {a42c2ccb-67d3-46fa-abe6-7d2f3488c7a3} - C:\Windows\system32\shell32.dll
Microsoft XPS Properties - {45670FA8-ED97-4F44-BC93-305082590BFB} - C:\Windows\system32\XPSSHHDR.DLL
Microsoft XPS Thumbnail - {44121072-A222-48f2-A58A-6D9AD51EBBE9} - C:\Windows\system32\XPSSHHDR.DLL
Microsoft.ScannersAndCameras - {00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} -
MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\Windows\system32\mmcshext.dll
Mobility Center Control Panel - {5ea4f148-308c-46d7-98a9-49041b1dd468} -
MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\Windows\system32\browseui.dll
MSHTML Document - {3050f3d9-98b5-11cf-bb82-00aa00bdce0b} - C:\Windows\system32\mshtml.dll
MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - C:\Windows\system32\mydocs.dll
MyDocuments menu and properties - {44f3dab6-4392-4186-bb7b-6282ccb7a9f6} - C:\Windows\system32\mydocs.dll
MyFolder Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\Windows\system32\mydocs.dll
nethood delegate folder - {b155bdf8-02f0-451e-9a26-ae317cfd7779} - C:\Windows\System32\shdocvw.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\Windows\System32\netshell.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\Windows\System32\netshell.dll
Network Explorer Property Sheet Handler - {BC65FB43-1958-4349-971A-210290480130} - C:\Windows\System32\NcdProp.dll
New Shortcut Wizard - {ceefea1b-3e29-4ef1-b34c-fec79c4f70af} - C:\Windows\System32\appwiz.cpl
New Shortcut Wizard Modal - {0BFCF7B7-E7B6-433a-B205-2904FCF040DD} - C:\Windows\System32\appwiz.cpl
NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll
Office Document Property Handler - {97e467b4-98c6-4f19-9588-161b7773d6f6} - C:\Windows\system32\propsys.dll
Offline Files Context Menu - {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} - C:\Windows\System32\cscui.dll
Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\Windows\System32\cscui.dll
Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\Windows\System32\cscui.dll
Offline Files Icon Overlay Handler - {4E77131D-3629-431c-9818-C5679DC83E81} - C:\Windows\System32\cscui.dll
Offline Files Property Sheet Extension - {7EFA68C6-086B-43e1-A2D2-55A113531240} - C:\Windows\System32\cscui.dll
OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll
OlePrn.PrinterURL - {92337A8C-E11D-11D0-BE48-00C04FC30DF6} - C:\Windows\system32\oleprn.dll
Photo Thumbnail Extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\Windows\system32\PhotoMetadataHandler.dll
Photo Thumbnail Provider - {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} - C:\Windows\system32\PhotoMetadataHandler.dll
PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll
PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\Windows\system32\themeui.dll
Portable Devices - {35786D3C-B075-49b9-88DD-029876E11C01} - C:\Windows\system32\wpdshext.dll
Portable Devices Menu - {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} - C:\Windows\system32\wpdshext.dll
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - C:\Windows\system32\audiodev.dll
Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - C:\Windows\system32\twext.dll
Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - C:\Windows\system32\twext.dll
Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\Windows\System32\shwebsvc.dll
Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll
printhood delegate folder - {ed50fc29-b964-48a9-afb3-15ebb9b97f36} - C:\Windows\System32\shdocvw.dll
Problem Reports and Solutions - {fcfeecae-ee1b-4849-ae50-685dcf7717ec} -
Programs and Features - {7b81be6a-ce2b-4676-a29e-eb907a5126c5} - C:\Windows\System32\appwiz.cpl
Programs Folder and Fast Items - {865e5e76-ad83-4dca-a109-50dc2113ce9a} - C:\Windows\system32\shell32.dll
Property Labels - {90f8c90b-04e0-4e92-a186-e6e9c125d664} - C:\Windows\System32\shdocvw.dll
Public Folder - {4336a54d-038b-4685-ab02-99bb52d3fb8b} - C:\Windows\System32\shdocvw.dll
QBVersionTool - {7D5C4BDD-B015-4401-8731-1507B87DE297} - C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll
Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\Windows\system32\browseui.dll
Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\Windows\system32\remotepg.dll
RichGameMediaPropertyStore Class - {ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} - C:\Windows\System32\gameux.dll
Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\Windows\System32\shdocvw.dll
Sam Account Folder - {C8494E42-ACDD-4739-B0FB-217361E4894F} -
Sam Account Folder - {E29F9716-5C08-4FCD-955A-119FDB5A522D} -
Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\Windows\System32\shdocvw.dll
Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} -
Search Control - {fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} - C:\Windows\system32\browseui.dll
Search Execute Command - {90b9bce2-b6db-4fd3-8451-35917ea1081b} - ExplorerFrame.dll
Search Folder - {C73F6F30-97A0-4AD1-A08F-540D4E9BC7B9} - C:\Windows\System32\shdocvw.dll
Search Folders - {b2952b16-0e07-4e5a-b993-58c52cb94cae} - C:\Windows\system32\shell32.dll
Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - C:\Windows\System32\shdocvw.dll
Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\Windows\system32\browseui.dll
Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\Windows\system32\browseui.dll
Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\Windows\system32\ieframe.dll
Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9

