Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Kernel hidden device drivers

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Kernel hidden device drivers

Unread postby Kevyaeger72 » October 12th, 2007, 12:08 am

I have been dealing with problems with my computer for a year now. Hackers have hacked me and I cant get rid of their software. I can reformat my hard drive - it all comes back. Their drivers are hidden in a fat12 secured partition.

Here is my hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 6:22:16 PM, on 10/11/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Users\ off\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\HIJACK~1\ off.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf Platinum\SCActiveBlock.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdvancedVirtualComPortBoot] "C:\Program Files\Advanced Virtual COM Port\Avcp.exe" /boot
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: secuload.dll
O23 - Service: KernelPro Advanced Virtual COM Port service (AdvancedVirtualCOMportService) - KernelPro Software - C:\Windows\System32\DRIVERS\AvcpService.exe
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: MalwareBot Scanning Engine (MalwareBotSrv) - Unknown owner - C:\Program Files\MalwareBot\MalwareBotSrv.srv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
Kevyaeger72
Active Member
 
Posts: 9
Joined: October 11th, 2007, 11:59 pm
Advertisement
Register to Remove

Here is my combofix

Unread postby Kevyaeger72 » October 12th, 2007, 12:22 am

ComboFix 07-10-11.1 - off 2007-10-11 21:09:36.2 - NTFSx86
Microsoftr Windows VistaT Home Premium 6.0.6000.0.1252.1.1033.18.1197 [GMT -7:00]
Running from: C:\Users\ off\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-11 20:47 <DIR> d-------- C:\Users\ off\AppData\Roaming\GetRightToGo
2007-10-11 19:20 <DIR> d-------- C:\Program Files\RegistryFix
2007-10-11 18:20 <DIR> d-------- C:\Deckard
2007-10-11 17:24 <DIR> d-------- C:\Program Files\Advanced Virtual COM Port
2007-10-11 17:24 640,000 --a------ C:\Windows\System32\drivers\AvcpService.exe
2007-10-11 17:24 103,040 --a------ C:\Windows\System32\drivers\AdvancedVirtualComPort.sys
2007-10-11 17:24 52,480 --a------ C:\Windows\System32\drivers\KernelProBus.sys
2007-10-11 12:27 <DIR> d-------- C:\Program Files\Totally Hip Products
2007-10-11 12:19 <DIR> d-------- C:\Users\All Users\Apple
2007-10-11 12:19 <DIR> d-------- C:\ProgramData\Apple
2007-10-11 09:47 <DIR> d-------- C:\Users\ off\AppData\Roaming\G7PS
2007-10-11 06:48 <DIR> d-------- C:\Users\ off\AppData\Roaming\IDEAL Directory
2007-10-11 05:51 <DIR> d-------- C:\Users\ off\AppData\Roaming\AdwareAlert
2007-10-11 05:51 <DIR> d-------- C:\Program Files\AdwareAlert
2007-10-11 05:30 3,968 --a------ C:\Windows\System32\drivers\AvgArCln.sys
2007-10-11 04:02 <DIR> d-------- C:\Program Files\InterMute
2007-10-11 03:30 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-10 02:31 <DIR> d-------- C:\Users\ off\AppData\Roaming\Talkback
2007-10-10 02:13 <DIR> d-------- C:\Users\All Users\Tenebril
2007-10-10 02:13 <DIR> d-------- C:\ProgramData\Tenebril
2007-10-10 02:11 <DIR> d-------- C:\Program Files\GhostSurf Platinum
2007-10-10 02:11 1,712,128 --a------ C:\Windows\System32\GdiPlus.dll
2007-10-10 02:11 1,060,864 --a------ C:\Windows\System32\mfc71.dll
2007-10-10 02:11 57,344 --a------ C:\Windows\System32\MFC71ENU.DLL
2007-10-10 02:08 <DIR> d-------- C:\Program Files\SpyCatcher
2007-10-10 02:08 1,103,944 --a-s---- C:\Windows\System32\Protector.dll
2007-10-10 02:08 169,544 --a-s---- C:\Windows\System32\SecuLoad.dll
2007-10-10 02:08 40,960 --a-s---- C:\Windows\System32\ProcessKiller.dll
2007-10-10 01:24 <DIR> d-------- C:\Program Files\Innovatools
2007-10-10 01:09 <DIR> d-------- C:\Windows\System32\DLA
2007-10-10 01:09 <DIR> d-------- C:\Program Files\Roxio
2007-10-10 01:09 99,176 --a------ C:\Windows\System32\drivers\DRVMCDB.SYS
2007-10-10 01:09 92,920 --a------ C:\Windows\DLA.EXE
2007-10-10 01:09 56,056 --a------ C:\Windows\System32\DLAAPI_W.DLL
2007-10-10 01:09 51,768 --a------ C:\Windows\System32\drivers\DRVNDDM.SYS
2007-10-10 01:09 28,120 --a------ C:\Windows\System32\drivers\DLARTL_M.SYS
2007-10-10 01:09 12,856 --a------ C:\Windows\System32\drivers\DLACDBHM.SYS
2007-10-09 22:19 <DIR> d-------- C:\Program Files\IE Security
2007-10-09 20:42 <DIR> d-------- C:\Program Files\Abhishek Arya
2007-10-08 18:06 <DIR> d-------- C:\Program Files\7-Zip
2007-10-08 01:04 <DIR> d-------- C:\Users\ off\AppData\Roaming\Apple Computer
2007-10-08 01:04 <DIR> d-------- C:\Program Files\iPod
2007-10-08 01:03 <DIR> d-------- C:\Program Files\iTunes
2007-10-08 01:02 <DIR> d-------- C:\Users\All Users\Apple Computer
2007-10-08 01:02 <DIR> d-------- C:\ProgramData\Apple Computer
2007-10-08 01:02 <DIR> d-------- C:\Program Files\QuickTime
2007-10-08 01:02 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-08 01:01 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-10-07 23:00 <DIR> d-------- C:\Users\ off\AppData\Roaming\acccore
2007-10-07 22:55 <DIR> d-------- C:\Users\All Users\AOL OCP
2007-10-07 22:55 <DIR> d-------- C:\ProgramData\AOL OCP
2007-10-07 22:55 <DIR> d-------- C:\Program Files\AIM6
2007-10-07 21:33 <DIR> d-------- C:\Program Files\Common Files\Bcgsoft
2007-10-07 21:32 <DIR> d-------- C:\Program Files\Enhanced Uninstaller
2007-10-07 17:51 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2007-10-07 17:51 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2007-10-07 17:51 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-10-07 17:51 5,288,224 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2007-10-07 17:24 <DIR> d-------- C:\Users\ off\AppData\Roaming\PrivacyControl
2007-10-07 17:24 <DIR> d-------- C:\Program Files\PrivacyControl
2007-10-07 08:57 <DIR> d-------- C:\Program Files\MediaHeal for Hard Drives
2007-10-07 08:53 <DIR> d-------- C:\Program Files\Data Doctor Recovery FAT+NTFS (Demo)
2007-10-07 00:42 <DIR> d-------- C:\Program Files\Quest Software
2007-10-07 00:30 <DIR> d-------- C:\Users\All Users\IsolatedStorage
2007-10-07 00:30 <DIR> d-------- C:\ProgramData\IsolatedStorage
2007-10-07 00:27 <DIR> d-------- C:\Program Files\PowerGUI
2007-10-06 22:30 <DIR> d-------- C:\Users\ off\AppData\Roaming\SystemTools
2007-10-06 20:57 <DIR> d-------- C:\Program Files\KB824146Scan
2007-10-06 20:44 <DIR> d-------- C:\Program Files\OPC Foundation
2007-10-06 20:44 <DIR> d-------- C:\Program Files\Advosol
2007-10-06 19:33 <DIR> d-------- C:\Program Files\SPManager
2007-10-06 18:28 <DIR> d-------- C:\Users\ off\AppData\Roaming\Microsoft FxCop
2007-10-06 01:56 <DIR> d-------- C:\Program Files\Scriptius
2007-10-06 01:01 <DIR> d-------- C:\NST
2007-10-06 00:28 <DIR> d-------- C:\Program Files\TweakVI
2007-10-05 23:36 <DIR> d-------- C:\Users\All Users\{342DB4AA-29BF-43ED-9286-D8D3C134C6C2}
2007-10-05 23:36 <DIR> d-------- C:\ProgramData\{342DB4AA-29BF-43ED-9286-D8D3C134C6C2}
2007-10-05 23:36 <DIR> d-------- C:\Program Files\NeoSmart Technologies
2007-10-05 23:06 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2007-10-05 22:33 <DIR> d-------- C:\Program Files\eEye Digital Security
2007-10-05 19:40 298,104 --a------ C:\Windows\System32\imon.dll
2007-10-05 19:10 <DIR> d-------- C:\Program Files\Microsoft
2007-10-05 14:53 <DIR> d-------- C:\Program Files\Windows Resource Kits
2007-10-05 14:26 <DIR> d-------- C:\Program Files\Specopssoft
2007-10-05 14:26 <DIR> d-------- C:\Program Files\Common Files\Specopssoft
2007-10-05 13:32 <DIR> d-------- C:\Users\ off\AppData\Roaming\eFax Messenger
2007-10-05 13:22 <DIR> d-------- C:\SpecopsInventory32Setup
2007-10-05 03:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-04 21:41 <DIR> d-------- C:\Program Files\Java
2007-10-04 21:38 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-04 17:13 <DIR> d-------- C:\Program Files\Microsoft SDKs
2007-10-04 17:11 <DIR> d-------- C:\Program Files\Microsoft FxCop 1.35
2007-10-04 17:10 <DIR> d-------- C:\Program Files\Debugging Tools for Windows
2007-10-04 16:09 <DIR> d-------- C:\CompChecker
2007-10-04 14:52 <DIR> d-------- C:\MININT
2007-10-04 14:36 <DIR> d-------- C:\Windows\System32\tenarchlib
2007-10-04 14:36 <DIR> d-------- C:\Users\ off\AppData\Roaming\Tenebril
2007-10-04 14:22 <DIR> dr------- C:\Users\Public\Documents
2007-10-04 14:22 <DIR> d-------- C:\Users\ off\AppData\Roaming\AOL
2007-10-04 14:19 <DIR> d--h----- C:\Users\ off\AppData\Roaming\GTek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 08:52 --------- d-----w C:\Program Files\Windows Sidebar
2007-10-10 08:52 --------- d-----w C:\Program Files\Windows Journal
2007-10-10 08:52 --------- d-----w C:\Program Files\Microsoft Games
2007-10-10 07:16 72,944 --sha-w C:\Windows\system32\drivers\fidbox.idx
2007-10-10 07:08 --------- d-----w C:\Program Files\Haute Secure
2007-10-10 07:01 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-10-10 07:01 --------- d-----w C:\Program Files\Windows Mail
2007-10-10 07:01 --------- d-----w C:\Program Files\Windows Defender
2007-10-10 07:01 --------- d-----w C:\Program Files\Windows Collaboration
2007-10-10 07:01 --------- d-----w C:\Program Files\Windows Calendar
2007-09-29 00:45 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_nskbfltr_01005.Wdf
2007-09-28 17:04 --------- d-----w C:\ProgramData\AOL Downloads
2007-09-28 16:03 --------- d-----w C:\Program Files\Foxit Software
2007-09-28 13:24 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-09-28 13:24 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-09-28 13:24 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-09-28 13:24 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-09-28 13:24 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-09-28 13:24 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-09-28 13:24 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-09-28 13:24 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-09-28 13:24 396,800 ----a-w C:\Windows\System32\MPSSVC(23128).dll
2007-09-28 13:24 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-09-28 13:24 392,192 ----a-w C:\Windows\System32\FirewallAPI(22052).dll
2007-09-28 13:24 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-09-28 13:24 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-09-28 13:24 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-09-28 13:24 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-09-28 13:24 16,896 ----a-w C:\Windows\System32\wfapigp(25282).dll
2007-09-28 13:24 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-09-28 13:22 823,808 ----a-w C:\Windows\System32\wininet(25311).dll
2007-09-28 13:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-09-28 13:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-09-28 13:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-09-28 13:22 1,152,000 ----a-w C:\Windows\System32\urlmon(24853).dll
2007-08-17 18:10 297,800 ----a-w C:\Windows\system32\drivers\ct.sys
2007-07-20 21:28 31,840 ----a-w C:\Windows\System32\gdihook5.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2007-08-17 11:10 44232 --a------ C:\Program Files\Haute Secure\CtBho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7792546F-70AE-4abc-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2007-08-17 11:10 619208]

[HKEY_CLASSES_ROOT\CLSID\{7792546F-70AE-4abc-B2B6-BE68E9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2007-08-17 11:10 619208]

[HKEY_CLASSES_ROOT\CLSID\{7792546F-70AE-4ABC-B2B6-BE68E9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

R0 Ct;Ct;C:\Windows\system32\DRIVERS\ct.sys
R1 AdvancedVirtualComPort;KernelPro Virtual COM Port driver;C:\Windows\system32\DRIVERS\AdvancedVirtualComPort.sys
R1 AntiSpyFilter;AntiSpyFilter;C:\Windows\system32\DRIVERS\antispyfilter.sys
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS
R1 PCISys;PCISys;C:\Windows\system32\drivers\pcisys.sys
R2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlert.srv.exe"
R2 CtServ;CtServ;C:\Windows\system32\svchost.exe -k CtServ
R2 MalwareBotSrv;MalwareBot Scanning Engine;"C:\Program Files\MalwareBot\MalwareBotSrv.srv.exe"
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 gdihook5;gdihook5;C:\Windows\system32\DRIVERS\gdihook5.sys
R3 KernelProBus;KernelPro Virtual Bus Driver;C:\Windows\system32\DRIVERS\KernelProBus.sys
R3 nskbfltr;nskbfltr;\??\C:\Windows\system32\drivers\nskbfltr.sys
R3 WAS;Windows Process Activation Service;C:\Windows\system32\svchost.exe -k iissvcs
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);C:\Windows\system32\DRIVERS\MRVW24B.sys
S4 NetMsmqActivator;Net.Msmq Listener Adapter;"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator
S4 NetPipeActivator;Net.Pipe Listener Adapter;"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
S4 NetTcpActivator;Net.Tcp Listener Adapter;"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
CtServ CtServ
iissvcs w3svc was
AutoRun\command - J:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 12:51:34 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-10-11 19:30:28 C:\Windows\Tasks\MalwareBot Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 21:18:11
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-11 21:20:35
C:\ComboFix2.txt ... 2007-10-11 03:42
.
--- E O F ---
Kevyaeger72
Active Member
 
Posts: 9
Joined: October 11th, 2007, 11:59 pm

this is my pv.zip - lots of goodies found!