#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 14 June 2007 - 10:09 AM

People are logging into my computer. How can I stop this from happening?


How are they logging in to your computer?



What action support this statement?



p.s.

When replying to your topic, please use the Posted Image button.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#23 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 14 June 2007 - 09:48 PM

People are logging into my computer. How can I stop this from happening?


How are they logging in to your computer?



What action support this statement?



p.s.

When replying to your topic, please use the Posted Image button.



Edited by KevYaeger72, 14 June 2007 - 09:49 PM.


#24 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 14 June 2007 - 09:50 PM

They are hiding themselves with other known software. I constantly get boxes that poup saying "multiple intrusion alert" I also get internet explorer boxes poping up whereas one of the hackers are deleting my files.

I have a full copy of what I believe the virus is. What files the hackers are using to do what they do. Can I send you a cd with these files?

#25 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 15 June 2007 - 02:45 PM

Stay with me. I'm checking with some of the other helpers and experts of this forum.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#26 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 15 June 2007 - 08:29 PM

Sir, I just found a file on my computer with the following contents:


; ******************************************************************************
; DATA FORMAT
; -----------
;
; [<AppID>] - App ID must be less than 6 characters long
; source=<path to file> - Required for copying (omit if not copying)
; dest=<path to file> - Required for copying (omit if not copying)
; target=<path to EXE> - Required if launching app (omit if not launching app)
; params=<cmd line parameters> - Optional (omit if not launching app)
;
; <path to file> = <Path Prefix>:<Path Modifier><File Path>
;
; Example: source=INS:comps\vwpt.exe
;
; Valid Values For <Path Prefix>
; ------------------------------
; AOL - The path to the AOL Install Folder (Default: C:\Program Files\America Online 9.0).
; SHR - The path to the AOLShare folder.
; INS - The path to the folder from which the AOL installer was launched.
; CMN - The path to the Windows "Common Files" folder.
; SYS - The path to the Windows System folder.
; TMP - The path to the Windows Temp folder.
; CAD - The path to the Windows Common Application Data folder.
; REG - Read the path from the registry.
; - Syntax: REG:{HKLM | HKCU}\<RegKey>,<RegValueToReadPathFrom>:<FileToCopyToPath>
; <ValueToReadPathFrom> must be of type REG_SZ and be the fully qualified
; path to the destination folder for <FileToCopyToPath>.
;
; Valid <Path Modifier> Values
; ----------------------------
; "\" - Path is relative to the root of the drive the prefix points to.
' "" - Path is relative to the path that the prefix points to.
; ******************************************************************************


; **** Core Client Install/Restore Application ****
[comp02]
source=INS:comp02.000
dest=AOL:backup\restore\comp02.000
target=AOL:backup\restore\comp02.000

; **** AOL Components ****
; AOL Coach (aka "E-Support")
[cdll]
source=INS:Comps\coach\acpver.dll
dest=AOL:Jiti\acpver.dll

[coach]
target=INS:Comps\coach\aolcinst.exe
params=-s

[coach1]
source=INS:Comps\coach\afixes\94001ADC.gdp
dest=REG:HKLM\Software\GTek\AOLCoach\uk_uk,OfflineAFPath:94001ADC.gdp

[coach2]
source=INS:Comps\coach\afixes\94002CCA.gdp
dest=REG:HKLM\Software\GTek\AOLCoach\uk_uk,OfflineAFPath:94002CCA.gdp

[coach3]
source=INS:Comps\coach\afixes\94003GPF.gdp
dest=REG:HKLM\Software\GTek\AOLCoach\uk_uk,OfflineAFPath:94003GPF.gdp

[coach4]
source=INS:Comps\coach\afixes\94004BRW.gdp
dest=REG:HKLM\Software\GTek\AOLCoach\uk_uk,OfflineAFPath:94004BRW.gdp

[coach5]
source=INS:Comps\coach\afixes\94005ASA.gdp
dest=REG:HKLM\Software\GTek\AOLCoach\uk_uk,OfflineAFPath:94005ASA.gdp

[coach6]
source=INS:Comps\coach\afixes\94006ARS.gdp
dest=REG:HKLM\Software\GTek\AOLCoach\uk_uk,OfflineAFPath:94006ARS.gdp

[coach7]
source=INS:Comps\coach\afixes\94010CAA.gdp
dest=REG:HKLM\Software\GTek\AOLCoach\uk_uk,OfflineAFPath:94010CAA.gdp

; **** Third Party Components ****
; Real Player
[rpdll]
source=INS:Comps\rp\RealChk.dll
dest=AOL:Jiti\RealChk.dll

[rp]
source=INS:Comps\rp\realpl8.exe
dest=AOL:Jiti\Real.exe
target=AOL:Jiti\Real.exe
params=-s

[rp9up]
source=INS:Comps\rp\rp9codec.exe
dest=AOL:Jiti\Real9_codec_upd.exe
target=AOL:Jiti\Real9_codec_upd.exe

; Viewpoint
[vpdll]
source=INS:Comps\vwpt\AOLVPChk.dll
dest=AOL:Jiti\AOLVPChk.dll

[vwpt]
source=INS:Comps\vwpt\vwpt.exe
dest=AOL:Jiti\viewpoint.exe
target=AOL:Jiti\viewpoint.exe
params=/S

[vwpt1]
source=INS:Comps\vwpt\AOLTheme.mtx
dest=SHR:Themes\AOLTheme.mtx

; [vwche1]
; source=INS:Comps\vwpt\VMPCache.mtz
; dest=AOL:Jiti\VMPCache.mtz

[vwche]
; source=INS:Comps\vwpt\VPPrePop.exe
; dest=AOL:Jiti\VMP_Cache_Populator.exe
; target=AOL:Jiti\VMP_Cache_Populator.exe
target=INS:Comps\vwpt\VPPrePop.exe
params=VMPCache.mtz -k

; Generic Flash Installer
[swf6]
target=INS:Comps\flash\FlashAX.exe
params=/Q

; Sun Java Runtime Engine
[jre]
target=INS:Comps\jre\jre.exe
params=/s /a /s

; Apple QuickTime
[qtdll]
source=INS:Comps\qt\QTInsInf.dll
dest=AOL:Jiti\QTInstallInfo.dll

[qtime]
source=INS:Comps\qt\qt.exe
dest=AOL:Jiti\qt.exe
target=AOL:Jiti\qt.exe
params=-SuppressWarningDialogs

; Adobe
[acror]
target=INS:Comps\adobe\reader.exe
params=-s -a -s /V"AOLLAUNCH=1 /qn" /SMS