Unread postby Kevyaeger72 » October 12th, 2007, 12:28 am

Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe d50000 634880 C:\Program Files\Internet Explorer\iexplore.exe 7.00.6000.16386 (vista_rtm.061101-2205) Internet Explorer
ntdll.dll 77140000 1171456 C:\Windows\system32\ntdll.dll 6.0.6000.16386 (vista_rtm.061101-2205) NT Layer DLL
kernel32.dll 76a50000 884736 C:\Windows\system32\kernel32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT BASE API Client DLL
ADVAPI32.dll 75d00000 782336 C:\Windows\system32\ADVAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Advanced Windows 32 Base API
RPCRT4.dll 76f80000 798720 C:\Windows\system32\RPCRT4.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Procedure Call Runtime
GDI32.dll 75cb0000 307200 C:\Windows\system32\GDI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDI Client DLL
USER32.dll 76c00000 647168 C:\Windows\system32\USER32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows USER API Client DLL
msvcrt.dll 769a0000 696320 C:\Windows\system32\msvcrt.dll 7.0.6000.16386 (vista_rtm.061101-2205) Windows NT CRT DLL
SHLWAPI.dll 75e70000 348160 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
SHELL32.dll 75ed0000 11329536 C:\Windows\system32\SHELL32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Shell Common Dll
ole32.dll 76ca0000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
urlmon.dll 758f0000 1196032 C:\Windows\system32\urlmon.dll 7.00.6000.16386 (vista_rtm.061101-2205) OLE32 Extensions for Win32
OLEAUT32.dll 77050000 573440 C:\Windows\system32\OLEAUT32.dll 6.0.6000.16386
iertutil.dll 75c60000 282624 C:\Windows\system32\iertutil.dll 7.00.6000.16386 (vista_rtm.061101-2205) Run time utility for Internet Explorer
VERSION.dll 74d80000 32768 C:\Windows\system32\VERSION.dll 6.0.6000.16386 (vista_rtm.061101-2205) Version Checking and File Installation Libraries
ShimEng.dll 747f0000 122880 C:\Windows\system32\ShimEng.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shim Engine DLL
apphelp.dll 756f0000 180224 C:\Windows\system32\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Application Compatibility Client Library
iebrshim.dll 74870000 65536 C:\Windows\AppPatch\iebrshim.dll 6.0.6000.16512 (vista_gdr.070625-1522) IE Broker Shim
AcRedir.DLL 717a0000 253952 C:\Windows\AppPatch\AcRedir.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows Compatibility DLL
AcLayers.DLL 70f10000 552960 C:\Windows\AppPatch\AcLayers.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows Compatibility DLL
USERENV.dll 75790000 122880 C:\Windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
Secur32.dll 75770000 81920 C:\Windows\system32\Secur32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Security Support Provider Interface
WINSPOOL.DRV 72b50000 266240 C:\Windows\system32\WINSPOOL.DRV 6.0.6000.16386 (vista_rtm.061101-2205) Windows Spooler Driver
MPR.dll 75180000 81920 C:\Windows\system32\MPR.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multiple Provider Router DLL
IMM32.DLL 75dc0000 122880 C:\Windows\system32\IMM32.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76b30000 815104 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
LPK.DLL 77130000 36864 C:\Windows\system32\LPK.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Language Pack
USP10.dll 76df0000 512000 C:\Windows\system32\USP10.dll 1.0626.6000.16386 (vista_rtm.061101-2205) Uniscribe Unicode script processor
secuload.dll 10000000 172032 C:\Windows\system32\secuload.dll 6,0,0,78 API Guard
comctl32.dll 754f0000 1654784 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll 6.10 (vista_rtm.061101-2205) User Experience Controls Library
Protector.dll df0000 1118208 C:\Windows\system32\Protector.dll 6,0,0,78 API Guard
uxtheme.dll 745d0000 258048 C:\Windows\system32\uxtheme.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft UxTheme Library
sfc.dll 75760000 20480 C:\Windows\system32\sfc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
sfc_os.dll 75750000 53248 C:\Windows\system32\sfc_os.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
SETUPAPI.dll 75ad0000 1605632 C:\Windows\system32\SETUPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Setup API
IEFRAME.dll 6efe0000 6074368 C:\Windows\system32\IEFRAME.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Explorer
PSAPI.DLL 75840000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
rsaenh.dll 74b20000 229376 C:\Windows\system32\rsaenh.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Enhanced Cryptographic Provider
IEUI.dll 71770000 192512 C:\Windows\system32\IEUI.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Explorer UI Engine
MSIMG32.dll 74a60000 20480 C:\Windows\system32\MSIMG32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDIEXT Client DLL
Cabinet.dll 74980000 81920 C:\Windows\system32\Cabinet.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft® Cabinet File API
CRYPT32.dll 75080000 987136 C:\Windows\system32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 751d0000 73728 C:\Windows\system32\MSASN1.dll 6.0.6000.16386 (vista_rtm.061101-2205) ASN.1 Runtime APIs
WINTRUST.DLL 748c0000 184320 C:\Windows\system32\WINTRUST.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Trust Verification APIs
imagehlp.dll 75a20000 167936 C:\Windows\system32\imagehlp.dll 6.0.6000.16470 (vista_gdr.070416-1510) Windows NT Image Helper
gdiplus.dll 73f50000 1744896 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll 5.2.6000.16386 (vista_rtm.061101-2205) Microsoft GDI+
?diplus.dll 73f50000 1744896 ?:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll
WindowsCodecs.dll 73880000 729088 C:\Windows\system32\WindowsCodecs.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Windows Codecs Library
CLBCatQ.DLL 75de0000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6930.16386 (vista_rtm.061101-2205) COM+ Configuration Catalog
?LBCatQ.DLL 75de0000 540672 ?:\Windows\system32\CLBCatQ.DLL
actxprxy.dll 70480000 339968 C:\Windows\system32\actxprxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) ActiveX Interface Marshaling Library
SXS.DLL 75690000 389120 C:\Windows\system32\SXS.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Fusion 2.5
WININET.dll 76e80000 847872 C:\Windows\system32\WININET.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Extensions for Win32
Normaliz.dll 758e0000 12288 C:\Windows\system32\Normaliz.dll 6.0.6000.16386 (vista_rtm.061101-2205) Unicode Normalization DLL
MLANG.dll 71220000 196608 C:\Windows\system32\MLANG.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi Language Support DLL
ws2_32.dll 76f50000 184320 C:\Windows\system32\ws2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 76e70000 24576 C:\Windows\system32\NSI.dll 6.0.6000.16386 (vista_rtm.061101-2205) NSI User-mode interface DLL
ncrypt.dll 74e10000 204800 C:\Windows\system32\ncrypt.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows cryptographic library
BCRYPT.dll 74ec0000 278528 C:\Windows\system32\BCRYPT.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Cryptographic Primitives Library
NTMARTA.DLL 74a90000 135168 C:\Windows\system32\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MARTA provider
WLDAP32.dll 770e0000 299008 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
SAMLIB.dll 751f0000 69632 C:\Windows\system32\SAMLIB.dll 6.0.6000.16386 (vista_rtm.061101-2205) SAM Library DLL
GPAPI.dll 74d50000 86016 C:\Windows\system32\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Group Policy Client API
slc.dll 75040000 233472 C:\Windows\system32\slc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Software Licensing Client Dll
cryptnet.dll 728d0000 102400 C:\Windows\system32\cryptnet.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto Network Related API
SensApi.dll 72b40000 24576 C:\Windows\system32\SensApi.dll 6.0.6000.16386 (vista_rtm.061101-2205) SENS Connectivity API DLL
?ensApi.dll 72b40000 24576 ?:\Windows\system32\SensApi.dll
PROPSYS.dll 73b60000 749568 C:\Windows\system32\PROPSYS.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Property System
?ROPSYS.dll 73b60000 749568 ?:\Windows\system32\PROPSYS.dll
?ROPSYS.dll 73b60000 749568 ?:\Windows\system32\PROPSYS.dll
?ROPSYS.dll 73b60000 749568 ?:\Windows\system32\PROPSYS.dll
mswsock.dll 74d10000 241664 C:\Windows\system32\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74a50000 24576 C:\Windows\System32\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winsock2 Helper DLL (TL/IPv4)
RASAPI32.dll 735c0000 290816 C:\Windows\system32\RASAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Access API
rasman.dll 73aa0000 81920 C:\Windows\system32\rasman.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Access Connection Manager
NETAPI32.dll 75430000 434176 C:\Windows\system32\NETAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Net Win32 API DLL
TAPI32.dll 739e0000 200704 C:\Windows\system32\TAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 73510000 49152 C:\Windows\system32\rtutils.dll 6.0.6000.16386 (vista_rtm.061101-2205) Routing Utilities
WINMM.dll 73cd0000 208896 C:\Windows\system32\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205) MCI API DLL
OLEACC.dll 73b20000 229376 C:\Windows\system32\OLEACC.dll 4.2.5406.0 (vista_rtm.061101-2205) Active Accessibility Core Component
credssp.dll 74fc0000 28672 C:\Windows\system32\credssp.dll 6.0.6000.16386 (vista_rtm.061101-2205) TS Single Sign On Security Package
schannel.dll 74e70000 282624 C:\Windows\system32\schannel.dll 6.0.6000.16386 (vista_rtm.061101-2205) TLS / SSL Security Provider
NLAapi.dll 748a0000 61440 C:\Windows\system32\NLAapi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Location Awareness 2
IPHLPAPI.DLL 75020000 102400 C:\Windows\system32\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IP Helper API
dhcpcsvc.DLL 74f40000 217088 C:\Windows\system32\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCP Client Service
DNSAPI.dll 75210000 176128 C:\Windows\system32\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) DNS Client API DLL
WINNSI.DLL 74f30000 28672 C:\Windows\system32\WINNSI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Network Store Information RPC interface
dhcpcsvc6.DLL 74f10000 131072 C:\Windows\system32\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCPv6 Client
rasadhlp.dll 727c0000 24576 C:\Windows\system32\rasadhlp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Access AutoDial Helper
wship6.dll 74d70000 24576 C:\Windows\System32\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winsock2 Helper DLL (TL/IPv6)
winrnr.dll 720d0000 32768 C:\Windows\System32\winrnr.dll 6.0.6000.16386 (vista_rtm.061101-2205) LDAP RnR Provider DLL
napinsp.dll 71fd0000 61440 C:\Windows\system32\napinsp.dll 6.0.6000.16386 (vista_rtm.061101-2205) E-mail Naming Shim Provider
pnrpnsp.dll 71e30000 73728 C:\Windows\system32\pnrpnsp.dll 6.0.6000.16386 (vista_rtm.061101-2205) PNRP Name Space Provider
mshtml.dll 6c220000 3608576 C:\Windows\system32\mshtml.dll 7.00.6000.16386 (vista_rtm.061101-2205) Microsoft (R) HTML Viewer
?shtml.dll 6c220000 3608576 ?:\Windows\system32\mshtml.dll
?shtml.dll 6c220000 3608576 ?:\Windows\system32\mshtml.dll
?shtml.dll 6c220000 3608576 ?:\Windows\system32\mshtml.dll
?shtml.dll 6c220000 3608576 ?:\Windows\system32\mshtml.dll
?shtml.dll 6c220000 3608576 ?:\Windows\system32\mshtml.dll
?shtml.dll 6c220000 3608576 ?:\Windows\system32\mshtml.dll
?shtml.dll 6c220000 3608576 ?:\Windows\system32\mshtml.dll
?shtml.dll 6c220000 3608576 ?:\Windows\system32\mshtml.dll

-------------------------------


Module information for 'rundll32.exe'
MODULE BASE SIZE PATH
rundll32.exe fb0000 57344 C:\Windows\system32\rundll32.exe 6.0.6000.16386 (vista_rtm.061101-2205) Windows host process (Rundll32)
ntdll.dll 77140000 1171456 C:\Windows\system32\ntdll.dll 6.0.6000.16386 (vista_rtm.061101-2205) NT Layer DLL
kernel32.dll 76a50000 884736 C:\Windows\system32\kernel32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT BASE API Client DLL
USER32.dll 76c00000 647168 C:\Windows\system32\USER32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows USER API Client DLL
GDI32.dll 75cb0000 307200 C:\Windows\system32\GDI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDI Client DLL
ADVAPI32.dll 75d00000 782336 C:\Windows\system32\ADVAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Advanced Windows 32 Base API
RPCRT4.dll 76f80000 798720 C:\Windows\system32\RPCRT4.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Procedure Call Runtime
msvcrt.dll 769a0000 696320 C:\Windows\system32\msvcrt.dll 7.0.6000.16386 (vista_rtm.061101-2205) Windows NT CRT DLL
imagehlp.dll 75a20000 167936 C:\Windows\system32\imagehlp.dll 6.0.6000.16470 (vista_gdr.070416-1510) Windows NT Image Helper
ShimEng.dll 747f0000 122880 C:\Windows\system32\ShimEng.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shim Engine DLL
apphelp.dll 756f0000 180224 C:\Windows\system32\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Application Compatibility Client Library
AcLayers.DLL 70f10000 552960 C:\Windows\AppPatch\AcLayers.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows Compatibility DLL
SHELL32.dll 75ed0000 11329536 C:\Windows\system32\SHELL32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Shell Common Dll
SHLWAPI.dll 75e70000 348160 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
ole32.dll 76ca0000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
OLEAUT32.dll 77050000 573440 C:\Windows\system32\OLEAUT32.dll 6.0.6000.16386
USERENV.dll 75790000 122880 C:\Windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
Secur32.dll 75770000 81920 C:\Windows\system32\Secur32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Security Support Provider Interface
WINSPOOL.DRV 72b50000 266240 C:\Windows\system32\WINSPOOL.DRV 6.0.6000.16386 (vista_rtm.061101-2205) Windows Spooler Driver
MPR.dll 75180000 81920 C:\Windows\system32\MPR.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multiple Provider Router DLL
IMM32.DLL 75dc0000 122880 C:\Windows\system32\IMM32.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76b30000 815104 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
LPK.DLL 77130000 36864 C:\Windows\system32\LPK.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Language Pack
USP10.dll 76df0000 512000 C:\Windows\system32\USP10.dll 1.0626.6000.16386 (vista_rtm.061101-2205) Uniscribe Unicode script processor
secuload.dll 10000000 172032 C:\Windows\system32\secuload.dll 6,0,0,78 API Guard
comctl32.dll 754f0000 1654784 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll 6.10 (vista_rtm.061101-2205) User Experience Controls Library
Protector.dll d50000 1118208 C:\Windows\system32\Protector.dll 6,0,0,78 API Guard
uxtheme.dll 745d0000 258048 C:\Windows\system32\uxtheme.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft UxTheme Library
sfc.dll 75760000 20480 C:\Windows\system32\sfc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
sfc_os.dll 75750000 53248 C:\Windows\system32\sfc_os.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
SETUPAPI.dll 75ad0000 1605632 C:\Windows\system32\SETUPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Setup API
wscui.cpl 6d4c0000 1695744 C:\Windows\system32\wscui.cpl 6.0.6000.16386 (vista_rtm.061101-2205) Security Center
gdiplus.dll 73f50000 1744896 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll 5.2.6000.16386 (vista_rtm.061101-2205) Microsoft GDI+
MSIMG32.dll 74a60000 20480 C:\Windows\system32\MSIMG32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDIEXT Client DLL
WINMM.dll 73cd0000 208896 C:\Windows\system32\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205) MCI API DLL
OLEACC.dll 73b20000 229376 C:\Windows\system32\OLEACC.dll 4.2.5406.0 (vista_rtm.061101-2205) Active Accessibility Core Component
CRYPT32.dll 75080000 987136 C:\Windows\system32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 751d0000 73728 C:\Windows\system32\MSASN1.dll 6.0.6000.16386 (vista_rtm.061101-2205) ASN.1 Runtime APIs
CRYPTUI.dll 6de30000 978944 C:\Windows\system32\CRYPTUI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Trust UI Provider
WINTRUST.dll 748c0000 184320 C:\Windows\system32\WINTRUST.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Trust Verification APIs
NETAPI32.dll 75430000 434176 C:\Windows\system32\NETAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Net Win32 API DLL
PSAPI.DLL 75840000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
WLDAP32.dll 770e0000 299008 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
WS2_32.dll 76f50000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 76e70000 24576 C:\Windows\system32\NSI.dll 6.0.6000.16386 (vista_rtm.061101-2205) NSI User-mode interface DLL
VERSION.dll 74d80000 32768 C:\Windows\system32\VERSION.dll 6.0.6000.16386 (vista_rtm.061101-2205) Version Checking and File Installation Libraries
WSCAPI.dll 6e560000 45056 C:\Windows\system32\WSCAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Security Center API
urlmon.dll 758f0000 1196032 C:\Windows\system32\urlmon.dll 7.00.6000.16386 (vista_rtm.061101-2205) OLE32 Extensions for Win32
iertutil.dll 75c60000 282624 C:\Windows\system32\iertutil.dll 7.00.6000.16386 (vista_rtm.061101-2205) Run time utility for Internet Explorer
CLBCatQ.DLL 75de0000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6930.16386 (vista_rtm.061101-2205) COM+ Configuration Catalog
slc.dll 75040000 233472 C:\Windows\system32\slc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Software Licensing Client Dll
PROPSYS.dll 73b60000 749568 C:\Windows\system32\PROPSYS.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Property System
POWRPROF.dll 74a70000 106496 C:\Windows\system32\POWRPROF.dll 6.0.6000.16386 (vista_rtm.061101-2205) Power Profile Helper DLL

------------------------------------------------


Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 510000 32768 C:\Windows\system32\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205) Host Process for Windows Services
ntdll.dll 77140000 1171456 C:\Windows\system32\ntdll.dll 6.0.6000.16386 (vista_rtm.061101-2205) NT Layer DLL
kernel32.dll 76a50000 884736 C:\Windows\system32\kernel32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT BASE API Client DLL
msvcrt.dll 769a0000 696320 C:\Windows\system32\msvcrt.dll 7.0.6000.16386 (vista_rtm.061101-2205) Windows NT CRT DLL
ADVAPI32.dll 75d00000 782336 C:\Windows\system32\ADVAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Advanced Windows 32 Base API
RPCRT4.dll 76f80000 798720 C:\Windows\system32\RPCRT4.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Procedure Call Runtime
Protector.dll d50000 1118208 C:\Windows\system32\Protector.dll 6,0,0,78 API Guard
USER32.dll 76c00000 647168 C:\Windows\system32\USER32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows USER API Client DLL
GDI32.dll 75cb0000 307200 C:\Windows\system32\GDI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDI Client DLL
IMM32.DLL 75dc0000 122880 C:\Windows\system32\IMM32.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76b30000 815104 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
LPK.DLL 77130000 36864 C:\Windows\system32\LPK.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Language Pack
USP10.dll 76df0000 512000 C:\Windows\system32\USP10.dll 1.0626.6000.16386 (vista_rtm.061101-2205) Uniscribe Unicode script processor
secuload.dll 10000000 172032 C:\Windows\system32\secuload.dll 6,0,0,78 API Guard
sfc.dll 75760000 20480 C:\Windows\system32\sfc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
sfc_os.dll 75750000 53248 C:\Windows\system32\sfc_os.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
SETUPAPI.dll 75ad0000 1605632 C:\Windows\system32\SETUPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Setup API
OLEAUT32.dll 77050000 573440 C:\Windows\system32\OLEAUT32.dll 6.0.6000.16386
ole32.dll 76ca0000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
SHLWAPI.dll 75e70000 348160 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
comctl32.dll 754f0000 1654784 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll 6.10 (vista_rtm.061101-2205) User Experience Controls Library
umpnpmgr.dll 74a10000 233472 c:\windows\system32\umpnpmgr.dll 6.0.6000.16386 (vista_rtm.061101-2205) User-mode Plug-and-Play Service
USERENV.dll 75790000 122880 c:\windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
Secur32.dll 75770000 81920 c:\windows\system32\Secur32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Security Support Provider Interface
POWRPROF.dll 74a70000 106496 C:\Windows\system32\POWRPROF.dll 6.0.6000.16386 (vista_rtm.061101-2205) Power Profile Helper DLL
GPAPI.dll 74d50000 86016 C:\Windows\system32\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Group Policy Client API
slc.dll 75040000 233472 C:\Windows\system32\slc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Software Licensing Client Dll
rpcss.dll 748f0000 561152 c:\windows\system32\rpcss.dll 6.0.6000.16386 (vista_rtm.061101-2205) Distributed COM Services
WS2_32.dll 76f50000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 76e70000 24576 C:\Windows\system32\NSI.dll 6.0.6000.16386 (vista_rtm.061101-2205) NSI User-mode interface DLL
FirewallAPI.dll 749a0000 405504 c:\windows\system32\FirewallAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Firewall API
VERSION.dll 74d80000 32768 c:\windows\system32\VERSION.dll 6.0.6000.16386 (vista_rtm.061101-2205) Version Checking and File Installation Libraries
credssp.dll 74fc0000 28672 C:\Windows\system32\credssp.dll 6.0.6000.16386 (vista_rtm.061101-2205) TS Single Sign On Security Package
CRYPT32.dll 75080000 987136 C:\Windows\system32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 751d0000 73728 C:\Windows\system32\MSASN1.dll 6.0.6000.16386 (vista_rtm.061101-2205) ASN.1 Runtime APIs
schannel.dll 74e70000 282624 C:\Windows\system32\schannel.dll 6.0.6000.16386 (vista_rtm.061101-2205) TLS / SSL Security Provider
NETAPI32.dll 75430000 434176 C:\Windows\system32\NETAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Net Win32 API DLL
PSAPI.DLL 75840000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
Cabinet.dll 74980000 81920 C:\Windows\system32\Cabinet.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft® Cabinet File API
NTMARTA.DLL 74a90000 135168 C:\Windows\system32\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MARTA provider
WLDAP32.dll 770e0000 299008 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
SAMLIB.dll 751f0000 69632 C:\Windows\system32\SAMLIB.dll 6.0.6000.16386 (vista_rtm.061101-2205) SAM Library DLL
WINSTA.dll 74ff0000 147456 C:\Windows\system32\WINSTA.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winstation Library
CLBCatQ.DLL 75de0000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6930.16386 (vista_rtm.061101-2205) COM+ Configuration Catalog
apphelp.dll 756f0000 180224 C:\Windows\system32\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Application Compatibility Client Library
WTSAPI32.dll 748b0000 36864 C:\Windows\system32\WTSAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Terminal Server SDK APIs
SHELL32.dll 75ed0000 11329536 C:\Windows\system32\SHELL32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Shell Common Dll
rsaenh.dll 74b20000 229376 C:\Windows\system32\rsaenh.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Enhanced Cryptographic Provider
WINTRUST.DLL 748c0000 184320 C:\Windows\system32\WINTRUST.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Trust Verification APIs
imagehlp.dll 75a20000 167936 C:\Windows\system32\imagehlp.dll 6.0.6000.16470 (vista_gdr.070416-1510) Windows NT Image Helper
ncrypt.dll 74e10000 204800 C:\Windows\system32\ncrypt.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows cryptographic library
BCRYPT.dll 74ec0000 278528 C:\Windows\system32\BCRYPT.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Cryptographic Primitives Library
Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 510000 32768 C:\Windows\system32\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205) Host Process for Windows Services
ntdll.dll 77140000 1171456 C:\Windows\system32\ntdll.dll 6.0.6000.16386 (vista_rtm.061101-2205) NT Layer DLL
kernel32.dll 76a50000 884736 C:\Windows\system32\kernel32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT BASE API Client DLL
msvcrt.dll 769a0000 696320 C:\Windows\system32\msvcrt.dll 7.0.6000.16386 (vista_rtm.061101-2205) Windows NT CRT DLL
ADVAPI32.dll 75d00000 782336 C:\Windows\system32\ADVAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Advanced Windows 32 Base API
RPCRT4.dll 76f80000 798720 C:\Windows\system32\RPCRT4.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Procedure Call Runtime
Protector.dll d50000 1118208 C:\Windows\system32\Protector.dll 6,0,0,78 API Guard
USER32.dll 76c00000 647168 C:\Windows\system32\USER32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows USER API Client DLL
GDI32.dll 75cb0000 307200 C:\Windows\system32\GDI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDI Client DLL
IMM32.DLL 75dc0000 122880 C:\Windows\system32\IMM32.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76b30000 815104 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
LPK.DLL 77130000 36864 C:\Windows\system32\LPK.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Language Pack
USP10.dll 76df0000 512000 C:\Windows\system32\USP10.dll 1.0626.6000.16386 (vista_rtm.061101-2205) Uniscribe Unicode script processor
secuload.dll 10000000 172032 C:\Windows\system32\secuload.dll 6,0,0,78 API Guard
sfc.dll 75760000 20480 C:\Windows\system32\sfc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
sfc_os.dll 75750000 53248 C:\Windows\system32\sfc_os.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
SETUPAPI.dll 75ad0000 1605632 C:\Windows\system32\SETUPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Setup API
OLEAUT32.dll 77050000 573440 C:\Windows\system32\OLEAUT32.dll 6.0.6000.16386
ole32.dll 76ca0000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
SHLWAPI.dll 75e70000 348160 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
comctl32.dll 754f0000 1654784 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll 6.10 (vista_rtm.061101-2205) User Experience Controls Library
rpcss.dll 748f0000 561152 c:\windows\system32\rpcss.dll 6.0.6000.16386 (vista_rtm.061101-2205) Distributed COM Services
WS2_32.dll 76f50000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 76e70000 24576 C:\Windows\system32\NSI.dll 6.0.6000.16386 (vista_rtm.061101-2205) NSI User-mode interface DLL
Secur32.dll 75770000 81920 c:\windows\system32\Secur32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Security Support Provider Interface
FirewallAPI.dll 749a0000 405504 c:\windows\system32\FirewallAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Firewall API
VERSION.dll 74d80000 32768 c:\windows\system32\VERSION.dll 6.0.6000.16386 (vista_rtm.061101-2205) Version Checking and File Installation Libraries
credssp.dll 74fc0000 28672 C:\Windows\system32\credssp.dll 6.0.6000.16386 (vista_rtm.061101-2205) TS Single Sign On Security Package
CRYPT32.dll 75080000 987136 C:\Windows\system32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 751d0000 73728 C:\Windows\system32\MSASN1.dll 6.0.6000.16386 (vista_rtm.061101-2205) ASN.1 Runtime APIs
USERENV.dll 75790000 122880 C:\Windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
schannel.dll 74e70000 282624 C:\Windows\system32\schannel.dll 6.0.6000.16386 (vista_rtm.061101-2205) TLS / SSL Security Provider
NETAPI32.dll 75430000 434176 C:\Windows\system32\NETAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Net Win32 API DLL
PSAPI.DLL 75840000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
rsaenh.dll 74b20000 229376 C:\Windows\system32\rsaenh.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Enhanced Cryptographic Provider
mswsock.dll 74d10000 241664 C:\Windows\system32\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74a50000 24576 C:\Windows\System32\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winsock2 Helper DLL (TL/IPv4)
wship6.dll 74d70000 24576 C:\Windows\System32\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winsock2 Helper DLL (TL/IPv6)
CLBCatQ.DLL 75de0000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6930.16386 (vista_rtm.061101-2205) COM+ Configuration Catalog
fwpuclnt.dll 73030000 565248 C:\Windows\system32\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205) FWP/IPsec User-Mode API
NLAapi.dll 748a0000 61440 C:\Windows\system32\NLAapi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Location Awareness 2
IPHLPAPI.DLL 75020000 102400 C:\Windows\system32\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IP Helper API
dhcpcsvc.DLL 74f40000 217088 C:\Windows\system32\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCP Client Service
DNSAPI.dll 75210000 176128 C:\Windows\system32\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) DNS Client API DLL
WINNSI.DLL 74f30000 28672 C:\Windows\system32\WINNSI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Network Store Information RPC interface
dhcpcsvc6.DLL 74f10000 131072 C:\Windows\system32\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCPv6 Client
winrnr.dll 720d0000 32768 C:\Windows\System32\winrnr.dll 6.0.6000.16386 (vista_rtm.061101-2205) LDAP RnR Provider DLL
WLDAP32.dll 770e0000 299008 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
napinsp.dll 71fd0000 61440 C:\Windows\system32\napinsp.dll 6.0.6000.16386 (vista_rtm.061101-2205) E-mail Naming Shim Provider
pnrpnsp.dll 71e30000 73728 C:\Windows\system32\pnrpnsp.dll 6.0.6000.16386 (vista_rtm.061101-2205) PNRP Name Space Provider
rasadhlp.dll 727c0000 24576 C:\Windows\system32\rasadhlp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Access AutoDial Helper
Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 510000 32768 C:\Windows\System32\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205) Host Process for Windows Services
ntdll.dll 77140000 1171456 C:\Windows\system32\ntdll.dll 6.0.6000.16386 (vista_rtm.061101-2205) NT Layer DLL
kernel32.dll 76a50000 884736 C:\Windows\system32\kernel32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT BASE API Client DLL
msvcrt.dll 769a0000 696320 C:\Windows\system32\msvcrt.dll 7.0.6000.16386 (vista_rtm.061101-2205) Windows NT CRT DLL
ADVAPI32.dll 75d00000 782336 C:\Windows\system32\ADVAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Advanced Windows 32 Base API
RPCRT4.dll 76f80000 798720 C:\Windows\system32\RPCRT4.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Procedure Call Runtime
Protector.dll d50000 1118208 C:\Windows\system32\Protector.dll 6,0,0,78 API Guard
USER32.dll 76c00000 647168 C:\Windows\system32\USER32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows USER API Client DLL
GDI32.dll 75cb0000 307200 C:\Windows\system32\GDI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDI Client DLL
IMM32.DLL 75dc0000 122880 C:\Windows\system32\IMM32.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76b30000 815104 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
LPK.DLL 77130000 36864 C:\Windows\system32\LPK.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Language Pack
USP10.dll 76df0000 512000 C:\Windows\system32\USP10.dll 1.0626.6000.16386 (vista_rtm.061101-2205) Uniscribe Unicode script processor
secuload.dll 10000000 172032 C:\Windows\System32\secuload.dll 6,0,0,78 API Guard
sfc.dll 75760000 20480 C:\Windows\System32\sfc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
sfc_os.dll 75750000 53248 C:\Windows\System32\sfc_os.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
SETUPAPI.dll 75ad0000 1605632 C:\Windows\system32\SETUPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Setup API
OLEAUT32.dll 77050000 573440 C:\Windows\system32\OLEAUT32.dll 6.0.6000.16386
ole32.dll 76ca0000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
SHLWAPI.dll 75e70000 348160 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
comctl32.dll 754f0000 1654784 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll 6.10 (vista_rtm.061101-2205) User Experience Controls Library
wevtsvc.dll 743d0000 1003520 c:\windows\system32\wevtsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Event Logging Service
USERENV.dll 75790000 122880 c:\windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
Secur32.dll 75770000 81920 c:\windows\system32\Secur32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Security Support Provider Interface
VERSION.dll 74d80000 32768 c:\windows\system32\VERSION.dll 6.0.6000.16386 (vista_rtm.061101-2205) Version Checking and File Installation Libraries
GPAPI.dll 74d50000 86016 c:\windows\system32\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Group Policy Client API
slc.dll 75040000 233472 c:\windows\system32\slc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Software Licensing Client Dll
credssp.dll 74fc0000 28672 C:\Windows\System32\credssp.dll 6.0.6000.16386 (vista_rtm.061101-2205) TS Single Sign On Security Package
CRYPT32.dll 75080000 987136 C:\Windows\System32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 751d0000 73728 C:\Windows\System32\MSASN1.dll 6.0.6000.16386 (vista_rtm.061101-2205) ASN.1 Runtime APIs
schannel.dll 74e70000 282624 C:\Windows\system32\schannel.dll 6.0.6000.16386 (vista_rtm.061101-2205) TLS / SSL Security Provider
NETAPI32.dll 75430000 434176 C:\Windows\System32\NETAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Net Win32 API DLL
PSAPI.DLL 75840000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
WS2_32.dll 76f50000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 76e70000 24576 C:\Windows\system32\NSI.dll 6.0.6000.16386 (vista_rtm.061101-2205) NSI User-mode interface DLL
mswsock.dll 74d10000 241664 C:\Windows\system32\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74a50000 24576 C:\Windows\System32\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winsock2 Helper DLL (TL/IPv4)
wship6.dll 74d70000 24576 C:\Windows\System32\wship6.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winsock2 Helper DLL (TL/IPv6)
audiosrv.dll 74530000 327680 c:\windows\system32\audiosrv.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Audio Service
MMDevAPI.DLL 745a0000 159744 c:\windows\system32\MMDevAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) MMDevice API
WTSAPI32.dll 748b0000 36864 c:\windows\system32\WTSAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Terminal Server SDK APIs
WINSTA.dll 74ff0000 147456 c:\windows\system32\WINSTA.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winstation Library
CLBCatQ.DLL 75de0000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6930.16386 (vista_rtm.061101-2205) COM+ Configuration Catalog
WINTRUST.dll 748c0000 184320 C:\Windows\System32\WINTRUST.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Trust Verification APIs
imagehlp.dll 75a20000 167936 C:\Windows\system32\imagehlp.dll 6.0.6000.16470 (vista_gdr.070416-1510) Windows NT Image Helper
rsaenh.dll 74b20000 229376 C:\Windows\System32\rsaenh.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Enhanced Cryptographic Provider
audioses.dll 739b0000 135168 C:\Windows\System32\audioses.dll 6.0.6000.16386 (vista_rtm.061101-2205) Audio Session
audioeng.dll 73940000 417792 C:\Windows\System32\audioeng.dll 6.0.6000.16386 (vista_rtm.061101-2205) Audio Engine
AVRT.dll 74590000 28672 C:\Windows\System32\AVRT.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multimedia Realtime Runtime
lmhsvc.dll 732e0000 32768 c:\windows\system32\lmhsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205) TCPIP NetBios Transport Services DLL
IPHLPAPI.DLL 75020000 102400 c:\windows\system32\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IP Helper API
dhcpcsvc.DLL 74f40000 217088 c:\windows\system32\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCP Client Service
DNSAPI.dll 75210000 176128 c:\windows\system32\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) DNS Client API DLL
WINNSI.DLL 74f30000 28672 c:\windows\system32\WINNSI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Network Store Information RPC interface
dhcpcsvc6.DLL 74f10000 131072 c:\windows\system32\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCPv6 Client
Cabinet.dll 74980000 81920 C:\Windows\System32\Cabinet.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft® Cabinet File API
WMALFXGFXDSP.dll 736b0000 1531904 C:\Windows\system32\WMALFXGFXDSP.dll 11.0.6000.6324 (vista_rtm.061101-2205) SysFx DSP
mfplat.dll 73670000 221184 C:\Windows\System32\mfplat.dll 11.0.6000.6324 (vista_rtm.061101-2205) Media Foundation Platform DLL
wscsvc.dll 6de10000 65536 c:\windows\system32\wscsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Security Center Service
FirewallAPI.dll 749a0000 405504 c:\windows\system32\FirewallAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Firewall API
wbemprox.dll 71460000 45056 C:\Windows\system32\wbem\wbemprox.dll 6.0.6000.16386 (vista_rtm.061101-2205) WMI
wbemcomn.dll 71930000 368640 C:\Windows\system32\wbem\wbemcomn.dll 6.0.6000.16386 (vista_rtm.061101-2205) WMI
wbemsvc.dll 712f0000 65536 C:\Windows\system32\wbem\wbemsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205) WMI
fastprox.dll 70e70000 626688 C:\Windows\system32\wbem\fastprox.dll 6.0.6000.16386 (vista_rtm.061101-2205) WMI Custom Marshaller
NTDSAPI.dll 751b0000 98304 C:\Windows\system32\NTDSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Active Directory Domain Services API
WLDAP32.dll 770e0000 299008 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
wuapi.dll 6cad0000 557056 C:\Windows\system32\wuapi.dll 7.0.6000.381 (winmain(wmbla).070730-1740) Windows Update Client API
COMCTL32.dll 72d40000 548864 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll 5.82 (vista_rtm.061101-2205) Common Controls Library
Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 510000 32768 C:\Windows\System32\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205) Host Process for Windows Services
ntdll.dll 77140000 1171456 C:\Windows\system32\ntdll.dll 6.0.6000.16386 (vista_rtm.061101-2205) NT Layer DLL
kernel32.dll 76a50000 884736 C:\Windows\system32\kernel32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT BASE API Client DLL
msvcrt.dll 769a0000 696320 C:\Windows\system32\msvcrt.dll 7.0.6000.16386 (vista_rtm.061101-2205) Windows NT CRT DLL
ADVAPI32.dll 75d00000 782336 C:\Windows\system32\ADVAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Advanced Windows 32 Base API
RPCRT4.dll 76f80000 798720 C:\Windows\system32\RPCRT4.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Procedure Call Runtime
Protector.dll d50000 1118208 C:\Windows\system32\Protector.dll 6,0,0,78 API Guard
USER32.dll 76c00000 647168 C:\Windows\system32\USER32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows USER API Client DLL
GDI32.dll 75cb0000 307200 C:\Windows\system32\GDI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDI Client DLL
IMM32.DLL 75dc0000 122880 C:\Windows\system32\IMM32.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76b30000 815104 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
LPK.DLL 77130000 36864 C:\Windows\system32\LPK.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Language Pack
USP10.dll 76df0000 512000 C:\Windows\system32\USP10.dll 1.0626.6000.16386 (vista_rtm.061101-2205) Uniscribe Unicode script processor
secuload.dll 10000000 172032 C:\Windows\System32\secuload.dll 6,0,0,78 API Guard
sfc.dll 75760000 20480 C:\Windows\System32\sfc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
sfc_os.dll 75750000 53248 C:\Windows\System32\sfc_os.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
SETUPAPI.dll 75ad0000 1605632 C:\Windows\system32\SETUPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Setup API
OLEAUT32.dll 77050000 573440 C:\Windows\system32\OLEAUT32.dll 6.0.6000.16386
ole32.dll 76ca0000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
SHLWAPI.dll 75e70000 348160 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
comctl32.dll 754f0000 1654784 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll 6.10 (vista_rtm.061101-2205) User Experience Controls Library
NTMARTA.DLL 74a90000 135168 C:\Windows\System32\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MARTA provider
WLDAP32.dll 770e0000 299008 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
WS2_32.dll 76f50000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 76e70000 24576 C:\Windows\system32\NSI.dll 6.0.6000.16386 (vista_rtm.061101-2205) NSI User-mode interface DLL
PSAPI.DLL 75840000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
SAMLIB.dll 751f0000 69632 C:\Windows\System32\SAMLIB.dll 6.0.6000.16386 (vista_rtm.061101-2205) SAM Library DLL
audiosrv.dll 74530000 327680 c:\windows\system32\audiosrv.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Audio Service
MMDevAPI.DLL 745a0000 159744 c:\windows\system32\MMDevAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) MMDevice API
WTSAPI32.dll 748b0000 36864 c:\windows\system32\WTSAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Terminal Server SDK APIs
WINSTA.dll 74ff0000 147456 c:\windows\system32\WINSTA.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winstation Library
CLBCatQ.DLL 75de0000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6930.16386 (vista_rtm.061101-2205) COM+ Configuration Catalog
WINTRUST.dll 748c0000 184320 C:\Windows\System32\WINTRUST.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Trust Verification APIs
CRYPT32.dll 75080000 987136 C:\Windows\System32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 751d0000 73728 C:\Windows\System32\MSASN1.dll 6.0.6000.16386 (vista_rtm.061101-2205) ASN.1 Runtime APIs
USERENV.dll 75790000 122880 C:\Windows\System32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
Secur32.dll 75770000 81920 C:\Windows\System32\Secur32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Security Support Provider Interface
imagehlp.dll 75a20000 167936 C:\Windows\system32\imagehlp.dll 6.0.6000.16470 (vista_gdr.070416-1510) Windows NT Image Helper
uxsms.dll 73300000 45056 c:\windows\system32\uxsms.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft User Experience Session Management Service
wudfsvc.dll 732f0000 65536 c:\windows\system32\wudfsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Driver Foundation - User-mode Driver Framework Service
WUDFPlatform.dll 74390000 200704 c:\windows\system32\WUDFPlatform.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Driver Foundation - User-mode Platform Library
VERSION.dll 74d80000 32768 c:\windows\system32\VERSION.dll 6.0.6000.16386 (vista_rtm.061101-2205) Version Checking and File Installation Libraries
wevtapi.dll 74f80000 253952 c:\windows\system32\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eventing Consumption and Configuration API
wlansvc.dll 742d0000 516096 c:\windows\system32\wlansvc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows WLAN AutoConfig Service DLL
NETAPI32.dll 75430000 434176 c:\windows\system32\NETAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Net Win32 API DLL
SHELL32.dll 75ed0000 11329536 C:\Windows\system32\SHELL32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Shell Common Dll
WLANMSM.DLL 73200000 307200 c:\windows\system32\WLANMSM.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows Wireless LAN 802.11 MSM DLL
WLANSEC.dll 731a0000 331776 c:\windows\system32\WLANSEC.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Wireless LAN 802.11 MSM Security Module DLL
OneX.DLL 73170000 184320 c:\windows\system32\OneX.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IEEE 802.1X supplicant library
eappprxy.dll 732d0000 53248 c:\windows\system32\eappprxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft EAPHost Peer Client DLL
eappcfg.dll 73140000 163840 c:\windows\system32\eappcfg.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eap Peer Config
AUTHZ.dll 75730000 90112 c:\windows\system32\AUTHZ.dll 6.0.6000.16386 (vista_rtm.061101-2205) Authorization Framework
dhcpcsvc.DLL 74f40000 217088 c:\windows\system32\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCP Client Service
DNSAPI.dll 75210000 176128 c:\windows\system32\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) DNS Client API DLL
WINNSI.DLL 74f30000 28672 c:\windows\system32\WINNSI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Network Store Information RPC interface
wlgpclnt.dll 73120000 94208 c:\windows\system32\wlgpclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205) 802.11 Group Policy Client
l2gpstore.dll 73110000 65536 c:\windows\system32\l2gpstore.dll 6.0.6000.16386 (vista_rtm.061101-2205) Policy Storage dll
wlanutil.dll 73100000 24576 c:\windows\system32\wlanutil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Wireless LAN 802.11 Utility DLL
SYSNTFY.dll 75270000 28672 c:\windows\system32\SYSNTFY.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Notifications Dynamic Link Library
nlaapi.dll 748a0000 61440 c:\windows\system32\nlaapi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Location Awareness 2
IPHLPAPI.DLL 75020000 102400 c:\windows\system32\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IP Helper API
dhcpcsvc6.DLL 74f10000 131072 c:\windows\system32\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCPv6 Client
bcrypt.dll 74ec0000 278528 c:\windows\system32\bcrypt.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Cryptographic Primitives Library
msxml6.dll 72e60000 1343488 C:\Windows\System32\msxml6.dll 6.10.1200.0 MSXML 6.0 SP1
rsaenh.dll 74b20000 229376 C:\Windows\System32\rsaenh.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Enhanced Cryptographic Provider
credssp.dll 74fc0000 28672 C:\Windows\System32\credssp.dll 6.0.6000.16386 (vista_rtm.061101-2205) TS Single Sign On Security Package
schannel.dll 74e70000 282624 C:\Windows\system32\schannel.dll 6.0.6000.16386 (vista_rtm.061101-2205) TLS / SSL Security Provider
kerberos.dll 74d90000 507904 C:\Windows\system32\kerberos.dll 6.0.6000.16386 (vista_rtm.061101-2205) Kerberos Security Package
cryptdll.dll 75240000 69632 C:\Windows\System32\cryptdll.dll 6.0.6000.16386 (vista_rtm.061101-2205) Cryptography Manager
slc.dll 75040000 233472 c:\windows\system32\slc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Software Licensing Client Dll
hidserv.dll 72c10000 36864 c:\windows\system32\hidserv.dll 6.0.6000.16386 (vista_rtm.061101-2205) HID Service
HID.DLL 73ac0000 36864 c:\windows\system32\HID.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Hid User Library
pcasvc.dll 72620000 53248 c:\windows\system32\pcasvc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Program Compatibility Assistant Service
apphelp.dll 756f0000 180224 c:\windows\system32\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Application Compatibility Client Library
sysmain.dll 71f30000 548864 c:\windows\system32\sysmain.dll 6.0.6000.16386 (vista_rtm.061101-2205) Superfetch Service Host
trkwks.dll 72130000 86016 c:\windows\system32\trkwks.dll 6.0.6000.16386 (vista_rtm.061101-2205) Distributed Link Tracking Client
wpdbusenum.dll 71d60000 86016 c:\windows\system32\wpdbusenum.dll 6.0.6000.16386 (vista_rtm.061101-2205) Portable Device Enumerator
GPAPI.dll 74d50000 86016 C:\Windows\System32\GPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Group Policy Client API
PortableDeviceApi.dll 71990000 286720 C:\Windows\system32\PortableDeviceApi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Portable Device API Components
umb.dll 71db0000 57344 C:\Windows\system32\umb.dll 6.0.6000.16386 (vista_rtm.061101-2205) User Mode Bus Driver Interface Dll
ATL.DLL 74370000 81920 C:\Windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
wdi.dll 72960000 348160 c:\windows\system32\wdi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Diagnostic Infrastructure
pcadm.dll 73a20000 40960 C:\Windows\system32\pcadm.dll 6.0.6000.16386 (vista_rtm.061101-2205) Program Compatibility Assistant Diagnostic Module
netman.dll 6fd90000 286720 c:\windows\system32\netman.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Connections Manager
RASAPI32.dll 735c0000 290816 c:\windows\system32\RASAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Access API
rasman.dll 73aa0000 81920 c:\windows\system32\rasman.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Access Connection Manager
TAPI32.dll 739e0000 200704 c:\windows\system32\TAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 73510000 49152 c:\windows\system32\rtutils.dll 6.0.6000.16386 (vista_rtm.061101-2205) Routing Utilities
WINMM.dll 73cd0000 208896 c:\windows\system32\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205) MCI API DLL
OLEACC.dll 73b20000 229376 c:\windows\system32\OLEACC.dll 4.2.5406.0 (vista_rtm.061101-2205) Active Accessibility Core Component
netshell.dll 6e9c0000 3190784 C:\Windows\System32\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Connections Shell
RASDLG.dll 6ed40000 839680 C:\Windows\System32\RASDLG.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Access Common Dialog API
MPRAPI.dll 704e0000 106496 C:\Windows\System32\MPRAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MP Router Administration DLL
ACTIVEDS.dll 70500000 217088 C:\Windows\System32\ACTIVEDS.dll 6.0.6000.16386 (vista_rtm.061101-2205) ADs Router Layer DLL
adsldpc.dll 70270000 208896 C:\Windows\System32\adsldpc.dll 6.0.6000.16386 (vista_rtm.061101-2205) ADs LDAP Provider C DLL
credui.dll 70170000 188416 C:\Windows\System32\credui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Credential Manager User Interface
hnetcfg.dll 70a00000 307200 C:\Windows\System32\hnetcfg.dll 6.0.6000.16386 (vista_rtm.061101-2205) Home Networking Configuration Manager
WINHTTP.dll 72c20000 389120 C:\Windows\System32\WINHTTP.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows HTTP Services
mswsock.dll 74d10000 241664 C:\Windows\system32\mswsock.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 74a50000 24576 C:\Windows\System32\wshtcpip.dll 6.0.6000.16386 (vista_rtm.061101-2205) Winsock2 Helper DLL (TL/IPv4)
upnp.dll 6e6b0000 208896 C:\Windows\system32\upnp.dll 6.0.6000.16386 (vista_rtm.061101-2205) UPnP Control Point API
SSDPAPI.dll 727b0000 49152 C:\Windows\system32\SSDPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) SSDP Client API DLL
SXS.DLL 75690000 389120 C:\Windows\System32\SXS.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Fusion 2.5
netcfgx.dll 711b0000 397312 C:\Windows\system32\netcfgx.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Configuration Objects
Cabinet.dll 74980000 81920 C:\Windows\System32\Cabinet.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft® Cabinet File API
wbemprox.dll 71460000 45056 C:\Windows\system32\wbem\wbemprox.dll 6.0.6000.16386 (vista_rtm.061101-2205) WMI
wbemcomn.dll 71930000 368640 C:\Windows\system32\wbem\wbemcomn.dll 6.0.6000.16386 (vista_rtm.061101-2205) WMI
wbemsvc.dll 712f0000 65536 C:\Windows\system32\wbem\wbemsvc.dll 6.0.6000.16386 (vista_rtm.061101-2205) WMI
fastprox.dll 70e70000 626688 C:\Windows\system32\wbem\fastprox.dll 6.0.6000.16386 (vista_rtm.061101-2205) WMI Custom Marshaller
NTDSAPI.dll 751b0000 98304 C:\Windows\system32\NTDSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Active Directory Domain Services API
radardt.dll 6dc30000 86016 C:\Windows\system32\radardt.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Windows Resource Exhaustion Detector
Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 510000 32768 C:\Windows\system32\svchost.exe 6.0.6000.16386 (vista_rtm.061101-2205) Host Process for Windows Services
ntdll.dll 77140000 1171456 C:\Windows\system32\ntdll.dll 6.0.6000.16386 (vista_rtm.061101-2205) NT Layer DLL
kernel32.dll 76a50000 884736 C:\Windows\system32\kernel32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT BASE API Client DLL
msvcrt.dll 769a0000 696320 C:\Windows\system32\msvcrt.dll 7.0.6000.16386 (vista_rtm.061101-2205) Windows NT CRT DLL
ADVAPI32.dll 75d00000 782336 C:\Windows\system32\ADVAPI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Advanced Windows 32 Base API
RPCRT4.dll 76f80000 798720 C:\Windows\system32\RPCRT4.dll 6.0.6000.16386 (vista_rtm.061101-2205) Remote Procedure Call Runtime
Protector.dll d50000 1118208 C:\Windows\system32\Protector.dll 6,0,0,78 API Guard
USER32.dll 76c00000 647168 C:\Windows\system32\USER32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows USER API Client DLL
GDI32.dll 75cb0000 307200 C:\Windows\system32\GDI32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDI Client DLL
IMM32.DLL 75dc0000 122880 C:\Windows\system32\IMM32.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76b30000 815104 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
LPK.DLL 77130000 36864 C:\Windows\system32\LPK.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Language Pack
USP10.dll 76df0000 512000 C:\Windows\system32\USP10.dll 1.0626.6000.16386 (vista_rtm.061101-2205) Uniscribe Unicode script processor
secuload.dll 10000000 172032 C:\Windows\system32\secuload.dll 6,0,0,78 API Guard
sfc.dll 75760000 20480 C:\Windows\system32\sfc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
sfc_os.dll 75750000 53248 C:\Windows\system32\sfc_os.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows File Protection
SETUPAPI.dll 75ad0000 1605632 C:\Windows\system32\SETUPAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Setup API
OLEAUT32.dll 77050000 573440 C:\Windows\system32\OLEAUT32.dll 6.0.6000.16386
ole32.dll 76ca0000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
SHLWAPI.dll 75e70000 348160 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
comctl32.dll 754f0000 1654784 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll 6.10 (vista_rtm.061101-2205) User Experience Controls Library
NTMARTA.DLL 74a90000 135168 C:\Windows\system32\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MARTA provider
WLDAP32.dll 770e0000 299008 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
WS2_32.dll 76f50000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DL
Kevyaeger72
Active Member
 