[acrdll]
source=INS:Comps\adobe\reader.dll
dest=AOL:Jiti\reader.dll

; Anti Spyware
[asp]
target=INS:Comps\asp\aspsetup.exe
params=/s

[aspdll]
source=INS:Comps\asp\aspcheck.dll
dest=AOL:Jiti\aspcheck.dll

; ACS
[acs]
source=INS:Comps\acs\AcsSetup.exe
target=INS:Comps\acs\AcsSetup.exe
params=/S /C /P

[acsdll]
source=INS:Comps\acs\AcsInstA.dll
dest=CMN:AOL\ACS\AcsInstA.dll

; IE Toolbar
[toolbr]
source=INS:Comps\toolbar\toolbr.exe
dest=AOL:Jiti\toolbr.exe
target=AOL:Jiti\toolbr.exe
params=/S

; Symantec ALE for Norton Internet Security
[nisale]
target=INS:comps\fw\nisale.exe

#27 KevYaeger72

KevYaeger72

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 15 June 2007 - 09:43 PM

I also found this file:


; --------------------------------------------------------------------
; Template DIRECTOR.INI file for Director 8.5 for Windows.
; --------------------------------------------------------------------

; All of the settings shown here are commented-out in the original version
; of the file. To change a setting, you must remove the comment
; character (";") at the beginning of the setting's line.

; The values shown for each setting in the original file are Director's
; internal defaults. The default value for a setting is used when it
; isn't explictly set in the .INI file or when no .INI file exists.
; Since these defaults are already stored internally in the Director
; application and projectors, it is *not* necessary to distribute this
; file with your movie unless you change one or more of the settings.

; For use with projectors, you must name your .INI file "<ProjectorName>.INI"
; rather than "DIRECTOR.INI" and place the file in the same directory as
; your projector executable.

; For use with shockwave, you must name your .INI file "shockwave.ini", and
; place the file in the shockwave folder ( for instance,
; c:\winnt\system32\macromed\shockwave 8 ).

[Memory]
;ExtraMemory=400
; Amount of kBytes over and above physical memory for use by a projector.

;SwapFileMeg=0
; Amount of megabytes of SwapFile space to enable during authoring.
; Default is to allow swapfile space of up to 1/2 of the available
; physical RAM.

[Palette]
;Animation=0
; While performing an animation of the palette in 8-bit colour mode,
; director reserves all colours in the system. It's obvious when this
; happens, as the desktop and other applications will repaint in black
; and white. If your movie does not often change the palette, this
; may not be a problem, but if it changes the palette frequently,
; this desktop flashing can ruin your animation.
; 1: Reserve colours before first palette effect, but do not release them
; until the animation is done.
; 0: Default behavior. Reserve colours only during the palette effect.
;
;SystemFriendly=0
; This property only functions in a projector
; 1: When in 8-bit colour a fixed palette of the web 216 colours plus ten
; additional greys will be used by the projector. Colours from the movie
; will be re-mapped to the nearest available colour.
; 0: Default behavior. When in 8-bit colour, changes in the palette channel
; are propagated to the system palette. That is, the screen colours will
; change.


[Settings]
SingleInstance=1
; This property only functions in Windows Director and Projectors.
; 1: If the application is already running, attempts to launch a second
; copy will bring the existing copy to the front of your desktop, without
; launching a new copy.
; 0: Default behavior. Multiple copies of the application can run concurrently.
;
;EscapeOk=1
; This property is only used by projectors.
; Overrides the projector's escape lock setting.
;
;FullScreen=1
; This property is only used by projectors.
; Overrides the projector's "full screen" setting, from
; Create Projector's Option's Dialog.
;
;UseTitleBar=1
; This property is only used by projectors.
; Overrides the projector's "show title bar" setting, from
; Create Projector's Option's Dialog.
;
;BackgroundAnimation=1
; This property is only used by projectors.
; Overrides the projector's "animate in background" setting, from
; Create Projector's Option's Dialog.
;
;SwitchColorDepth=1
; This property is only used by projectors.
; Overrides the projector's "reset monitor to match movie's color depth"
; setting, from the Macintosh Create Projector's Option's Dialog.
;
;CenterStage=1
; This property is only used by projectors.
; Overrides the projector's "center" setting, from
; Create Projector's Option's Dialog.
;
;ResizeStage=1
; This property is only used by projectors.
; Overrides the projector's "stage size" setting, from
; Create Projector's Option's Dialog.
;