Posts: 9
Joined: October 11th, 2007, 11:59 pm

Unread postby Kevyaeger72 » October 14th, 2007, 3:49 am

anyone? help me please
Kevyaeger72
Active Member
 
Posts: 9
Joined: October 11th, 2007, 11:59 pm

Unread postby askey127 » October 23rd, 2007, 7:07 am

SORRY, but it appears we missed your post
When you posted a second time in your own thread before we answered, it took your request out of the Unanswered Posts category where helpers look to assist.

If you still need assistance, please post a fresh HiJackThis log as a reply here and someone will help you.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

HJT Log

Unread postby Kevyaeger72 » October 23rd, 2007, 6:12 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:58 PM, on 10/23/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\AIM\AIM Pro\aimpro.exe
C:\Program Files (x86)\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files (x86)\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Common Files\aol\1193098959\ee\aolsoftware.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\AOL 9.0\waol.exe
C:\Program Files (x86)\AOL 9.0\shellmon.exe
C:\Program Files (x86)\Intuit\QuickBooks 2006\qbw32.exe
C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files (x86)\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files (x86)\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1193098959\ee\AOLSoftware.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-558279349-1058300214-961749347-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7701 bytes
Kevyaeger72
Active Member
 
Posts: 9
Joined: October 11th, 2007, 11:59 pm

Unread postby silver » October 23rd, 2007, 9:31 pm

Hi Kevyaeger72,

Sorry it's taken so long for you to get a response, please tell me what symptoms you have experienced since reformatting. Please also tell me how you connect to the internet (i.e. through a router, modem, etc).

Download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply


Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Kevyaeger72 » October 24th, 2007, 2:15 am

Thank you for getting back with me! I appreciate it!

I have hackers who have installed rootkits in my system.. when I bought a new computer.. turning off lans/wans/modems/bluetooth.. all the virus/rootkits transferred to the new system.. I dont know how!

My system is highjack with visual basic stuff.. I used a program like hijackfree giving me tons of info.. I just dont know how to use it properly..

There is some type of system freeze. Where they turn my system back to a certain state. I dont know what program it is.

No one has had access to my computer.

-----------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X64; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 2037.32 MiB / 1120.81 MiB
Pagefile Memory (total/avail): 4296.21 MiB / 3359.7 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3958.87 MiB

C: is Fixed (NTFS) - 283.2 GiB total, 266.49 GiB free.
D: is Fixed (NTFS) - 14.89 GiB total, 14.8 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3320620AS ATA Device - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 283.2 GiB - C:
\PARTITION1 - Installable File System - 14.89 GiB - D:

\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

\\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Kevie\AppData\Roaming
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=KEVIE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Kevie
LOCALAPPDATA=C:\Users\Kevie\AppData\Local
LOGONSERVER=\\KEVIE-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=EM64T Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Kevie\AppData\Local\Temp
TMP=C:\Users\Kevie\AppData\Local\Temp
USERDOMAIN=Kevie-PC
USERNAME=Kevie
USERPROFILE=C:\Users\Kevie
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Kevie


-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
AIM Pro --> MsiExec.exe /X{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}
deskPDF 2.5 Standard Edition --> "C:\Program Files (x86)\Docudesk\deskPDF\unins000.exe"
Docudesk GPL Ghostscript 8.15 --> "C:\Program Files (x86)\Docudesk\GPL Ghostscript\unins000.exe"
eFax Messenger 4.3 --> C:\Program Files (x86)\eFax Messenger 4.3\Uninstall.exe
Foxit Editor --> MsiExec.exe /I{0B143533-B58A-48D6-B972-1187F398FC63}
Mozilla Firefox (2.0.0.8) --> C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type181 / Error
Event Submitted/Written: 10/20/2007 09:26:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16386, time stamp 0x4549b133, faulting module Flash9d.ocx, version 9.0.47.0, time stamp 0x466daac0, exception code 0xc0000005, fault offset 0x00187d7b,
process id 0x66c, application start time 0xiexplore.exe0.

Event Record #/Type166 / Warning
Event Submitted/Written: 10/20/2007 05:37:39 AM
Event ID/Source: 6006 / Wlclntfy
Event Description:
The winlogon notification subscriber <TrustedInstaller> took 115 second(s) to handle the notification event (CreateSession).

Event Record #/Type157 / Warning
Event Submitted/Written: 10/20/2007 05:36:44 AM
Event ID/Source: 6005 / Wlclntfy
Event Description:
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).

Event Record #/Type152 / Success
Event Submitted/Written: 10/20/2007 05:35:47 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type150 / Success
Event Submitted/Written: 10/20/2007 05:35:42 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6170 / Warning
Event Submitted/Written: 10/20/2007 00:17:39 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1505.0{EE0596D3-6EF9-4050-B50D-7D30D292313A}Kevie-PCKevieS-1-5-21-558279349-1058300214-961749347-1000Unknown%%832service:xpdt0%%807

Event Record #/Type6169 / Warning
Event Submitted/Written: 10/20/2007 00:17:39 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1505.0{502E0632-2F7C-489D-81B9-0886115522D8}Kevie-PCKevieS-1-5-21-558279349-1058300214-961749347-1000Unknown%%832driver:xpdt0%%807

Event Record #/Type6168 / Warning
Event Submitted/Written: 10/20/2007 00:17:39 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1505.0{9487A100-BC80-43A7-8DA9-63826643F398}Kevie-PCKevieS-1-5-21-558279349-1058300214-961749347-1000Unknown%%832driver:huy320%%807

Event Record #/Type6167 / Warning
Event Submitted/Written: 10/20/2007 00:17:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1505.0{69F2304F-6124-4D77-B441-4D7C061FC4CB}Kevie-PCKevieS-1-5-21-558279349-1058300214-961749347-1000Unknown%%832service:lzx320%%807

Event Record #/Type6166 / Warning
Event Submitted/Written: 10/20/2007 00:17:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1505.0{CC4EDF65-3AAA-46F5-B76D-FD66E78EAE84}Kevie-PCKevieS-1-5-21-558279349-1058300214-961749347-1000Unknown%%832service:huy320%%807



-- End of Deckard's System Scanner: finished at 2007-10-20 12:17:45 ------------

Deckard's System Scanner v20071014.68
Run by Kevie on 2007-10-23 22:58:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevie.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:18 PM, on 10/23/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Common Files\AOL\1193098959\ee\aolsoftware.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Users\Kevie\Desktop\dss(2).exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Kevie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=C:\WINDOWS\EXPLORER.EXE
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RegRun WinBait] C:\Windows\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~2\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~2\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-558279349-1058300214-961749347-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall Service (AVGFw2kv) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgfw2kv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ManageEngine Security Manager Plus (Security Manager Plus) - Unknown owner - C:\AdventNet\SecurityManager\bin\wrapper.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7028 bytes

-- Files created between 2007-09-23 and 2007-10-23 -----------------------------

2007-10-23 22:42:12 0 d-------- C:\Program Files (x86)\MSXML 4.0
2007-10-23 22:04:38 22528 --a------ C:\Windows\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite>
2007-10-23 22:04:38 31170 --a------ C:\Windows\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
2007-10-23 21:18:45 0 d-------- C:\Program Files (x86)\DesktopCentral
2007-10-23 21:15:21 32512 --a------ C:\Windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2007-10-23 21:14:33 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2007-10-23 21:14:33 0 d-------- C:\AdventNet
2007-10-23 19:25:19 0 dr-h----- C:\$VAULT$.AVG
2007-10-23 17:30:36 0 d-------- C:\Users\Kevie\Application Data\AVG7
2007-10-23 17:29:49 0 d-------- C:\Users\All Users\avg7
2007-10-23 17:29:49 0 d-------- C:\Users\All Users\Application Data\avg7
2007-10-23 17:07:44 0 d-------- C:\Users\All Users\Grisoft
2007-10-23 17:07:44 0 d-------- C:\Users\All Users\Application Data\Grisoft
2007-10-23 16:08:21 25773 --a------ C:\Windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2007-10-23 16:08:20 2 -rahs-o-t C:\Windows\winstart.bat
2007-10-23 16:04:43 16384 --a------ C:\Windows\WinBait.exe
2007-10-23 16:04:43 441856 --a------ C:\Windows\RunGuard.exe <Not Verified; Greatis Software; RegRun Security Suite>
2007-10-23 16:04:40 0 d-------- C:\Program Files (x86)\Greatis
2007-10-23 15:54:01 0 d-------- C:\RootkitNO
2007-10-23 15:43:49 0 d-a------ C:\Users\All Users\TEMP
2007-10-23 15:43:49 0 d-a------ C:\Users\All Users\Application Data\TEMP
2007-10-22 23:29:03 0 d-------- C:\SAV32CLI
2007-10-22 22:23:18 0 d-------- C:\!KillBox
2007-10-22 21:37:08 0 d-------- C:\Program Files (x86)\Safer Networking
2007-10-22 21:36:04 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-10-22 21:36:04 0 d-------- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2007-10-22 17:24:41 0 d-------- C:\Users\Kevie\Application Data\AOL
2007-10-22 17:24:39 0 d-------- C:\Users\All Users\Macromedia
2007-10-22 17:24:39 0 d-------- C:\Users\All Users\Application Data\Macromedia
2007-10-22 17:24:18 0 d-------- C:\Windows\Downloaded Installations
2007-10-22 17:23:40 0 d-------- C:\Program Files (x86)\Viewpoint
2007-10-22 17:22:38 0 d-------- C:\Users\All Users\Application Data\AOL
2007-10-22 17:22:38 0 d-------- C:\Users\All Users\AOL
2007-10-22 17:22:38 0 d-------- C:\Program Files (x86)\Common Files\aolshare
2007-10-22 17:22:38 0 d-------- C:\Program Files (x86)\Common Files\aol
2007-10-22 17:22:38 0 d-------- C:\Program Files (x86)\AOL 9.0
2007-10-22 15:30:48 1650688 --a------ C:\Windows\system32\cdintf250.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2007-10-22 15:25:59 0 d-------- C:\Program Files (x86)\Common Files\AnswerWorks 4.0
2007-10-22 15:25:02 0 d-------- C:\Users\All Users\Intuit
2007-10-22 15:25:02 0 d-------- C:\Users\All Users\Application Data\Intuit
2007-10-22 15:25:02 0 d-------- C:\Program Files (x86)\Intuit
2007-10-22 15:25:02 0 d-------- C:\Program Files (x86)\Common Files\Intuit
2007-10-22 15:19:02 0 d-------- C:\Windows\system32\URTTEMP
2007-10-22 15:18:14 0 d-------- C:\Program Files (x86)\Common Files\SWF Studio
2007-10-22 08:22:13 0 d-------- C:\Program Files (x86)\Java
2007-10-22 08:22:13 0 d-------- C:\Program Files (x86)\Common Files\Java
2007-10-21 21:55:30 0 d-------- C:\Windows\system32\x64
2007-10-21 18:09:32 0 d-------- C:\Users\All Users\Application Data\Apple Computer
2007-10-21 18:09:32 0 d-------- C:\Users\All Users\Apple Computer
2007-10-21 18:09:32 0 d-------- C:\Program Files (x86)\QuickTime
2007-10-21 18:08:56 0 d-------- C:\Users\All Users\Application Data\Apple
2007-10-21 18:08:56 0 d-------- C:\Users\All Users\Apple
2007-10-21 18:08:56 0 d-------- C:\Program Files (x86)\Apple Software Update
2007-10-21 18:01:38 0 d-------- C:\Program Files (x86)\Common Files\xing shared
2007-10-21 18:01:37 0 d-------- C:\Program Files (x86)\Real
2007-10-21 18:01:14 0 d-------- C:\Users\Kevie\Application Data\Real
2007-10-21 18:01:14 0 d-------- C:\Program Files (x86)\Common Files\Real
2007-10-21 05:47:04 0 d-------- C:\Program Files (x86)\GPLGS
2007-10-21 05:45:05 0 d-------- C:\Program Files (x86)\Acro Software
2007-10-21 04:29:32 0 d-------- C:\Program Files (x86)\a-squared HiJackFree
2007-10-20 23:25:43 0 d-------- C:\Program Files (x86)\Microsoft Works
2007-10-20 23:24:26 0 d-------- C:\Windows\PCHEALTH
2007-10-20 23:24:26 0 d-------- C:\Program Files (x86)\Microsoft.NET
2007-10-20 23:21:00 0 d-------- C:\Users\All Users\Microsoft Help
2007-10-20 23:21:00 0 d-------- C:\Users\All Users\Application Data\Microsoft Help
2007-10-20 23:20:33 0 dr-h----- C:\MSOCache
2007-10-20 23:08:31 0 d-------- C:\Users\Kevie\Application Data\Adobe
2007-10-20 23:07:08 0 d-------- C:\Users\All Users\Application Data\Adobe
2007-10-20 23:07:08 0 d-------- C:\Users\All Users\Adobe
2007-10-20 23:07:00 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2007-10-20 21:03:53 0 d-------- C:\Users\Kevie\Application Data\G7PS
2007-10-20 21:03:22 0 d-------- C:\Users\All Users\G7PS
2007-10-20 21:03:22 0 d-------- C:\Users\All Users\Application Data\G7PS
2007-10-20 21:02:59 0 d-------- C:\Program Files (x86)\gs
2007-10-20 21:02:59 0 d-------- C:\Program Files (x86)\Common Files\G7PS
2007-10-20 21:02:33 0 d-------- C:\Program Files (x86)\G7PS
2007-10-20 21:01:40 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2007-10-20 21:01:39 0 d--hs---- C:\Windows\Installer
2007-10-20 14:33:29 0 d-------- C:\Program Files (x86)\WinClamAVShield
2007-10-20 14:23:14 0 d-------- C:\Program Files (x86)\Crawler
2007-10-20 14:23:02 0 d-------- C:\Users\Kevie\Application Data\Application Data
2007-10-20 13:50:58 0 d-------- C:\Users\Kevie\Application Data\Desktop Mechanic
2007-10-20 13:42:08 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2007-10-20 13:42:05 0 d-------- C:\Program Files (x86)\Desktop Maestro
2007-10-20 13:20:07 0 d-------- C:\Program Files (x86)\FileASSASSIN
2007-10-20 12:17:16 0 d-------- C:\Program Files (x86)\Trend Micro
2007-10-20 10:16:25 0 d-------- C:\Program Files (x86)\Foxit Software
2007-10-20 09:07:53 0 d-------- C:\Users\Kevie\Application Data\eFax Messenger
2007-10-20 09:07:50 0 d-------- C:\Users\All Users\eFax Messenger 4.3 Output
2007-10-20 09:07:50 0 d-------- C:\Users\All Users\Application Data\eFax Messenger 4.3 Output
2007-10-20 09:07:49 0 d-------- C:\Users\All Users\eFax Messenger 4.3 Setup
2007-10-20 09:07:49 0 d-------- C:\Users\All Users\Application Data\eFax Messenger 4.3 Setup
2007-10-20 09:07:46 0 d-------- C:\Program Files (x86)\eFax Messenger 4.3
2007-10-20 08:54:06 0 d-------- C:\Users\Kevie\Application Data\deskPDF
2007-10-20 08:52:32 0 d-------- C:\Program Files (x86)\Docudesk
2007-10-20 04:40:50 0 d-------- C:\Windows\Panther
2007-10-20 04:40:42 0 d--hs---- C:\Boot
2007-10-20 04:16:05 0 d-------- C:\Users\Kevie\Application Data\Macromedia
2007-10-20 04:15:58 0 d-------- C:\Windows\system32\Macromed
2007-10-20 04:12:05 0 d-------- C:\Users\Kevie\Application Data\acccore
2007-10-20 04:12:04 0 d-------- C:\Users\Kevie\Application Data\AIMPro
2007-10-20 04:11:04 0 d-------- C:\Users\Kevie\Application Data\Talkback
2007-10-20 04:10:24 0 d-------- C:\Program Files (x86)\Common Files\Nullsoft
2007-10-20 04:10:21 0 d-------- C:\Program Files (x86)\AIM
2007-10-20 04:10:13 0 d-------- C:\Users\Kevie\Application Data\AIM
2007-10-20 04:10:05 335 --a------ C:\Windows\nsreg.dat
2007-10-20 04:10:03 0 d-------- C:\Users\Kevie\Application Data\Mozilla
2007-10-20 04:04:27 0 d-------- C:\Users\All Users\Application Data\AOL Downloads
2007-10-20 04:04:27 0 d-------- C:\Users\All Users\AOL Downloads
2007-10-20 03:56:01 0 dr------- C:\Users\Kevie\Searches
2007-10-20 03:55:52 0 d-------- C:\Users\Kevie\Application Data\Identities
2007-10-20 03:55:48 0 dr------- C:\Users\Kevie\Contacts
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\Templates
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\Start Menu
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\SendTo
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\Recent
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\PrintHood
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\NetHood
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\My Documents
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\Local Settings
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\Cookies
2007-10-20 03:55:16 0 d--hs---- C:\Users\Kevie\Application Data
2007-10-20 03:55:14 0 dr------- C:\Users\Kevie\Videos
2007-10-20 03:55:14 0 dr------- C:\Users\Kevie\Saved Games
2007-10-20 03:55:14 0 dr------- C:\Users\Kevie\Pictures
2007-10-20 03:55:14 3407872 --ahs---- C:\Users\Kevie\ntuser.dat
2007-10-20 03:55:14 0 dr------- C:\Users\Kevie\Music
2007-10-20 03:55:14 0 dr------- C:\Users\Kevie\Links
2007-10-20 03:55:14 0 dr------- C:\Users\Kevie\Favorites
2007-10-20 03:55:14 0 dr------- C:\Users\Kevie\Downloads
2007-10-20 03:55:14 0 dr------- C:\Users\Kevie\Documents
2007-10-20 03:55:14 0 dr------- C:\Users\Kevie\Desktop
2007-10-20 03:55:14 0 d---s---- C:\Users\Kevie\Application Data\Microsoft
2007-10-20 03:55:14 0 d-------- C:\Users\Kevie\Application Data\Media Center Programs
2007-10-20 03:55:14 0 d--h----- C:\Users\Kevie\AppData
2007-10-20 03:46:29 0 d-------- C:\Windows\SoftwareDistribution
2007-10-20 03:45:38 0 d-------- C:\Windows\Debug
2007-10-20 03:45:37 0 d-------- C:\Windows\CSC
2007-10-20 03:44:29 0 d-------- C:\Windows\Prefetch
2007-10-20 03:44:13 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2007-10-23 21:31:03 0 d-------- C:\Users\Kevie\AppData\Roaming\AVG7
2007-10-23 21:19:41 0 d-------- C:\Users\Kevie\AppData\Roaming\Application Data
2007-10-22 17:56:25 0 d-------- C:\Users\Kevie\AppData\Roaming\AOL
2007-10-22 17:22:38 0 d-------- C:\Program Files (x86)\Common Files
2007-10-22 17:22:17 0 d-------- C:\Users\Kevie\AppData\Roaming\Mozilla
2007-10-21 18:05:55 0 d-------- C:\Users\Kevie\AppData\Roaming\Real
2007-10-20 23:08:42 0 d-------- C:\Users\Kevie\AppData\Roaming\Adobe
2007-10-20 21:03:53 0 d-------- C:\Users\Kevie\AppData\Roaming\G7PS
2007-10-20 13:50:58 0 d-------- C:\Users\Kevie\AppData\Roaming\Desktop Mechanic
2007-10-20 09:11:08 0 d-------- C:\Users\Kevie\AppData\Roaming\eFax Messenger
2007-10-20 08:54:06 0 d-------- C:\Users\Kevie\AppData\Roaming\deskPDF
2007-10-20 05:37:25 174 --ahs---- C:\Program Files (x86)\desktop.ini
2007-10-20 05:34:17 0 d-------- C:\Program Files (x86)\Windows Mail
2007-10-20 05:34:17 0 d-------- C:\Program Files (x86)\Windows Calendar
2007-10-20 04:31:22 0 d-------- C:\Users\Kevie\AppData\Roaming\AIMPro
2007-10-20 04:16:05 0 d-------- C:\Users\Kevie\AppData\Roaming\Macromedia
2007-10-20 04:12:06 0 d-------- C:\Users\Kevie\AppData\Roaming\acccore
2007-10-20 04:11:04 0 d-------- C:\Users\Kevie\AppData\Roaming\Talkback
2007-10-20 04:10:13 0 d-------- C:\Users\Kevie\AppData\Roaming\AIM
2007-10-20 03:55:52 0 d-------- C:\Users\Kevie\AppData\Roaming\Identities
2007-08-24 19:41:44 1238832 --a------ C:\Windows\system32\igmedkrn.dll
2007-08-24 19:41:44 104636 --a------ C:\Windows\system32\igmedcompkrn.dll
2007-08-24 19:39:54 2494464 --a------ C:\Windows\system32\igdumd32.dll <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows Vista(R)>
2007-08-24 19:35:08 1585152 --a------ C:\Windows\system32\ig4dev32.dll <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows Vista(R)>
2007-08-24 19:34:54 2408448 --a------ C:\Windows\system32\ig4icd32.dll <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows Vista(R)>
2007-08-24 19:27:42 69632 --a------ C:\Windows\system32\oemdspif.dll <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-08-24 19:26:50 204800 --a------ C:\Windows\system32\igfxdv32.dll <Not Verified; Intel Corporation; Intel(R) Common User Interface>


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2007-10-23 22:58:38 ------------
Kevyaeger72
Active Member
 
Posts: 9
Joined: October 11th, 2007, 11:59 pm

Unread postby silver » October 24th, 2007, 3:21 am

Hi Kevyaeger72,

Thanks for the information, however I'd like some more details because I don't think I understand completely.