[Lingo]
;DisplayFullLingoErrorText=1
; This property is used by shockwave and projectors.
; 1: Lingo errors generate a more descriptive text in the error alert.
; 0: Lingo errors generate a "script error. continue ?" yes/no alert.
;

; Global Sound Settings ------------------------------------------------

[Sound]
; NOTE:
; Almost all of these settings apply ONLY to the Macromix sounddevice (the soundDevice = "MacroMix"),
; and will not have any effect if the sounddevice is "DirectSound" or
; any other sounddevice.

; Settings in the [Sound] section apply to all sound cards.

;SpoolBufferAlloc=0
; When to allocate spool buffers
; 0 means allocate/deallocate dynamically, when sound starts/stops.
; 1 means allocate spool once at startup and keep for entire session.

;LowSpoolBufferMs=2500
; Length of one 8bit spool buffer, in milliseconds.

;HighSpoolBufferMs=1500
; Length of one 16-bit spool buffer, in milliseconds.

;SpoolBufferCount=2
; Number of spool buffers to use. Must range from 2 to 10.

MixMaxChannels=8
; Maximum number of channels supported by the sound mixer. The actual
; number you can mix depends on the processing power of your computer.
; Must range from 1 to 8.

;MixWaveDevice=0
; DeviceID of waveOut device to use for playing.
; Must range from 0 to (# of devices - 1).

;SoundLevel0=0 ; waveOut volume of lingo soundLevel = 0
;SoundLevel1=24770 ; waveOut volume of lingo soundLevel = 1
;SoundLevel2=35030 ; waveOut volume of lingo soundLevel = 2
;SoundLevel3=42903 ; waveOut volume of lingo soundLevel = 3
;SoundLevel4=49540 ; waveOut volume of lingo soundLevel = 4
;SoundLevel5=55388 ; waveOut volume of lingo soundLevel = 5
;SoundLevel6=60674 ; waveOut volume of lingo soundLevel = 6
;SoundLevel7=65535 ; waveOut volume of lingo soundLevel = 7

;MixMaxFidelity=99
; Sets a limit on the fidelity of sound output. For best performance, use
; the default setting of 99 (switch on-the-fly), or choose the lowest value
; possible of the three fixed sound formats (0, 1, 2):
; 0 = 22.05k samples/sec, 8-bit, mono
; 1 = 22.05k samples/sec, 8-bit, stereo
; 2 = 44.1k samples/sec, 16-bit, stereo
; 99 = Switch formats on-the-fly. The first sound in a run of overlapping
; sounds determines the format for that run. The format used is the
; lowest of the three output formats (0,1,2 above) which is as close
; as possible in fidelity to the sound to be played, while still being
; supported by the installed sound card.

; Default Sound Settings -----------------------------------------------
; DLLNameComment= Uncomment this to enable QuickTime 3 Sound Mixing
; DLLName=QT3Mix.dll

[Low Mono Default Sound]
; Settings in the [Low Mono Default Sound] section apply when the target
; output format is 22K, 8-bit, mono. The target output format depends
; on the capabilities of the sound card as well as the setting of
; MixMaxFidelity. These settings are used when the installed sound card
; is not known to Director and is not specified explictly in the
; the <SoundCardName> sections. Settings in the <SoundCardName> or
; Override sections will override these values for specific sound cards,
; or for all sound cards, respectively.

;MixBufferMs=200
; Length of each mixing buffer, in milliseconds.

;MixBufferBytes=0
; Length of each mixing buffer, in bytes. Setting this value to non-0,
; along with setting MixBufferMs=0, lets you specify the buffer size in
; bytes rather than milliseconds.

;MixBufferCount=4
; Number of mixing buffers to use. Must range from 2 to 16.

;MixServiceMode=0
; 0 means use timer interrupts to drive mixer. Interrupt settings will be
; applied from MixIntPeriodMs and MixIntResolutionMs.
; 1 means use polling to drive mixer. This may cause sound to drop out when
; CPU cycles are being hogged by other tasks, disk accesses, etc.
; 2 means use the waveOut buffer-completion callback to drive mixer. If
; this mode is set, it is best to use MixBufferBytes to specify a
; fixed buffer size which is a multiple of 1024. This mode is not
; supported by all sound cards.

;MixIntPeriodMs=200
; Interrupt period, in milliseconds. Only used when MixServiceMode is zero.

;MixIntResolutionMs=50
; Interrupt resolution, in milliseconds. Only used when MixServiceMode is zero.


[Low Default Sound]
; Settings in the [Low Default Sound] section apply when the target
; output format is 22K, 8-bit, stereo. The target output format depends
; on the capabilities of the sound card as well as the setting of
; MixMaxFidelity. These settings are used when the installed sound card
; is not known to Director and is not specified explictly in the
; the <SoundCardName> sections. Settings in the <SoundCardName> or
; Override sections will override these values for specific sound cards,
; or for all sound cards, respectively.

;MixBufferMs=200
;MixBufferBytes=0
;MixBufferCount=4
;MixServiceMode=0
;MixIntPeriodMs=200
;MixIntResolutionMs=50


[High Default Sound]
; Settings in the [High Default Sound] section apply when the target
; output format is 44K, 16-bit, stereo. The target output format depends
; on the capabilities of the sound card as well as the setting of
; MixMaxFidelity. These settings are used when the installed sound card
; is not known to Director and is not specified explictly in the
; the <SoundCardName> sections. Settings in the <SoundCardName> or
; Override sections will override these values for specific sound cards,
; or for all sound cards, respectively.
;MixBufferMs=200
;MixBufferBytes=0
;MixBufferCount=4
;MixServiceMode=0
;MixIntPeriodMs=200
;MixIntResolutionMs=50



; Sound Card-Specific Settings -----------------------------------------

;[Low Mono <SoundCardName>]
; Settings in this section apply when the target output format is
; 22K 8-bit mono, and you're using a particular sound card. The target
; output format depends on the capabilities of the sound card, as well
; as the setting of MixMaxFidelity. You can have any number of these
; sections. Replace "<SoundCardName>" (including the angled brackets)
; with the actual name of the sound card you want to set defaults for.
; To find the name of your card, launch the Sound Mapper application,
; and look in the Playback field. Director maintains a built-in table
; of settings for many popular sound cards. Settings in this section take
; precedence over Director's built-in settings.
;MixBufferMs=200
;MixBufferCount=4
;MixBufferBytes=0
;MixServiceMode=0
;MixIntPeriodMs=200
;MixIntResolutionMs=50


[Low <SoundCardName>]
; Settings in this section apply when the target output format is
; 22K 8-bit stereo, and you're using a particular sound card. The target
; output format depends on the capabilities of the sound card, as well
; as the setting of MixMaxFidelity. You can have any number of these
; sections. Replace "<SoundCardName>" (including the angled brackets)
; with the actual name of the sound card you want to set defaults for.
; To find the name of your card, launch the Sound Mapper application,
; and look in the Playback field. Director maintains a built-in table
; of settings for many popular sound cards. Settings in this section take
; precedence over Director's built-in settings.
;MixBufferMs=200
;MixBufferCount=4
;MixBufferBytes=0
;MixServiceMode=0
;MixIntPeriodMs=200
;MixIntResolutionMs=50


;[High <SoundCardName>]
; Settings in this section apply when the target output format is
; 44K 16-bit stereo, and you're using a particular sound card. The target
; output format depends on the capabilities of the sound card, as well
; as the setting of MixMaxFidelity. You can have any number of these
; sections. Replace "<SoundCardName>" (including the angled brackets)
; with the actual name of the sound card you want to set defaults for.
; To find the name of your card, launch the Sound Mapper application,
; and look in the Playback field. Director maintains a built-in table
; of settings for many popular sound cards. Settings in this section take
; precedence over Director's built-in settings.
;MixBufferMs=200
;MixBufferBytes=0
;MixBufferCount=4
;MixServiceMode=0
;MixIntPeriodMs=200
;MixIntResolutionMs=50