First, why is it you think there is a rootkit on your machine.

Please also tell me what actual symptoms you have experienced since reformatting. This could be things like popups, a slow system, or unexplained file/network activity. Also please give more information on the system freeze issue.

------------------------------------------------------------------------

Please right-click HijackThis and choose Run as administrator
Choose Do a system scan only and place a checkmark next to the following line:
F2 - REG:system.ini: UserInit=userinit.exe

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Then please do an online scan with Kaspersky:

Open Kaspersky Online Scanner in Internet Explorer

When prompted, allow the installation of ActiveX components from Kaspersky
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As button, change the Save as type: to Text file and save the file to your Desktop
  • If Internet Explorer responds saying the report has been saved to the Temporary Internet Files folder, say Yes to open the folder, then navigate to C -> Users -> (Your username) -> Desktop to locate the report
Note: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

------------------------------------------------------------------------

Once complete, please post the Kaspersky report and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Kevyaeger72 » October 27th, 2007, 1:03 am

I came across info about: HackTool.Rootkit but this is something from the 90's? Various programs such as AOL, Acrobat Reader and such are being used remotely. I see where streams use these programs to send documents out disguised as tmp files.
NDIS, mutex, AOL, viewpoint are to name a few. Most software (anti-virus, rootkit detectors or whatever rarely see's my problem. At times I feel like I am crazy. From what I can tell my system is being used as some time of ad hoc. At one point there were over 20K host names on my system. I have re-formatted my system and even bought a brand new one. Their files hide in a hidden secured partition on drive x: (that’s the actual drive letter) When I bought a brand new system the files transferred over wirelessly but the strange thing is.. I turned off the modem, lan/nic, and wireless in the BIOS.. But still transferred? I don't know how!
------------------
Warning!
GMER has found system modification, which may have been caused by ROOTKIT activity.

------------------

Here is the kaspersky log:

KASPERSKY ONLINE SCANNER REPORT
Friday, October 26, 2007 9:49:19 PM
Operating System: Microsoft Windows Vista, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/10/2007
Kaspersky Anti-Virus database records: 446914
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Folders
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 77376
Number of viruses found 6
Number of infected objects 24
Number of suspicious objects 0
Duration of the scan process 00:47:13

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files (x86)\MACMask\AlexaInstaller.exe/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Program Files (x86)\MACMask\AlexaInstaller.exe/data0009 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Program Files (x86)\MACMask\AlexaInstaller.exe NSIS: infected - 2 skipped
C:\Program Files (x86)\NetBus Pro\NBFind.dll Infected: Backdoor.Win32.Netbus.20.b skipped
C:\Program Files (x86)\NetBus Pro\NBSvr.exe Infected: Backdoor.Win32.Netbus.20.c skipped
C:\Program Files (x86)\NetBus Pro\NetBus.exe Infected: Backdoor.Win32.Netbus.20.c skipped
C:\Program Files (x86)\Sana Security\Primary Response SafeConnect\agent\log\SanaAgent.log Object is locked skipped
C:\Program Files (x86)\Sana Security\Primary Response SafeConnect\agent\log\SanaAgent_boot.log Object is locked skipped
C:\Program Files (x86)\Sana Security\Primary Response SafeConnect\agent\log\SanaAgent_graph.log Object is locked skipped
C:\Program Files (x86)\Sana Security\Primary Response SafeConnect\agent\log\SanaAgent_malware.log Object is locked skipped
C:\Program Files (x86)\Sana Security\Primary Response SafeConnect\agent\log\SanaAgent_node.log Object is locked skipped
C:\Program Files (x86)\Sana Security\Primary Response SafeConnect\agent\log\SanaAgent_removed.log Object is locked skipped
C:\Program Files (x86)\SwitchSniffer\AlexaInstaller.exe/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Program Files (x86)\SwitchSniffer\AlexaInstaller.exe/data0009 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Program Files (x86)\SwitchSniffer\AlexaInstaller.exe NSIS: infected - 2 skipped
C:\Program Files (x86)\Syhunt\Sandcat Suite\Libssl32.dll Infected: not-a-virus:NetTool.Win32.STunnel.404 skipped
C:\ProgramData\AOL\ACS\1.0\ph Object is locked skipped
C:\ProgramData\AOL\ACS\1.0\variable Object is locked skipped
C:\ProgramData\eFax Messenger 4.3 Output\dickhead\~Running.ping Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012007102620071027\index.dat Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\79IL5DKP\SpyberusInstaller1.0.283.283[1].exe Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\UsrClass.dat{4912a5a4-82e5-11dc-be6c-0019d1613c59}.TM.blf Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\UsrClass.dat{4912a5a4-82e5-11dc-be6c-0019d1613c59}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Windows\UsrClass.dat{4912a5a4-82e5-11dc-be6c-0019d1613c59}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\dickhead\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\dickhead\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Users\dickhead\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\dickhead\AppData\Local\Temp\SATarget.EXE/file3/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Users\dickhead\AppData\Local\Temp\SATarget.EXE/file3/data0009 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Users\dickhead\AppData\Local\Temp\SATarget.EXE/file3 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Users\dickhead\AppData\Local\Temp\SATarget.EXE Inno: infected - 3 skipped
C:\Users\dickhead\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\dickhead\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\dickhead\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Users\dickhead\Documents\WinArpSpoof[1]\AlexaInstaller.exe/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Users\dickhead\Documents\WinArpSpoof[1]\AlexaInstaller.exe/data0009 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Users\dickhead\Documents\WinArpSpoof[1]\AlexaInstaller.exe NSIS: infected - 2 skipped
C:\Users\dickhead\Downloads\nbpro201.exe Infected: Backdoor.Win32.Netbus.21.a skipped
C:\Users\dickhead\Downloads\sspro_48.exe/WISE0004.BIN Infected: not-a-virus:Downloader.Win32.Agent.r skipped
C:\Users\dickhead\Downloads\sspro_48.exe WiseSFX: infected - 1 skipped
C:\Users\dickhead\Downloads\SwitchSniffer_Setup.exe/file05/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Users\dickhead\Downloads\SwitchSniffer_Setup.exe/file05/data0009 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Users\dickhead\Downloads\SwitchSniffer_Setup.exe/file05 Infected: not-a-virus:AdWare.Win32.AlexaBar.n skipped
C:\Users\dickhead\Downloads\SwitchSniffer_Setup.exe Inno: infected - 3 skipped
C:\Users\dickhead\NTUSER.DAT Object is locked skipped
C:\Users\dickhead\ntuser.dat.LOG1 Object is locked skipped
C:\Users\dickhead\ntuser.dat.LOG2 Object is locked skipped
C:\Users\dickhead\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf Object is locked skipped
C:\Users\dickhead\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\dickhead\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\CSC\v2.0.6\sm Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{09B78ECF-8BB8-4B93-8428-771FD1A15FED}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_2b166a33f17217b5\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
Scan process completed.

----------------

I've installed programs which looks like some of the virus's are fake +'s.. but the c:\boot is from the high jackers. I think I have covered all you have asked for but if not please let me know.

Kevin
Kevyaeger72
Active Member
 
Posts: 9
Joined: October 11th, 2007, 11:59 pm

Unread postby silver » October 27th, 2007, 5:07 am

Hi Kevyaeger72,

Thank you for the information, I have some questions:

I've installed programs which looks like some of the virus's are fake +'s

You have a "remote access and spy tool" installed, you also have a "surveillance tool" installed. Are you aware of this and is this what you are referring to?

but the c:\boot is from the high jackers.

The C:\boot directory and the files shown in this directory by Kaspersky are legitimate Windows files so they are nothing to be concerned about.

Various programs such as AOL, Acrobat Reader and such are being used remotely. I see where streams use these programs to send documents out disguised as tmp files.

I need some further information on this, such as exactly what you mean by "streams", and how you have ascertained that these programs are acting in the manner you have described.

Their files hide in a hidden secured partition on drive x: (that’s the actual drive letter)

How have you determined that there is a drive X: on this computer? What files have you seen in drive X: ?
When I bought a brand new system the files transferred over wirelessly but the strange thing is.. I turned off the modem, lan/nic, and wireless in the BIOS.. But still transferred? I don't know how!

You are quite right, if there is no way to transfer the files, how could they have got there? Exactly what files are you referring to?

At this stage I've seen no evidence of malware on your system, so I need some very detailed information in order to help you with these issues.

You should also know that a helper on a forum cannot give you a 100% assurance that your machine is safe, this along with the fact that there are remote admin tools installed and that you clearly have grave concerns for the security of your system suggests to me that you may be better off reformatting your system.

If you reformat and reinstall from the original media you can be sure that there are no hidden partitions, hijackers or malware on the system. This is the only way to be 100% sure that your machine is clean and it may be the only way to ease your concerns and enable you to use your computer with confidence.

Please answer the questions and let me know how you wish to proceed.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Kevyaeger72 » October 30th, 2007, 2:52 am

You have a "remote access and spy tool" installed, you also have a "surveillance tool" installed. Are you aware of this and is this what you are referring to?


I can't seem to get rid of the remote access software. I did NOT install it. However I did install the spy tool and surveillance tool.

but the c:\boot is from the high jackers.
Quote:


The C:\boot directory and the files shown in this directory by Kaspersky are legitimate Windows files so they are nothing to be concerned about.

All the files the hackers use are normal every windows files. for example drive x: has a setup for reinstalling windows. You can remote your hard drive, fdisk it, or low level partition it. drive x: has never went away. I even went as far as buying a new hard drive and drive x re-appeared. Something in the memory installed the software?
Quote:
Various programs such as AOL, Acrobat Reader and such are being used remotely. I see where streams use these programs to send documents out disguised as tmp files.

I need some further information on this, such as exactly what you mean by "streams", and how you have ascertained that these programs are acting in the manner you have described.

I see programs opening and file transfers


Quote:
Their files hide in a hidden secured partition on drive x: (that’s the actual drive letter)

How have you determined that there is a drive X: on this computer? What files have you seen in drive X: ?


Quote:
When I bought a brand new system the files transferred over wirelessly but the strange thing is.. I turned off the modem, lan/nic, and wireless in the BIOS.. But still transferred? I don't know how!


You are quite right, if there is no way to transfer the files, how could they have got there? Exactly what files are you referring to?

At this stage I've seen no evidence of malware on your system, so I need some very detailed information in order to help you with these issues.

You should also know that a helper on a forum cannot give you a 100% assurance that your machine is safe, this along with the fact that there are remote admin tools installed and that you clearly have grave concerns for the security of your system suggests to me that you may be better off reformatting your system.

If you reformat and reinstall from the original media you can be sure that there are no hidden partitions, hijackers or malware on the system. This is the only way to be 100% sure that your machine is clean and it may be the only way to ease your concerns and enable you to use your computer with confidence.

Please answer the questions and let me know how you wish to proceed.


I keep finding different "software bluetooth devices". I always turn them off "disable" or "delete" them. I see drive x: with various partition programs. Drive x: contains all the windows cd files.
I installed "hijack free" from A-Squared. An awesome program. It shows me all sorts of active-x hi jackings in my browser. All the files I see are all active x. I just dont know how to stop them. There is some type of ghost partition because my system keeps reverting back to a certain state.
Kevyaeger72
Active Member
 
Posts: 9
Joined: October 11th, 2007, 11:59 pm

Unread postby silver » October 30th, 2007, 4:14 am

Hi Kevyaeger72,

According to the DSS scan, you have two hard drive partitions, C: and D:, and there is no sign of an X: drive:

C: is Fixed (NTFS) - 283.2 GiB total, 266.49 GiB free.
D: is Fixed (NTFS) - 14.89 GiB total, 14.8 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3320620AS ATA Device - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 283.2 GiB - C:
\PARTITION1 - Installable File System - 14.89 GiB - D:
\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device
\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device
\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device
\\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device

What partition programs have you used which have showed drive X: ?
Why don't you remove the drive X: with the partition program?

I installed "hijack free" from A-Squared. An awesome program. It shows me all sorts of active-x hi jackings in my browser.

Please post the log from this program so I can see what it has found.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Kevyaeger72 » October 30th, 2007, 6:18 am

I've tried removing drive x. Nothing will remove. Ranish Partition Manager has been the best for me but still wont remove.

---------------------

Here is the startup list from hijackfree

StartupList report, 4:04:49 AM, 10/30/2007
StartupList version: 3.0
Started from: C:\PROGRAM FILES (X86)\A-SQUARED HIJACKFREE\A2HIJACKFREE.EXE
Detected: Windows (Windows NT 6.0.6000)
Detected: Internet Explorer 7.0 (7.0.6000.16546)
==================================================

Running processes:

C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~2\eConceal\econser.exe
C:\PROGRA~2\eConceal\econceal.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\drivers\XAudio64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\eConceal\econipc.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\supervisor.exe
C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
C:\Program Files (x86)\EULAlyzer\eulalyzer.exe
C:\Program Files (x86)\EULAlyzer\eulalyzer.exe
C:\Windows\System32\wuauclt.exe
C:\Windows\System32\taskeng.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil9d.exe
C:\Program Files (x86)\Foxit Software\PDF Editor\PDFEdit.exe
C:\Program Files (x86)\a-squared HiJackFree\a2hijackfree.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\Lets Play\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\]
VersionTrackerPro.lnk = C:\Users\Lets Play\AppData\Roaming\Microsoft\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

eConceal IPC = "C:\Program Files (x86)\eConceal\econipc.exe"
BCWipeTM Startup = "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

gi1640993429 = "C:\Users\LETSPL~1\AppData\Local\Temp\giH0UMS0.exe" /resume:"C:\Users\LETSPL~1\AppData\Local\Temp\2PH0UM4O" /exename:"C:\Users\Lets Play\Downloads\Free-SpyHunter-Scanner-Install.exe"

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .VBE:
HKEY_CLASSES_ROOT\vbefile\shell\open\command

(Default) = "%SystemRoot%\System32\WScript.exe" "%1" %*

--------------------------------------------------

File association entry for .JS:
HKEY_CLASSES_ROOT\jsfile\shell\open\command

(Default) = %SystemRoot%\System32\WScript.exe "%1" %*

--------------------------------------------------

File association entry for .JSE:
HKEY_CLASSES_ROOT\jsefile\shell\open\command

(Default) = %SystemRoot%\System32\WScript.exe "%1" %*

--------------------------------------------------

File association entry for .WSH:
HKEY_CLASSES_ROOT\wshfile\shell\open\command

(Default) = "%SystemRoot%\System32\WScript.exe" "%1" %*

--------------------------------------------------

File association entry for .WSF:
HKEY_CLASSES_ROOT\wsffile\shell\open\command

(Default) = "%SystemRoot%\System32\WScript.exe" "%1" %*

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=wave
drivers=timer

Shell & screensaver key from Registry

Shell = explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\logon.scr
drivers=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!
C:\Windows\System32\Explorer.exe: PRESENT!

c:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows\
- .reg open command is normal (regedit.exe %1)
- Original filename OK: REGEDIT.EXE
- File description Registry Editor

--------------------------------------------------

Enumerating Browser Helper Objects:


--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: C:\Windows\System32\drivers\acpi.sys (Boot)
Application Experience Service: C:\Windows\system32\svchost.exe (Auto)
Ancilliary Function Driver for Winsock: C:\Windows\system32\drivers\afd.sys (System)
Intel AGP Bus Filter: C:\Windows\system32\drivers\agp440.sys (Manual)
Application Layer Gateway Service: C:\Windows\System32\alg.exe (Manual)
AMD K8 Processor Driver: C:\Windows\system32\drivers\amdk8.sys (Disabled)
Application Information Service: C:\Windows\system32\svchost.exe (Manual)
AppMgmt: C:\Windows\system32\svchost.exe (Manual)
RAS Asynchronous Media Driver: C:\Windows\System32\DRIVERS\asyncmac.sys (Manual)
IDE Channel: C:\Windows\System32\drivers\atapi.sys (Boot)
Windows Audio Service: C:\Windows\System32\svchost.exe (Auto)
Windows Audio Service: C:\Windows\System32\svchost.exe (Auto)
Background Intelligent Transfer Service: C:\Windows\System32\svchost.exe (Auto)
Bowser: C:\Windows\System32\DRIVERS\bowser.sys (Manual)
Brother USB Mass-Storage Lower Filter Driver: C:\Windows\system32\drivers\brfiltlo.sys (Manual)
Brother USB Mass-Storage Upper Filter Driver: C:\Windows\system32\drivers\brfiltup.sys (Manual)
Computer Browser Service DLL: C:\Windows\System32\svchost.exe (Auto)
Brother MFC Serial Port Interface Driver (WDM): C:\Windows\System32\DRIVERS\BrSerId.sys (Manual)
Brother WDM Serial driver: C:\Windows\system32\drivers\brserwdm.sys (Disabled)
Brother MFC USB Fax Only Modem: C:\Windows\system32\drivers\brusbmdm.sys (Disabled)
Brother MFC USB Serial WDM Driver: C:\Windows\System32\DRIVERS\BrUsbSer.sys (Manual)
Bluetooth Serial Communications Driver: C:\Windows\system32\drivers\bthmodem.sys (Disabled)
CD/DVD File System Reader: C:\Windows\System32\DRIVERS\cdfs.sys (Disabled)
CD-ROM Driver: C:\Windows\System32\DRIVERS\cdrom.sys (System)
Microsoft Smartcard Certificate Propagation Service: C:\Windows\system32\svchost.exe (Manual)
Consumer IR Devices: C:\Windows\system32\drivers\circlass.sys (Disabled)
Common Log (CLFS): C:\Windows\System32\CLFS.sys (Boot)
Microsoft .NET Framework NGEN v2.0.50727_X86: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Manual)
Microsoft .NET Framework NGEN v2.0.50727_X64: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Manual)
Microsoft Composite Battery Driver: C:\Windows\system32\drivers\compbatt.sys (Disabled)
COMSysApp: C:\Windows\system32\dllhost.exe (Manual)
Crcdisk Filter Driver: C:\Windows\System32\drivers\crcdisk.sys (Boot)
Cryptographic Services: C:\Windows\system32\svchost.exe (Auto)
Offline Files Driver: C:\Windows\System32\drivers\csc.sys (System)
CSC Service DLL: C:\Windows\System32\svchost.exe (Auto)
Dfs Client Driver: C:\Windows\System32\Drivers\dfsc.sys (System)
DFSR: C:\Windows\system32\DFSR.exe (Manual)
DHCP Client Service: C:\Windows\system32\svchost.exe (Auto)
Disk Driver: C:\Windows\System32\drivers\disk.sys (Boot)
DNS Client API DLL: C:\Windows\system32\svchost.exe (Auto)
Wired AutoConfig Service: C:\Windows\system32\svchost.exe (Manual)
Microsoft Kernel DRM Audio Descrambler: C:\Windows\System32\drivers\drmkaud.sys (Manual)
LDDM Graphics Subsystem: C:\Windows\System32\drivers\dxgkrnl.sys (Manual)
Intel(R) PRO/1000 PCI Express Network Connection Driver: C:\Windows\System32\DRIVERS\e1e6032e.sys (Manual)
Intel(R) PRO/1000 NDIS 6 Adapter Driver: C:\Windows\System32\DRIVERS\E1G6032E.sys (Manual)
Microsoft EAPHost service: C:\Windows\System32\svchost.exe (Manual)
ReadyBoost Caching Driver: C:\Windows\System32\drivers\ecache.sys (Boot)
eConceal Service: c:\progra~2\econceal\EconSer.exe (Auto)
Windows Media Center Receiver Service: C:\Windows\ehome\ehRecvr.exe (Manual)
Windows Media Center Scheduler Service: C:\Windows\ehome\ehsched.exe (Manual)
Windows Media Center Service Launcher: C:\Windows\\system32\svchost.exe (Auto)
ReadyBoost Service: C:\Windows\system32\svchost.exe (Auto)
Event Logging Service: C:\Windows\System32\svchost.exe (Auto)
EventSystem: C:\Windows\system32\svchost.exe (Auto)
Floppy Disk Controller Driver: C:\Windows\System32\DRIVERS\fdc.sys (Disabled)
WS Discovery Service: C:\Windows\system32\svchost.exe (Manual)
Function Discovery Resource Publication Service: C:\Windows\system32\svchost.exe (Auto)
File Information FS MiniFilter: C:\Windows\System32\drivers\fileinfo.sys (Boot)
FileTrace: C:\Windows\System32\drivers\filetrace.sys (Manual)
Floppy Disk Driver: C:\Windows\System32\DRIVERS\flpydisk.sys (Disabled)
FltMgr: C:\Windows\System32\drivers\fltmgr.sys (Boot)
Windows Presentation Foundation Host: C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Manual)
BitLocker Drive Encryption Filter Driver: C:\Windows\System32\DRIVERS\fvevol.sys (Boot)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: C:\Windows\system32\drivers\gagp30kx.sys (Manual)
Microsoft 1.1 UAA Function Driver for High Definition Audio Service: C:\Windows\System32\drivers\HdAudio.sys (Manual)
Microsoft UAA Bus Driver for High Definition Audio: C:\Windows\System32\DRIVERS\HDAudBus.sys (Manual)
Microsoft Bluetooth HID Miniport: C:\Windows\system32\drivers\hidbth.sys (Disabled)
Microsoft Infrared HID Driver: C:\Windows\system32\drivers\hidir.sys (Disabled)
HID Service: C:\Windows\system32\svchost.exe (Auto)
Microsoft HID Class Driver: C:\Windows\System32\DRIVERS\hidusb.sys (Manual)
Key Management Service: C:\Windows\System32\svchost.exe (Manual)
HTTP: C:\Windows\System32\drivers\HTTP.sys (Manual)
i8042 Keyboard and PS/2 Mouse Port Driver: C:\Windows\System32\DRIVERS\i8042prt.sys (Disabled)
Intel RAID Controller Vista: C:\Windows\system32\drivers\iastorv.sys (Disabled)
Service Model Installer Resource Library: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Manual)
IKE extension: C:\Windows\system32\svchost.exe (Auto)
Intel Processor Driver: C:\Windows\System32\DRIVERS\intelppm.sys (Manual)
PnP-X IP Bus Enumerator DLL: C:\Windows\system32\svchost.exe (Manual)
IP Traffic Filter Driver: C:\Windows\System32\DRIVERS\ipfltdrv.sys (Manual)
Service that offers IPv6 connectivity over an IPv4 network.: C:\Windows\System32\svchost.exe (Auto)
IP in IP Tunnel Driver: C:\Windows\System32\DRIVERS\ipinip.sys (Manual)
IP Network Address Translator: C:\Windows\System32\DRIVERS\ipnat.sys (Manual)
IR Bus Enumerator: C:\Windows\System32\drivers\irenum.sys (Manual)
PnP ISA/EISA Bus Driver: C:\Windows\system32\drivers\isapnp.sys (Disabled)
iScsiPort Driver: C:\Windows\System32\DRIVERS\msiscsi.sys (Manual)
ITEATAPI_Service_Install: C:\Windows\system32\drivers\iteatapi.sys (Disabled)
ITERAID_Service_Install: C:\Windows\system32\drivers\iteraid.sys (Disabled)
Keyboard Class Driver: C:\Windows\System32\DRIVERS\kbdclass.sys (System)
Keyboard HID Driver: C:\Windows\System32\DRIVERS\kbdhid.sys (System)
KeyIso: C:\Windows\system32\lsass.exe (Manual)
Kernel Streaming Thunks: C:\Windows\system32\drivers\ksthunk.sys (Manual)
KtmRm: C:\Windows\System32\svchost.exe (Auto)
Server Service DLL: C:\Windows\system32\svchost.exe (Auto)
Workstation Service DLL: C:\Windows\System32\svchost.exe (Auto)
Link-Layer Topology Discovery Mapper I/O Driver: C:\Windows\System32\DRIVERS\lltdio.sys (Auto)
Link-Layer Topology Discovery Resources: C:\Windows\System32\svchost.exe (Manual)
TCPIP NetBios Transport Services DLL: C:\Windows\system32\svchost.exe (Auto)
UAC File Virtualization: C:\Windows\system32\drivers\luafv.sys (Auto)
Media Center Resources: C:\Windows\system32\svchost.exe (Disabled)
Multimedia Class Scheduler Service: C:\Windows\system32\svchost.exe (Auto)
Microsoft Monitor Class Function Driver Service: C:\Windows\System32\DRIVERS\monitor.sys (Manual)
Mouse Class Driver: C:\Windows\System32\DRIVERS\mouclass.sys (System)
Mouse HID Driver: C:\Windows\System32\DRIVERS\mouhid.sys (Manual)
Mount Point Manager: C:\Windows\System32\drivers\mountmgr.sys (Boot)
Microsoft Multi-Path Bus Driver: C:\Windows\system32\drivers\mpio.sys (Disabled)
Windows Firewall API: C:\Windows\System32\drivers\mpsdrv.sys (Manual)
Windows Firewall API: C:\Windows\system32\svchost.exe (Auto)
WebDav Client Redirector Driver: C:\Windows\system32\drivers\mrxdav.sys (Manual)
SMB MiniRedirector Wrapper and Engine: C:\Windows\System32\DRIVERS\mrxsmb.sys (Manual)
SMB 1.x MiniRedirector: C:\Windows\System32\DRIVERS\mrxsmb10.sys (Manual)
SMB 2.0 MiniRedirector: C:\Windows\System32\DRIVERS\mrxsmb20.sys (Manual)
Microsoft Multi-Path Device Specific Module: C:\Windows\system32\drivers\msdsm.sys (Disabled)
MSDTC: C:\Windows\System32\msdtc.exe (Manual)
ISA/EISA Class Driver: C:\Windows\System32\drivers\msisadrv.sys (Boot)
iSCSI Discovery api: C:\Windows\system32\svchost.exe (Manual)
Windows® Installer International Messages: C:\Windows\system32\msiexec (Manual)
Microsoft Streaming Service Proxy: C:\Windows\System32\drivers\MSKSSRV.sys (Manual)
Microsoft Streaming Clock Proxy: C:\Windows\System32\drivers\MSPCLOCK.sys (Manual)
Microsoft Streaming Quality Manager Proxy: C:\Windows\System32\drivers\MSPQM.sys (Manual)
Microsoft System Management BIOS Driver: C:\Windows\System32\DRIVERS\mssmbios.sys (Manual)
Microsoft Streaming Tee/Sink-to-Sink Converter: C:\Windows\System32\drivers\MSTEE.sys (Manual)
Mup: C:\Windows\System32\Drivers\mup.sys (Boot)
Quarantine Agent Service Run-Time: C:\Windows\System32\svchost.exe (Manual)
NativeWiFi Filter: C:\Windows\System32\DRIVERS\nwifi.sys (Manual)
NDIS System Driver: C:\Windows\System32\drivers\ndis.sys (Boot)
Remote Access NDIS TAPI Driver: C:\Windows\System32\DRIVERS\ndistapi.sys (Manual)
NDIS Usermode I/O Protocol: C:\Windows\System32\DRIVERS\ndisuio.sys (Manual)
Remote Access NDIS WAN Driver: C:\Windows\System32\DRIVERS\ndiswan.sys (Manual)
NetBIOS Interface: C:\Windows\System32\DRIVERS\netbios.sys (System)
NETBT: C:\Windows\System32\DRIVERS\netbt.sys (System)
Net Logon Services DLL: C:\Windows\system32\lsass.exe (Manual)
Network Connections Manager: C:\Windows\System32\svchost.exe (Manual)
Network Profile Management UI: C:\Windows\System32\svchost.exe (Auto)
Service Model Installer Resource Library: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Disabled)
Network Location Awareness 2: C:\Windows\System32\svchost.exe (Auto)
Network Store Interface RPC server: C:\Windows\system32\svchost.exe (Auto)
NSI proxy service: C:\Windows\System32\drivers\nsiproxy.sys (System)
NVIDIA nForce AGP Bus Filter: C:\Windows\system32\drivers\nv_agp.sys (Manual)
IPX Traffic Filter Driver: C:\Windows\System32\DRIVERS\nwlnkflt.sys (Manual)
IPX Traffic Forwarder Driver: C:\Windows\System32\DRIVERS\nwlnkfwd.sys (Manual)
Texas Instruments OHCI Compliant IEEE 1394 Host Controller: C:\Windows\System32\DRIVERS\ohci1394.sys (Manual)
Peer-to-Peer Services: C:\Windows\System32\svchost.exe (Manual)
Peer-to-Peer Services: C:\Windows\System32\svchost.exe (Manual)
Parallel port driver: C:\Windows\system32\drivers\parport.sys (Disabled)
Partition Manager: C:\Windows\System32\drivers\partmgr.sys (Boot)
Program Compatibility Assistant Service: C:\Windows\system32\svchost.exe (Auto)
PCI Bus Driver: C:\Windows\System32\drivers\pci.sys (Boot)
PEAUTH: C:\Windows\System32\drivers\peauth.sys (Auto)
Performance Logs & Alerts: C:\Windows\System32\svchost.exe (Manual)
User-mode Plug-and-Play Service: C:\Windows\system32\svchost.exe (Auto)
Peer-to-Peer Services: C:\Windows\System32\svchost.exe (Manual)
Peer-to-Peer Services: C:\Windows\System32\svchost.exe (Manual)
Policy Storage dll: C:\Windows\system32\svchost.exe (Auto)
WAN Miniport (PPTP): C:\Windows\System32\DRIVERS\raspptp.sys (Manual)
Processor Driver: C:\Windows\system32\drivers\processr.sys (Disabled)
ProfSvc: C:\Windows\system32\svchost.exe (Auto)
Protected Storage default provider: C:\Windows\system32\lsass.exe (Manual)
QoS Packet Scheduler: C:\Windows\System32\DRIVERS\pacer.sys (System)
QLogic Fibre Channel Miniport Driver: C:\Windows\system32\drivers\ql2300.sys (Disabled)
QLogic iSCSI Miniport Driver: C:\Windows\system32\drivers\ql40xx.sys (Disabled)
Windows NT: C:\Windows\\system32\svchost.exe (Manual)
Microsoft Quality Windows Audio Video Experience (qWave) Support Driver: C:\Windows\system32\drivers\qwavedrv.sys (Manual)
Remote Access Auto Connection Driver: C:\Windows\System32\DRIVERS\rasacd.sys (System)
Remote Access AutoDial Manager: C:\Windows\system32\svchost.exe (Manual)
WAN Miniport (L2TP): C:\Windows\System32\DRIVERS\rasl2tp.sys (Manual)
Remote Access Connection Manager: C:\Windows\system32\svchost.exe (Manual)
Remote Access PPPOE Driver: C:\Windows\System32\DRIVERS\raspppoe.sys (Manual)
Redirected Buffering Sub Sysytem: C:\Windows\System32\DRIVERS\rdbss.sys (System)
RDPCDD: C:\Windows\System32\DRIVERS\RDPCDD.sys (System)
Terminal Server Device Redirector Driver: C:\Windows\System32\DRIVERS\rdpdr.sys (Manual)
RDP Encoder Mirror Driver: C:\Windows\System32\drivers\rdpencdd.sys (System)
RemoteRegistry: C:\Windows\system32\svchost.exe (Manual)
Rpc Locator: C:\Windows\system32\locator.exe (Manual)
Link-Layer Topology Discovery Responder: C:\Windows\System32\DRIVERS\rspndr.sys (Auto)
SBP-2 Transport/Protocol Bus Driver: C:\Windows\system32\drivers\sbp2port.sys (Disabled)
Smart Card Resource Management Server: C:\Windows\system32\svchost.exe (Manual)
Task Scheduler Service: C:\Windows\system32\svchost.exe (Auto)
Microsoft Smartcard Certificate Propagation Service: C:\Windows\system32\svchost.exe (Manual)
Microsoft® Windows Backup Service: C:\Windows\system32\svchost.exe (Manual)
System Event Notification Service (SENS): C:\Windows\system32\svchost.exe (Auto)
Serenum Filter Driver: C:\Windows\system32\drivers\serenum.sys (Manual)
Serial Port Driver: C:\Windows\system32\drivers\serial.sys (Manual)
Serial Mouse Driver: C:\Windows\system32\drivers\sermouse.sys (Disabled)
Terminal Services Configuration service: C:\Windows\System32\svchost.exe (Manual)
SFF Storage Class Driver: C:\Windows\system32\drivers\sffdisk.sys (Disabled)
SFF Storage Protocol Driver for MMC: C:\Windows\system32\drivers\sffp_mmc.sys (Manual)
SFF Storage Protocol Driver for SDBus: C:\Windows\system32\drivers\sffp_sd.sys (Manual)
High-Capacity Floppy Disk Drive: C:\Windows\system32\drivers\sfloppy.sys (Disabled)
Microsoft NAT Helper Components: C:\Windows\System32\svchost.exe (Disabled)
Windows Shell Services Dll: C:\Windows\System32\svchost.exe (Auto)
Microsoft Software Licensing Service: C:\Windows\system32\SLsvc.exe (Auto)
Software Licensing UI Notification Service: C:\Windows\system32\svchost.exe (Manual)
Network Configuration Objects: C:\Windows\System32\DRIVERS\smb.sys (System)
SNMP Trap: C:\Windows\System32\snmptrap.exe (Manual)
srv2: C:\Windows\System32\DRIVERS\srv2.sys (Manual)
SSDP Service DLL: C:\Windows\system32\svchost.exe (Manual)
Still Image Devices Service: C:\Windows\system32\svchost.exe (Auto)
Software Bus Driver: C:\Windows\System32\DRIVERS\swenum.sys (Manual)
Microsoft® Volume Shadow Copy Service software provider: C:\Windows\System32\svchost.exe (Manual)
Superfetch Service Host: C:\Windows\system32\svchost.exe (Auto)
Microsoft Tablet PC Input Service: C:\Windows\System32\svchost.exe (Auto)
Microsoft® Windows(TM) Telephony Server: C:\Windows\System32\svchost.exe (Manual)
TBS Service: C:\Windows\System32\svchost.exe (Manual)
Network Configuration Objects: C:\Windows\System32\drivers\tcpip.sys (System)
Microsoft IPv6 Protocol Driver: C:\Windows\System32\DRIVERS\tcpip.sys (Manual)
TCP/IP Registry Compatibility: C:\Windows\System32\drivers\tcpipreg.sys (Auto)
TDPIPE: C:\Windows\System32\drivers\tdpipe.sys (Manual)
TDTCP: C:\Windows\System32\drivers\tdtcp.sys (Manual)
Network Configuration Objects: C:\Windows\System32\DRIVERS\tdx.sys (System)
Terminal Device Driver: C:\Windows\System32\DRIVERS\termdd.sys (System)
Terminal Server Remote Connections Manager: C:\Windows\System32\svchost.exe (Auto)
Windows Shell Services Dll: C:\Windows\System32\svchost.exe (Auto)
Multimedia Class Scheduler Service: C:\Windows\system32\svchost.exe (Manual)
Terminal Services Security Filter Driver: C:\Windows\System32\DRIVERS\tssecsrv.sys (Manual)
Microsoft Tun Miniport Adapter Driver: C:\Windows\System32\DRIVERS\tunmp.sys (Manual)
Microsoft IPv6 Tunnel Miniport Adapter Driver: C:\Windows\System32\DRIVERS\tunnel.sys (Manual)
TVICHW64: C:\Windows\SysWOW64\Drivers\TVICHW64.SYS (Manual)
Microsoft AGPv3.5 Filter: C:\Windows\system32\drivers\uagp35.sys (Manual)
udfs: C:\Windows\System32\DRIVERS\udfs.sys (Disabled)
Interactive services detection: C:\Windows\system32\UI0Detect.exe (Manual)
Uli AGP Bus Filter: C:\Windows\system32\drivers\uliagpkx.sys (Manual)
UMBus Enumerator Driver: C:\Windows\System32\DRIVERS\umbus.sys (Manual)
Terminal Server Device Redirector Service: C:\Windows\System32\svchost.exe (Manual)
UPnP Device Host: C:\Windows\system32\svchost.exe (Auto)
USB Audio Driver (WDM): C:\Windows\System32\drivers\usbaudio.sys (Manual)
Microsoft USB Generic Parent Driver: C:\Windows\System32\DRIVERS\usbccgp.sys (Manual)
eHome Infrared Receiver (USBCIR): C:\Windows\system32\drivers\usbcir.sys (Disabled)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: C:\Windows\System32\DRIVERS\usbehci.sys (Manual)
USB2 Enabled Hub: C:\Windows\System32\DRIVERS\usbhub.sys (Manual)
Microsoft USB Open Host Controller Miniport Driver: C:\Windows\system32\drivers\usbohci.sys (Disabled)
Microsoft USB PRINTER Class: C:\Windows\System32\DRIVERS\usbprint.sys (Manual)
USB Scanner Driver: C:\Windows\System32\DRIVERS\usbscan.sys (Manual)
USB Mass Storage Driver: C:\Windows\System32\DRIVERS\USBSTOR.SYS (Manual)
Microsoft USB Universal Host Controller Miniport Driver: C:\Windows\System32\DRIVERS\usbuhci.sys (Manual)
Desktop Window Manager: C:\Windows\System32\svchost.exe (Auto)
Virtual Disk Service: C:\Windows\System32\vds.exe (Manual)
Volume Manager Driver: C:\Windows\System32\drivers\volmgr.sys (Boot)
Dynamic Volume Manager: C:\Windows\System32\drivers\volmgrx.sys (Boot)
Storage volumes: C:\Windows\System32\drivers\volsnap.sys (Boot)
Microsoft® Volume Shadow Copy Service: C:\Windows\system32\vssvc.exe (Manual)
Windows Time Service: C:\Windows\system32\svchost.exe (Auto)
Wacom Serial Pen HID Driver: C:\Windows\system32\drivers\wacompen.sys (Disabled)
Remote Access IP ARP Driver: C:\Windows\System32\DRIVERS\wanarp.sys (Manual)
Remote Access IPv6 ARP Driver: C:\Windows\System32\DRIVERS\wanarp.sys (System)
Microsoft® Block Level Backup Engine Service EXE: C:\Windows\system32\wbengine.exe (Manual)
Windows Connect Now - Config Registrar Service: C:\Windows\System32\svchost.exe (Manual)
WcsPlugInService DLL: C:\Windows\system32\svchost.exe (Manual)
Microsoft Watchdog Timer Driver: C:\Windows\system32\drivers\wd.sys (Disabled)
Kernel Mode Driver Frameworks service: C:\Windows\System32\drivers\Wdf01000.sys (Boot)
Web DAV Service DLL: C:\Windows\system32\svchost.exe (Auto)
Event Collector Service: C:\Windows\system32\svchost.exe (Manual)
Problem Reports and Solutions: C:\Windows\System32\svchost.exe (Manual)
Windows Error Reporting Service: C:\Windows\System32\svchost.exe (Auto)
WinDefend: C:\Windows\System32\svchost.exe (Auto)
Windows HTTP Services: C:\Windows\system32\svchost.exe (Manual)
WMI: C:\Windows\system32\svchost.exe (Auto)
WSMan Service: C:\Windows\System32\svchost.exe (Manual)
Windows WLAN AutoConfig Service DLL: C:\Windows\system32\svchost.exe (Manual)
Microsoft Windows Management Interface for ACPI: C:\Windows\system32\drivers\wmiacpi.sys (Disabled)
WMI Performance Reverse Adapter: C:\Windows\system32\wbem\WmiApSrv.exe (Manual)
WMPNetworkSvc: C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Manual)
WPC Filtering Service: C:\Windows\system32\svchost.exe (Manual)
Portable Device Enumerator: C:\Windows\system32\svchost.exe (Auto)
Winsock IFS driver: C:\Windows\system32\drivers\ws2ifsl.sys (Disabled)
Windows Security Center Service: C:\Windows\System32\svchost.exe (Auto)
Microsoft Windows Search Indexer: C:\Windows\system32\SearchIndexer.exe (Auto)
Windows Update Agent: C:\Windows\system32\svchost.exe (Auto)
Windows Driver Foundation - User-mode Driver Framework Service: C:\Windows\system32\svchost.exe (Auto)
XAudioService: C:\Windows\system32\DRIVERS\xaudio64.exe (Auto)