; Sound Override Settings ----------------------------------------------

[Low Mono Override]
; Settings in the [Low Mono Override] apply when the target ouput format
; is 22K 8-bit mono. The target output format depends on the capabilities
; of the sound card, as well as the setting of MixMaxFidelity.
; These settings will override Director's internal settings, any defaults
; specified in the Default Sound sections, as well as settings for specific
; cards. Change these settings only if you want to force Director to use
; certain values regardless of the sound card installed in the computer.
; It is not recommended that you modify these settings for movies which
; you are going to distribute, as they will override Director's internal
; settings which are already optimized for various sound cards.
;MixBufferMs=200
;MixBufferBytes=0
;MixBufferCount=4
;MixServiceMode=0
;MixIntPeriodMs=200
;MixIntResolutionMs=50

[Low Override]
; Settings in the [Low Override] apply when the target ouput format
; is 22K 8-bit stereo. The target output format depends on the capabilities
; of the sound card, as well as the setting of MixMaxFidelity.
; These settings will override Director's internal settings, any defaults
; specified in the Default Sound sections, as well as settings for specific
; cards. Change these settings only if you want to force Director to use
; certain values regardless of the sound card installed in the computer.
; It is not recommended that you modify these settings for movies which
; you are going to distribute, as they will override Director's internal
; settings which are already optimized for various sound cards.
;MixBufferMs=200
;MixBufferBytes=0
;MixBufferCount=4
;MixServiceMode=0
;MixIntPeriodMs=200
;MixIntResolutionMs=50


[High Override]
; Settings in the [High Override] apply when the target ouput format
; is 44K 16-bit stereo. The target output format depends on the capabilities
; of the sound card, as well as the setting of MixMaxFidelity.
; These settings will override Director's internal settings, any defaults
; specified in the Default Sound sections, as well as settings for specific
; cards. Change these settings only if you want to force Director to use
; certain values regardless of the sound card installed in the computer.
; It is not recommended that you modify these settings for movies which
; you are going to distribute, as they will override Director's internal
; settings which are already optimized for various sound cards.
;MixBufferMs=200
;MixBufferBytes=0
;MixBufferCount=4
;MixServiceMode=0
;MixIntPeriodMs=200
;MixIntResolutionMs=50

#28 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 16 June 2007 - 08:03 AM

The concensus of the experts here is unanimous your computer is clean of malware. We can never be 100% sure, that goes for any fix we do. But our succesfull rate is very good.

If you are loosing files a few things are possible, someone in your entourage is playing with your computer. You alone can relate to that.

Or you hard disk is going bad.

If still under warranty I would suggest you return it.

I'm sorry but we cannot give you any other advice. Hope you can get it fix.

:wave:
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#29 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 19 June 2007 - 10:21 PM

Sorry to intrude, but let me clarify this.

In regards to Vista and not NT: Vista is the next generation of Windows NT. Originally, Windows NT was released, and version 4 was the last one called "NT." Windows 2000 was NT 5, XP was 5.1, and Vista is NT 6. Don't worry about that; you're just fine.

The Director files are from Macromedia; have you ever heard of Flash? You know, the rich media thing that does bunches of movies on the Internet and Youtube? They're part of that. It's a clean software package, so you don't have to worry.

The first file's contents are from the AOL Coach. If you don't use America Online, please go to the Control Panel, then open the "Program Controls" control panel, and uninstall anything with "AOL" in front of it.

The only thing unusual I see is this, which you can tick for removal in HijackThis, then click "Fix Checked:"

O4 - HKCU\..\Run: [acc] C:\PROGRA~1\acc\acc.exe

Also, one more question - why on earth do you have Languard NSS? That's an insanely powerful network security scanner, and unless you know EXACTLY what you're doing, you generally don't need - or want - to play with it.
Signature file is under revision. This will be back shortly.

#30 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 30 June 2007 - 07:36 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button