--------------------------------------------------
End of report
Report generated in 0,921 seconds

--------------------------------------------------

here is my xml log

<?xml version="1.0" encoding="Windows-1252" ?>
- <a2hijackfreelog>
<version>3.0.0.406</version>
<datecreated>2007-10-30 04:08</datecreated>
<language>en-us</language>
<ie_version>7.0.6000.16546</ie_version>
<os />
<os_version>6.06000</os_version>
<programpath>C:\Program Files (x86)</programpath>
<startuppath>C:\Users\Lets Play\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</startuppath>
<systempath>C:\Windows\system32</systempath>
<winpath>C:\Windows\</winpath>
- <autoruns>
- <autorun Category="Registry">
<name>eConceal IPC</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\eConceal\econipc.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>BCWipeTM Startup</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\Jetico\BCWipe\BCWipeTM.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>gi1640993429</name>
<location>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</location>
<filepath>C:\Users\LETSPL~1\AppData\Local\Temp\giH0UMS0.exe</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>system.ini</location>
<name>shell</name>
<filepath>explorer.exe</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>system.ini</location>
<name>scrnsave.exe</name>
<filepath>%systempath%\logon.scr</filepath>
</autorun>
- <autorun Category="autostartmenu">
<name>VersionTrackerPro</name>
<location>%startuppath%\</location>
</autorun>
- <autorun Category="autostartmenu">
<name>SA</name>
<location>%winpath%tasks\</location>
</autorun>
- <autorun Category="autostartmenu">
<name>SCHEDLGU</name>
<location>%winpath%tasks\</location>
</autorun>
- <autorun Category="tricky">
<name>Shell</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\</location>
<filepath>explorer.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%systempath%\unregmp2.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{26923b43-4d38-484f-9b9e-de460746276c}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%winpath%SysWOW64\ie4uinit.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP</filepath>
</autorun>
- <autorun Category="tricky">
<name>{2C7339CF-2B09-4501-B3F3-F3508C9228ED}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%systempath%\regsvr32.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{44BBA840-CC51-11CF-AAFA-00AA00B6015C}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%programpath%\Windows Mail\WinMail.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{6BF52A52-394A-11d3-B153-00C04F79FAA6}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%systempath%\unregmp2.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{89820200-ECBD-11cf-8B85-00AA005B4340}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>regsvr32.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{89820200-ECBD-11cf-8B85-00AA005B4383}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%winpath%SysWOW64\ie4uinit.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{89B4C1CD-B018-4511-B0A1-5476DBF70820}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%winpath%SysWOW64\Rundll32.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>VBScript Script File</name>
<location>HKEY_CLASSES_ROOT\vbsfile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>VBScript Encoded File</name>
<location>HKEY_CLASSES_ROOT\vbefile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>JScript Script File</name>
<location>HKEY_CLASSES_ROOT\jsfile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>JScript Encoded File</name>
<location>HKEY_CLASSES_ROOT\jsefile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>Windows Script Host Settings File</name>
<location>HKEY_CLASSES_ROOT\wshfile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>Windows Script File</name>
<location>HKEY_CLASSES_ROOT\wsffile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>Application</name>
<location>HKEY_CLASSES_ROOT\exefile\shell\open\command\</location>
<filepath>%1</filepath>
</autorun>
- <autorun Category="tricky">
<name>MS-DOS Application</name>
<location>HKEY_CLASSES_ROOT\comfile\shell\open\command\</location>
<filepath>%1</filepath>
</autorun>
- <autorun Category="tricky">
<name>Windows Batch File</name>
<location>HKEY_CLASSES_ROOT\batfile\shell\open\command\</location>
<filepath>%1</filepath>
</autorun>
- <autorun Category="tricky">
<name>Screen Saver</name>
<location>HKEY_CLASSES_ROOT\scrfile\shell\open\command\</location>
<filepath>%1</filepath>
</autorun>
- <autorun Category="tricky">
<name>Shortcut to MS-DOS Program</name>
<location>HKEY_CLASSES_ROOT\piffile\shell\open\command\</location>
<filepath>%1</filepath>
</autorun>
- <autorun Category="tricky">
<name>SCRNSAVE.EXE</name>
<location>HKEY_CURRENT_USER\Control Panel\Desktop\</location>
<filepath>%systempath%\logon.scr</filepath>
</autorun>
- <autorun Category="tricky">
<name>WebCheck</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\</location>
<filepath />
</autorun>
</autoruns>
- <addons>
- <addon Category="shellextension">
<clsid>{0DF44EAA-FF21-4412-828E-260A8728E7F1}</clsid>
<name>Taskbar and Start Menu</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}</clsid>
<name>Search</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}</clsid>
<name>Help and Support</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}</clsid>
<name>Windows Security</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}</clsid>
<name>Run...</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}</clsid>
<name>Internet</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}</clsid>
<name>E-mail</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}</clsid>
<name>Set Program Access and Defaults</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3080F90D-D7AD-11D9-BD98-0000947B0257}</clsid>
<name>Show Desktop</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3080F90E-D7AD-11D9-BD98-0000947B0257}</clsid>
<name>Window Switcher</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{eb124705-128b-40d4-8dd8-d93ed12589a4}</clsid>
<name>WPL property store</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3c2654c6-7372-4f6b-b310-55d6128f49d2}</clsid>
<name>Alphabetical Categorizer</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{9DBD2C50-62AD-11d0-B806-00C04FD706EC}</clsid>
<name>Property Thumbnail Handler</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{708e1662-b832-42a8-bbe1-0a77121e3908}</clsid>
<name>Tree property value folder</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{71f96385-ddd6-48d3-a0c1-ae06e8b055fb}</clsid>
<name>Explorer Browser</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{b2952b16-0e07-4e5a-b993-58c52cb94cae}</clsid>
<name>DB Folder</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{437ff9c0-a07f-4fa0-af80-84b6c6440a16}</clsid>
<name>Command Folder</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{90f8c90b-04e0-4e92-a186-e6e9c125d664}</clsid>
<name>Property Labels</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{1b24a030-9b20-49bc-97ac-1be4426f9e59}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{34449847-FD14-4fc8-A75A-7432F5181EFB}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{C8494E42-ACDD-4739-B0FB-217361E4894F}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{E29F9716-5C08-4FCD-955A-119FDB5A522D}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{D20EA4E1-3957-11d2-A40B-0C5020524152}</clsid>
<name>Fonts</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{D20EA4E1-3957-11d2-A40B-0C5020524153}</clsid>
<name>Administrative Tools</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{b155bdf8-02f0-451e-9a26-ae317cfd7779}</clsid>
<name>delegate folder that appears in Computer</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{DFFACDC5-679F-4156-8947-C5C76BC0B67F}</clsid>
<name>delegate folder that appears in Users Files Folder</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{ed50fc29-b964-48a9-afb3-15ebb9b97f36}</clsid>
<name>printhood delegate folder</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{328B0346-7EAF-4BBE-A479-7CB88A095F5B}</clsid>
<name>LayoutFolder</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}</clsid>
<name>Control Panel command object for Start menu</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{E44E5D18-0652-4508-A4E2-8A090067BCB0}</clsid>
<name>Default Programs command object for Start menu</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{4336a54d-038b-4685-ab02-99bb52d3fb8b}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{00021401-0000-0000-C000-000000000046}</clsid>
<name>Shortcut</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{C73F6F30-97A0-4AD1-A08F-540D4E9BC7B9}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{0AFCCBA6-BF90-4A4E-8482-0AC960981F5B}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{66742402-F9B9-11D1-A202-0000F81FEDEE}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}</clsid>
<name>Common Places FS Folder</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{865e5e76-ad83-4dca-a109-50dc2113ce9a}</clsid>
<name>Programs Folder and Fast Items</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{21ec2020-3aea-1069-a2dd-08002b30309d}</clsid>
<name>Control Panel</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{25585dc7-4da0-438d-ad04-e42c8d2d64b9}</clsid>
<name>Client application shell extension</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}</clsid>
<name>Folder Options</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{a42c2ccb-67d3-46fa-abe6-7d2f3488c7a3}</clsid>
<name>Microsoft Windows RTF Preview Handler</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{1531d583-8375-4d3f-b5fb-d23bbd169f22}</clsid>
<name>Microsoft Windows TXT Preview Handler</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{2206CDB2-19C1-11D1-89E0-00C04FD7A829}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{0D45D530-764B-11d0-A1CA-00AA00C16E65}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\dsuiext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{62AE1F9A-126A-11D0-A14B-0800361B1103}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\dsuiext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{8A23E65E-31C2-11d0-891C-00A024AB2DBB}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\dsquery.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\dsquery.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\dsquery.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{F020E586-5264-11d1-A532-0000F8757D7E}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\dsquery.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}</clsid>
<name>Security Shell Extension</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>rshx32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{1F2E5C40-9550-11CE-99D2-00AA006E086C}</clsid>
<name>Security Shell Extension</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>rshx32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{97e467b4-98c6-4f19-9588-161b7773d6f6}</clsid>
<name>Office Document Property Handler</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\propsys.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{40dd6e20-7c17-11ce-a804-00aa003ca9f6}</clsid>
<name>Shell extensions for sharing</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>ntshrui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}</clsid>
<name>Shell extensions for sharing</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>ntshrui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{77597368-7b15-11d0-a0c2-080036af3f03}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}</clsid>
<name>Computers and Devices</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\NetworkExplorer.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{E7DE9B1A-7533-4556-9484-B26FB486475E}</clsid>
<name>Network Map</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7A80E4A8-8005-11D2-BCF8-00C04F72C717}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{7007ACC7-3202-11D1-AAD2-00805FC1270E}</clsid>
<name>Network Connections</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\netshell.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{992CFFA0-F557-101A-88EC-00DD010CCC48}</clsid>
<name>Network Connections</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\netshell.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}</clsid>
<name>IGD Property Page</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\icsigd.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{74246bfc-4c96-11d0-abef-0020af6b0b7a}</clsid>
<name>Device Manager</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\devmgr.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7A979262-40CE-46ff-AEEE-7884AC3B6136}</clsid>
<name>Add New Hardware</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}</clsid>
<name>Mail Service</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\sendmail.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}</clsid>
<name>Desktop Shortcut</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\sendmail.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{25336920-03f9-11cf-8fd0-00aa00686f13}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{92dbad9f-5025-49b0-9078-2d78f935e341}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{b9815375-5d7f-4ce2-9245-c9d4da436930}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{f8b8412b-dea3-4130-b36c-5e8be73106ac}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{5FA29220-36A1-40f9-89C6-F4B384B7642E}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{FBF23B40-E3F0-101B-8488-00AA003E56F8}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{3C374A40-BAE4-11CF-BF7D-00AA006946EE}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{FF393560-C2A7-11CF-BFF4-444553540000}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
Kevyaeger72
Active Member
 
Posts: 9
Joined: October 11th, 2007, 11:59 pm

Unread postby silver » October 30th, 2007, 7:39 am

Hi Kevyaeger72,

Please open this page in your browser:
http://www.bleepingcomputer.com/submit- ... channel=32

Please fill in the link to topic field with a link to this topic
Copy/paste this filename into the Browse to the file you want to submit field:
C:\Windows\System32\Explorer.exe
Then press Send File, this will upload the file for analysis

I recommend you get further help with your partitioning software because there is no reason that a partition can't be removed apart from perhaps a faulty hard drive. Malware cannot stop you removing a partition, however you can't remove the partition the operating system is running from, and for full access to the entire drive a boot CD is best. Either try the software developer's website or a PC troubleshooting forum such as PC Pitstop

Please tell me where in the log you have seen hijackers.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware