Author Topic: I am going crazy!! My kids have school projects to do and we a (Read 1432 times)

KristyHillman · « **on:** November 11, 2006, 02:30:29 AM »

I need help before I go insane

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> ...lol. Anyway, I would so much appreciate any info on what to do. Seems to me like this virus worm or whatever could be running under several svchost.exe where I can't Identify the problem. There are unidentifiable dlls on my system when I look at the properties. Zonealarm keeps locking up in the middle of scans. It hasn't completely taken control. Spy sweeper is corrupt from this so running this is not an option.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' /> I think there is a spooler sub system running because I cant shut spooer off not even with msconfig. My system restore won't work at all I have tried for days....exhausted. I have copied my hijackthis file for anyone to see and help us.

I wish I would have thought of you guys sooner.

Thanks from Kristy & my boy Matt.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Logfile of HijackThis v1.99.1
Scan saved at 1:06:51 AM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Stephan\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Owner\My Documents\New Folder\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{580E4B20-B1C4-4D44-8053-ABDBB883178D}: NameServer = 207.254.192.2 207.254.192.3
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

guestolo · « **Reply #1 on:** November 11, 2006, 03:35:58 AM »

If you are disabling entries on startup, please reenable everything so I can see all run startups

Can you do the following
Download [color=\"red\"]SDFix[/color] and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop.
We'll need it later

Then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Once in safe mode
* Clean your Cache and Cookies in IE:

Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window

Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
[/list]* Clean other Temporary files + Recycle bin

Go to start > run and type:

cleanmgr and click ok.

Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
ALLOW the computer to reboot back to Normal Windows
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.

Post back "Report.txt" from SDFix

Additionally, can you also do the following

Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please
Do NOT let SpySweeper interfere with any of the fixes or reports of the above

KristyHillman · « **Reply #2 on:** November 11, 2006, 08:00:37 PM »

[quote name=\'guestolo\' post=\'236850\' date=\'Nov 11 2006, 02:35 AM\']If you are disabling entries on startup, please reenable everything so I can see all run startups

Can you do the following
Download [color=\"red\"]SDFix[/color] and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop.
We'll need it later

Then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Once in safe mode
* Clean your Cache and Cookies in IE:

Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window

Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
[/list]* Clean other Temporary files + Recycle bin

Go to start > run and type:

cleanmgr and click ok.

Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
ALLOW the computer to reboot back to Normal Windows
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.

Post back "Report.txt" from SDFix

Additionally, can you also do the following

Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please
Do NOT let SpySweeper interfere with any of the fixes or reports of the above[/quote]

guestolo · « **Reply #3 on:** November 11, 2006, 08:02:29 PM »

Yup, that's what I said, if you can follow up with those instructions
We will proceed

~*Blak*~ · « **Reply #4 on:** November 11, 2006, 08:08:17 PM »

i think i know how to help u...first u gotta get ur kids to eat the proccesor...lol jp heres a bump for u and good luck

KristyHillman · « **Reply #5 on:** November 11, 2006, 08:36:59 PM »

[quote name=\'guestolo\' post=\'237462\' date=\'Nov 11 2006, 07:02 PM\']Yup, that's what I said, if you can follow up with those instructions
We will proceed[/quote]

Thanks Guestolo- I will help wit the war on malware as soon as I am secure. Thanks for checking back. Since I do have little monsters....lol, it has taken me all day just to do this simple thing. I apoligize and thank you. Here is the result of the report

SDFix: Version 1.36
-------------------

Scan run on:
06-11-11

Time:
17:28

Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\Owner\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----

Path:
----

Repairing Registry...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------

Backing Up and Removing any Files Found...

Final Check:

Services:
---------

Files:
------

Any files removed are saved to the SDFix\backups Folder
SDFix: Version 1.36
-------------------

Scan run on:
06-11-11

Time:
17:28

Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\Owner\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----

Path:
----

Repairing Registry...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------

Backing Up and Removing any Files Found...

Final Check:

Services:
---------

Files:
------

Any files removed are saved to the SDFix\backups Folder

FINISHED

FINISHED

[font=\"Comic Sans MS\"]Ok- that was that. I looked in the baxkup folder and it said there were no files to extract. I reenabled all my files as instructed.

Logfile of HijackThis v1.99.1
Scan saved at 19:31, on 06-11-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)[/font]

[font=\"Comic Sans MS\"]Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\GhostSurf 2005\Proxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Documents and Settings\Stephan\Desktop\HijackThis.exe[/font]

[font=\"Comic Sans MS\"]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/search?ei=utf-8&am...;p=thetechguide
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Owner\My Documents\New Folder\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [GhostSurfDelSatellite] C:\Program Files\GhostSurf 2005\DeleteSatellite.exe
O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{580E4B20-B1C4-4D44-8053-ABDBB883178D}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

I also have downloaded the combo fix. I will run it now.
I ran it earlier. Seems like it was stuck or something. I will Try again. Thanks for checking on me Gustolo!!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

And bapeman.....that made me sad

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> but I know you are only kidding. [/font]

[font=\"Comic Sans MS\"]

[/font]

KristyHillman · « **Reply #6 on:** November 11, 2006, 09:18:41 PM »

Ok Gustolo---Here it is. Also..Symantec is not on this computer anymore although I see the remnants of it. Let me know what I need to do for this problem. And again, Thank you very much.

Owner - 06-11-11 19:53:32.36 Service Pack 2

ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))

2006-11-11   16:12   6,736   --a------   C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2006-11-11   11:21   55,888   --a------   C:\WINDOWS\system32\drivers\Teefer.sys
2006-11-11   11:21   55,888   --a------   C:\WINDOWS\system32\drivers\Teefer.sys
2006-11-11   11:21   18,515   --a------   C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-11-11   11:21   18,515   --a------   C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-11-11   11:21   11,914   --a------   C:\WINDOWS\system32\drivers\wg3n.sys
2006-11-11   11:21   11,914   --a------   C:\WINDOWS\system32\drivers\wg3n.sys
2006-11-11   10:13   5,760   ---------   C:\WINDOWS\system32\SophosMEMSWEEP.SYS
2006-11-11   10:13   5,760   ---------   C:\WINDOWS\system32\SophosMEMSWEEP.SYS
2006-11-10   07:51   94,208   --a------   C:\WINDOWS\system32\HPZipt12.dll
2006-11-10   07:51   94,208   --a------   C:\WINDOWS\system32\HPZipt12.dll
2006-11-10   07:51   69,632   --a------   C:\WINDOWS\system32\HPZipm12.exe
2006-11-10   07:51   69,632   --a------   C:\WINDOWS\system32\HPZipm12.exe
2006-11-10   07:51   61,440   --a------   C:\WINDOWS\system32\HPZinw12.exe
2006-11-10   07:51   61,440   --a------   C:\WINDOWS\system32\HPZinw12.exe
2006-11-10   07:51   57,344   --a------   C:\WINDOWS\system32\HPZisn12.dll
2006-11-10   07:51   57,344   --a------   C:\WINDOWS\system32\HPZisn12.dll
2006-11-10   07:51   278,584   --a------   C:\WINDOWS\system32\HPZidr12.dll
2006-11-10   07:51   278,584   --a------   C:\WINDOWS\system32\HPZidr12.dll
2006-11-10   07:51   204,800   --a------   C:\WINDOWS\system32\HPZipr12.dll
2006-11-10   07:51   204,800   --a------   C:\WINDOWS\system32\HPZipr12.dll
2006-11-10   07:51   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-10   07:51   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-10   07:21   51,120   --a------   C:\WINDOWS\system32\drivers\HPZid412.sys
2006-11-10   07:21   51,120   --a------   C:\WINDOWS\system32\drivers\HPZid412.sys
2006-11-10   07:21   21,744   --a------   C:\WINDOWS\system32\drivers\HPZius12.sys
2006-11-10   07:21   21,744   --a------   C:\WINDOWS\system32\drivers\HPZius12.sys
2006-11-10   07:21   16,496   --a------   C:\WINDOWS\system32\drivers\HPZipr12.sys
2006-11-10   07:21   16,496   --a------   C:\WINDOWS\system32\drivers\HPZipr12.sys
2006-11-10   07:18   581,632   --a------   C:\WINDOWS\system32\hpotscl.dll
2006-11-10   07:18   581,632   --a------   C:\WINDOWS\system32\hpotscl.dll
2006-11-10   07:18   278,528   --a------   C:\WINDOWS\system32\hpgwiamd.dll
2006-11-10   07:18   278,528   --a------   C:\WINDOWS\system32\hpgwiamd.dll
2006-11-10   07:18   274,432   --a------   C:\WINDOWS\system32\HPZc3212.dll
2006-11-10   07:18   274,432   --a------   C:\WINDOWS\system32\HPZc3212.dll
2006-11-10   07:18   229,376   --a------   C:\WINDOWS\system32\hpovst08.dll
2006-11-10   07:18   229,376   --a------   C:\WINDOWS\system32\hpovst08.dll
2006-11-10   07:15   393,216   --a------   C:\WINDOWS\system32\hpzcon12.dll
2006-11-10   07:15   393,216   --a------   C:\WINDOWS\system32\hpzcon12.dll
2006-11-10   07:15   196,608   --a------   C:\WINDOWS\system32\hpzcoi12.dll
2006-11-10   07:15   196,608   --a------   C:\WINDOWS\system32\hpzcoi12.dll
2006-11-10   07:15   139,345   --a------   C:\WINDOWS\system32\hpzlnt12.dll
2006-11-10   07:15   139,345   --a------   C:\WINDOWS\system32\hpzlnt12.dll
2006-11-05   17:46   15,360   --a------   C:\WINDOWS\system32\drivers\sshrmd.sys
2006-11-05   17:46   15,360   --a------   C:\WINDOWS\system32\drivers\sshrmd.sys
2006-11-05   17:46   14,848   --a------   C:\WINDOWS\system32\drivers\sskbfd.sys
2006-11-05   17:46   14,848   --a------   C:\WINDOWS\system32\drivers\sskbfd.sys
2006-11-05   17:46   13,824   --a------   C:\WINDOWS\system32\drivers\SSFS041A.sys
2006-11-05   17:46   13,824   --a------   C:\WINDOWS\system32\drivers\SSFS041A.sys
2006-11-05   17:46   117,248   --a------   C:\WINDOWS\system32\drivers\ssidrv.sys
2006-11-05   17:46   117,248   --a------   C:\WINDOWS\system32\drivers\ssidrv.sys
2006-11-05   02:37   82,432   -ra------   C:\WINDOWS\system32\MSXML4r.dll
2006-11-05   02:37   82,432   -ra------   C:\WINDOWS\system32\MSXML4r.dll
2006-11-05   02:37   626,960   -ra------   C:\WINDOWS\system32\hpvaut32.dll
2006-11-05   02:37   626,960   -ra------   C:\WINDOWS\system32\hpvaut32.dll
2006-11-05   02:37   487,424   -ra------   C:\WINDOWS\system32\hpvcp70.dll
2006-11-05   02:37   487,424   -ra------   C:\WINDOWS\system32\hpvcp70.dll
2006-11-05   02:37   44,544   -ra------   C:\WINDOWS\system32\MSXML4a.dll
2006-11-05   02:37   44,544   -ra------   C:\WINDOWS\system32\MSXML4a.dll
2006-11-05   02:37   344,064   -ra------   C:\WINDOWS\system32\hpvcr70.dll
2006-11-05   02:37   344,064   -ra------   C:\WINDOWS\system32\hpvcr70.dll
2006-11-05   02:37   1,230,336   -ra------   C:\WINDOWS\system32\MSXML4.dll
2006-11-05   02:37   1,230,336   -ra------   C:\WINDOWS\system32\MSXML4.dll
2006-11-05   01:44   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2006-11-05   01:44   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2006-11-05   01:44   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2006-11-05   01:44   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2006-11-05   01:44   38,912   ---------   C:\WINDOWS\system32\picn20.dll
2006-11-05   01:44   38,912   ---------   C:\WINDOWS\system32\picn20.dll
2006-11-05   01:44   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2006-11-05   01:44   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2006-11-05   01:44   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2006-11-05   01:44   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2006-11-05   01:44   24,064   ---------   C:\WINDOWS\system32\msxml3a.dll
2006-11-05   01:44   24,064   ---------   C:\WINDOWS\system32\msxml3a.dll
2006-11-05   01:44   2,293,760   ---------   C:\WINDOWS\UNNeroVision.exe
2006-11-05   01:44   2,293,760   ---------   C:\WINDOWS\UNNeroVision.exe
2006-11-05   01:44   106,496   ---------   C:\WINDOWS\system32\TwnLib20.dll
2006-11-05   01:44   106,496   ---------   C:\WINDOWS\system32\TwnLib20.dll
2006-11-05   01:44   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2006-11-05   01:44   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2006-11-05   01:39   2,277,376   ---------   C:\WINDOWS\UNNMP.exe
2006-11-05   01:39   2,277,376   ---------   C:\WINDOWS\UNNMP.exe
2006-11-05   01:38   417,792      C:\WINDOWSNero PhotoShow.scr
2006-11-05   01:38   417,792      C:\WINDOWSNero PhotoShow.scr
2006-11-05   01:36   93,440   ---------   C:\WINDOWS\system32\drivers\InCDfs.sys
2006-11-05   01:36   93,440   ---------   C:\WINDOWS\system32\drivers\InCDfs.sys
2006-11-05   01:36   7,680   ---------   C:\WINDOWS\system32\drivers\InCDrec.sys
2006-11-05   01:36   7,680   ---------   C:\WINDOWS\system32\drivers\InCDrec.sys
2006-11-05   01:36   28,672   ---------   C:\WINDOWS\system32\drivers\InCDpass.sys
2006-11-05   01:36   28,672   ---------   C:\WINDOWS\system32\drivers\InCDpass.sys
2006-11-05   01:36   2,146,304   ---------   C:\WINDOWS\NuNinst.exe
2006-11-05   01:36   2,146,304   ---------   C:\WINDOWS\NuNinst.exe
2006-11-04   11:13   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2006-11-04   11:13   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2006-11-04   11:13   121,856   ---------   C:\WINDOWS\system32\xmllite.dll
2006-11-04   11:13   121,856   ---------   C:\WINDOWS\system32\xmllite.dll
2006-11-02   21:22   77,824   --a------   C:\WINDOWS\system32\driverif.dll
2006-11-02   21:22   77,824   --a------   C:\WINDOWS\system32\driverif.dll
2006-11-02   21:22   75,776   --a------   C:\WINDOWS\zllsputility.exe
2006-11-02   21:22   75,776   --a------   C:\WINDOWS\zllsputility.exe
2006-11-02   21:22   733,236   --a------   C:\WINDOWS\system32\vete.dll
2006-11-02   21:22   733,236   --a------   C:\WINDOWS\system32\vete.dll
2006-11-02   21:22   541,733   --a------   C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-11-02   21:22   541,733   --a------   C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-11-02   21:22   21,605   --a------   C:\WINDOWS\system32\drivers\vet-filt.sys
2006-11-02   21:22   21,605   --a------   C:\WINDOWS\system32\drivers\vet-filt.sys
2006-11-02   21:22   15,668   --a------   C:\WINDOWS\system32\drivers\vet-rec.sys
2006-11-02   21:22   15,668   --a------   C:\WINDOWS\system32\drivers\vet-rec.sys
2006-11-02   21:22   12,288   --a------   C:\WINDOWS\system32\vetntmsg.dll
2006-11-02   21:22   12,288   --a------   C:\WINDOWS\system32\vetntmsg.dll
2006-11-02   21:22   11,264   --a------   C:\WINDOWS\system32\SpOrder.dll
2006-11-02   21:22   11,264   --a------   C:\WINDOWS\system32\SpOrder.dll
2006-11-02   21:22   108,453   --a------   C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-11-02   21:22   108,453   --a------   C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-10-24   00:34   306,688   --a------   C:\WINDOWS\IsUninst.exe
2006-10-24   00:34   306,688   --a------   C:\WINDOWS\IsUninst.exe
2006-10-24   00:15   36,864   --a------   C:\WINDOWS\system32\ANIOApi.dll
2006-10-24   00:15   36,864   --a------   C:\WINDOWS\system32\ANIOApi.dll
2006-10-24   00:15   28,205   --a------   C:\WINDOWS\system32\ANIO.sys
2006-10-24   00:15   28,205   --a------   C:\WINDOWS\system32\ANIO.sys
2006-10-24   00:15   131,072   --a------   C:\WINDOWS\system32\WlanApp.dll
2006-10-24   00:15   131,072   --a------   C:\WINDOWS\system32\WlanApp.dll
2006-10-24   00:15   11,904   --a------   C:\WINDOWS\system32\anio4.sys
2006-10-24   00:15   11,904   --a------   C:\WINDOWS\system32\anio4.sys
2006-10-21   10:43   86,016   --a------   C:\WINDOWS\unvise32qt.exe
2006-10-21   10:43   86,016   --a------   C:\WINDOWS\unvise32qt.exe
2006-10-21   10:42   38,229   ---------   C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-10-21   10:42   38,229   ---------   C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-10-21   09:17   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-21   09:17   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-21   09:17   26,496   --a------   C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-21   09:17   26,496   --a------   C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-21   09:17   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-21   09:17   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-17   13:33   6,049,280   ---------   C:\WINDOWS\system32\ieframe.dll
2006-10-17   13:33   6,049,280   ---------   C:\WINDOWS\system32\ieframe.dll
2006-10-17   13:33   50,688   ---------   C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17   13:33   50,688   ---------   C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17   13:33   458,752   ---------   C:\WINDOWS\system32\msfeeds.dll
2006-10-17   13:33   458,752   ---------   C:\WINDOWS\system32\msfeeds.dll
2006-10-17   13:33   180,736   ---------   C:\WINDOWS\system32\ieui.dll
2006-10-17   13:33   180,736   ---------   C:\WINDOWS\system32\ieui.dll
2006-10-17   13:05   206,336   ---------   C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17   13:05   206,336   ---------   C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17   13:01   13,312   --a------   C:\WINDOWS\system32\ieudinit.exe
2006-10-17   13:01   13,312   --a------   C:\WINDOWS\system32\ieudinit.exe
2006-10-17   12:58   61,952   ---------   C:\WINDOWS\system32\icardie.dll
2006-10-17   12:58   61,952   ---------   C:\WINDOWS\system32\icardie.dll
2006-10-17   12:58   12,288   ---------   C:\WINDOWS\system32\msfeedssync.exe
2006-10-17   12:58   12,288   ---------   C:\WINDOWS\system32\msfeedssync.exe
2006-10-17   12:57   266,752   ---------   C:\WINDOWS\system32\iertutil.dll
2006-10-17   12:57   266,752   ---------   C:\WINDOWS\system32\iertutil.dll
2006-10-17   12:27   380,928   ---------   C:\WINDOWS\system32\ieapfltr.dll
2006-10-17   12:27   380,928   ---------   C:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-11 18:41   --------   d--------   C:\Documents and Settings\Owner\Application Data\MSN6
2006-11-11 11:11   --------   d--------   C:\Documents and Settings\Owner\Application Data\VCOM
2006-11-11 10:54   --------   d--------   C:\Documents and Settings\Owner\Application Data\Tenebril
2006-11-11 10:39   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2006-11-11 10:39   --------   d--------   C:\Program Files\VCOM
2006-11-11 10:34   --------   d--------   C:\Program Files\GhostSurf 2005
2006-11-11 02:22   --------   d---s----   C:\Documents and Settings\Owner\Application Data\Microsoft
2006-11-11 02:21   35840   --a------   C:\WINDOWS\system32\rcimlby.exe
2006-11-11 02:02   --------   d--------   C:\Program Files\PerformanceTest
2006-11-10 22:19   --------   d-a--c---   C:\Program Files\Common Files\Symantec Shared
2006-11-10 22:18   --------   d--------   C:\Program Files\LiveUpdate Administration
2006-11-10 08:05   --------   d--------   C:\Program Files\Common Files\HP
2006-11-10 07:59   --------   d--------   C:\Program Files\HP
2006-11-10 07:59   --------   d--------   C:\Program Files\Hewlett-Packard
2006-11-09 20:37   --------   d--------   C:\Documents and Settings\Owner\Application Data\Help
2006-11-09 08:15   --------   d--------   C:\Documents and Settings\Owner\Application Data\Ahead
2006-11-08 18:22   502272   --a------   C:\WINDOWS\system32\winlogon.exe
2006-11-05 17:37   --------   d--------   C:\Program Files\MSN
2006-11-05 13:51   --------   d--------   C:\Documents and Settings\Owner\Application Data\MSNInstaller
2006-11-05 01:44   --------   d--------   C:\Program Files\Ahead
2006-11-04 11:29   --------   d--------   C:\Program Files\Internet Explorer
2006-11-03 01:07   --------   d--------   C:\Program Files\Duplicate File Finder
2006-11-02 23:51   --------   d--------   C:\Program Files\Common Files\Services
2006-11-02 21:33   --------   d--------   C:\Documents and Settings\Owner\Application Data\MailFrontier
2006-11-02 17:47   --------   d--------   C:\Program Files\Common Files
2006-11-01 22:38   --------   d--------   C:\Documents and Settings\Owner\Application Data\Adobe
2006-10-28 12:39   --------   d--------   C:\Program Files\MSN Messenger
2006-10-21 10:43   --------   d--------   C:\Program Files\QuickTime
2006-10-21 08:17   --------   d--------   C:\Program Files\Common Files\Smith Micro Shared
2006-10-21 08:16   --------   d--------   C:\Program Files\iTunes
2006-10-21 08:16   --------   d--------   C:\Program Files\CheckIt
2006-10-20 17:25   --------   d--------   C:\Documents and Settings\Owner\Application Data\Apple Computer
2006-10-17 22:56   --------   d--------   C:\Documents and Settings\Owner\Application Data\Palo Alto Software Inc
2006-10-17 13:33   413696   --a------   C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33   231424   --a------   C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33   156160   --a------   C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06   78336   --a------   C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05   40960   --a------   C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05   105984   --a------   C:\WINDOWS\system32\url.dll
2006-10-17 13:04   101376   --a------   C:\WINDOWS\system32\occache.dll
2006-10-17 13:03   17408   --a------   C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01   71680   --a------   C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01   55296   --a------   C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01   382976   --a------   C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01   229376   --a------   C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01   152064   --a------   C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:00   54784   --a------   C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00   43008   --a------   C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00   123904   --a------   C:\WINDOWS\system32\advpack.dll
2006-10-17 12:57   36352   --a------   C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56   45568   --a------   C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28   48128   --a------   C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:23   161792   --a------   C:\WINDOWS\system32\ieakui.dll
2006-10-13 06:54   --------   d--------   C:\Program Files\Adobe
2006-10-10 13:18   --------   d--------   C:\Program Files\Webroot
2006-10-10 13:18   --------   d--------   C:\Documents and Settings\Owner\Application Data\Webroot
2006-10-10 13:14   --------   d--------   C:\Program Files\Lavasoft
2006-10-10 13:14   --------   d--------   C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-10-10 12:19   --------   d--h-----   C:\Program Files\Uninstall Information
2006-10-10 12:19   --------   d--------   C:\Documents and Settings\Owner\Application Data\Identities
2006-10-10 11:55   --------   d--------   C:\Program Files\Windows Media Player
2006-10-10 11:55   --------   d--------   C:\Program Files\Outlook Express
2006-10-10 11:55   --------   d--------   C:\Program Files\Common Files\System
2006-10-10 11:53   --------   d--------   C:\Program Files\Messenger
2006-10-10 06:27   62   --ahs----   C:\Documents and Settings\Owner\Application Data\desktop.ini
2006-10-09 13:51   --------   d--------   C:\Program Files\Prevx1
2006-10-02 08:00   --------   d--------   C:\Program Files\TrueSwitchMSN
2006-10-02 07:57   --------   d--------   C:\Program Files\Quicken
2006-10-02 07:57   --------   d--------   C:\Program Files\Microsoft Works
2006-10-01 09:26   --------   d--------   C:\Program Files\Microsoft Office Outlook Connector
2006-09-30 09:45   --------   d--------   C:\Program Files\Viewpoint
2006-09-30 01:23   259072   --a------   C:\Program Files\top100files.exe
2006-09-28 15:25   1158670   --a------   C:\Program Files\sarsfx.exe
2006-09-19 06:51   --------   d--------   C:\Program Files\StartupRun
2006-09-15 01:29   --------   d--------   C:\Program Files\RegCleaner

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Documents and Settings\\Owner\\My Documents\\New Folder\\iPod\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"GhostSurfDelSatellite"="C:\\Program Files\\GhostSurf 2005\\DeleteSatellite.exe"
"GhostSurf Reminder"="\"C:\\Program Files\\GhostSurf 2005\\Privacy Control Center.exe\" reminder"
"InCD"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\wrSpySweeper_06081029F0974E32A74E4438D89E256E.job
C:\WINDOWS\tasks\wrSpySweeper_53EFAF70410D40D295BD798309375FD8.job

Completion time: 06-11-11 20:02:07.97
C:\ComboFix.txt ... 06-11-11 20:02
C:\ComboFix2.txt ... 06-11-11 14:57

guestolo · « **Reply #7 on:** November 11, 2006, 09:37:47 PM »

Can you show me 2 other logs please

supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Also
Could you Download GetServices.zip
Unzip it to a folder
Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder.
getservice.txt will list all active Services

Post the getservices.txt

KristyHillman · « **Reply #8 on:** November 11, 2006, 10:21:08 PM »

Hi-- Here are my get service notepad results & the uninstall list. Thanks!!

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Alerter
   DEPENDENCIES    : LanmanWorkstation
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Application Layer Gateway Service
   DEPENDENCIES    :
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Application Management
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : ASP.NET State Service
   DEPENDENCIES    :
   SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : AudioGroup
   TAG       : 0
   DISPLAY_NAME    : Windows Audio
   DEPENDENCIES    : PlugPlay
          : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Background Intelligent Transfer Service
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 0 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 60000 seconds
          : Restart   DELAY: 60000 seconds
          : Restart   DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Computer Browser
   DEPENDENCIES    : LanmanWorkstation
          : LanmanServer
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CAISafe
(null)
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\ZoneLabs\isafe.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : CA ISafe
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccSetMgr
Settings storage and management service
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
   LOAD_ORDER_GROUP : Symantec Core Services
   TAG       : 0
   DISPLAY_NAME    : Symantec Settings Manager
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Indexing Service
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : ClipBook
   DEPENDENCIES    : NetDDE
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : COM+ System Application
   DEPENDENCIES    : rpcss
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 30 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 1000 seconds
          : Restart   DELAY: 5000 seconds
          : None   DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Cryptographic Services
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
   LOAD_ORDER_GROUP : Event Log
   TAG       : 0
   DISPLAY_NAME    : DCOM Server Process Launcher
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 0 seconds
   FAILURE_ACTIONS    : Reboot   DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : DHCP Client
   DEPENDENCIES    : Tcpip
          : Afd
          : NetBT
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Logical Disk Manager Administrative Service
   DEPENDENCIES    : RpcSs
          : PlugPlay
          : DmServer
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Logical Disk Manager
   DEPENDENCIES    : RpcSs
          : PlugPlay
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : DNS Client
   DEPENDENCIES    : Tcpip
   SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Error Reporting Service
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
   LOAD_ORDER_GROUP : Event log
   TAG       : 0
   DISPLAY_NAME    : Event Log
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : Network
   TAG       : 0
   DISPLAY_NAME    : COM+ Event System
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Fast User Switching Compatibility
   DEPENDENCIES    : TermService
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Help and Support
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 100 seconds
          : Restart   DELAY: 100 seconds
          : None   DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Human Interface Device Access
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : HTTP SSL
   DEPENDENCIES    : HTTP
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\imapi.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : IMAPI CD-Burning COM Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: InCDsrv
Helper service for the InCD filesystem driver
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\Program Files\Ahead\InCD\InCDsrv.exe
   LOAD_ORDER_GROUP : LocalValidation
   TAG       : 0
   DISPLAY_NAME    : InCD Helper
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Server
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : NetworkProvider
   TAG       : 0
   DISPLAY_NAME    : Workstation
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : TCP/IP NetBIOS Helper
   DEPENDENCIES    : NetBT
          : Afd
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Messenger
   DEPENDENCIES    : LanmanWorkstation
          : NetBIOS
          : PlugPlay
          : RpcSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\mnmsrvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : NetMeeting Remote Desktop Sharing
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\msdtc.exe
   LOAD_ORDER_GROUP : MS Transactions
   TAG       : 0
   DISPLAY_NAME    : Distributed Transaction Coordinator
   DEPENDENCIES    : RPCSS
          : SamSS
   SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Installer
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
   LOAD_ORDER_GROUP : NetDDEGroup
   TAG       : 0
   DISPLAY_NAME    : Network DDE
   DEPENDENCIES    : NetDDEDSDM
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Network DDE DSDM
   DEPENDENCIES    :
          : EGrLocalSystem
          : Network DDE DSDM
          : etwork DDE
          : workService
          : Distributed Transaction Coordinator
          : ion
          : r
          : licatin
          :
          : Â§
          :
          : Ã¨6
          : Ã¨6
          : ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
          :
          : u
          : n
          : a
          : v
          : a
          : i
          : l
          : a
          : b
          : l
          : e
          : .
          :
          : I
          : f
          :
          : t
          : h
          : i
          : s
          :
          : s
          : e
          : r
          : v
          : i
          : c
          : e
          :
          : i
          : s
          :
          : d
          : i
          : s
          : a
          : b
          : l
          : e
          : d
          : ,
          :
          : a
          : n
          : y
          :
          : s
          : e
          : r
          : v
          : i
          : c
          : e
          : s
          :
          : t
          : h
          : a
          : t
          :
          : e
          : x
          : p
          : l
          : i
          : c
          : i
          : t
          : l
          : y
          :
          : d
          : e
          : p
          : e
          : n
          : d
          :
          : o
          : n
          :
          : i
          : t
          :
          : w
          : i
          : l
          : l
          :
          : f
          : a
          : i
          : l
          :
          : t
          : o
          :
          : s
          : t
          : a
          : r
          : t
          : .
          :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
   LOAD_ORDER_GROUP : RemoteValidation
   TAG       : 0
   DISPLAY_NAME    : Net Logon
   DEPENDENCIES    : LanmanWorkstation
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Network Connections
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Network Location Awareness (NLA)
   DEPENDENCIES    : Tcpip
          : Afd
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : NT LM Security Support Provider
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Removable Storage
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
   LOAD_ORDER_GROUP : PlugPlay
   TAG       : 0
   DISPLAY_NAME    : Plug and Play
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Pml Driver HPZ12
(null)
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\HPZipm12.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Pml Driver HPZ12
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : IPSEC Services
   DEPENDENCIES    : RPCSS
          : Tcpip
          : IPSec
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Protected Storage
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Access Auto Connection Manager
   DEPENDENCIES    : RasMan
          : Tapisrv
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Access Connection Manager
   DEPENDENCIES    : Tapisrv
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Desktop Help Session Manager
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Routing and Remote Access
   DEPENDENCIES    : RpcSS
          : +NetBIOSGroup
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\locator.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Procedure Call (RPC) Locator
   DEPENDENCIES    : LanmanWorkstation
   SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
   LOAD_ORDER_GROUP : COM Infrastructure
   TAG       : 0
   DISPLAY_NAME    : Remote Procedure Call (RPC)
   DEPENDENCIES    :
   SERVICE_START_NAME: NT AUTHORITY\NetworkService
   FAIL_RESET_PERIOD : 0 seconds
   FAILURE_ACTIONS    : Reboot   DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\rsvp.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : QoS RSVP
   DEPENDENCIES    : TcpIp
          : Afd
          : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
   LOAD_ORDER_GROUP : LocalValidation
   TAG       : 0
   DISPLAY_NAME    : Security Accounts Manager
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
   LOAD_ORDER_GROUP : SmartCardGroup
   TAG       : 0
   DISPLAY_NAME    : Smart Card
   DEPENDENCIES    : PlugPlay
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : SchedulerGroup
   TAG       : 0
   DISPLAY_NAME    : Task Scheduler
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 6000 seconds
          : Restart   DELAY: 60000 seconds
          : None   DELAY: 0 seconds

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Secondary Logon
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : Network
   TAG       : 0
   DISPLAY_NAME    : System Event Notification
   DEPENDENCIES    : EventSystem
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Firewall/Internet Connection Sharing (ICS)
   DEPENDENCIES    : Netman
          : WinMgmt
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
Provides notifications for AutoPlay hardware events.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : ShellSvcGroup
   TAG       : 0
   DISPLAY_NAME    : Shell Hardware Detection
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
   LOAD_ORDER_GROUP : SpoolerGroup
   TAG       : 0
   DISPLAY_NAME    : Print Spooler
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 60000 seconds
          : Restart   DELAY: 60000 seconds
          : None   DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : System Restore Service
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : SSDP Discovery Service
   DEPENDENCIES    : HTTP
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Image Acquisition (WIA)
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{7DC83667-8342-4432-844B-3138617C645B}
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : MS Software Shadow Copy Provider
   DEPENDENCIES    : rpcss
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Performance Logs and Alerts
   DEPENDENCIES    :
   SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: SystemSuite Task Manager
(null)
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe -Service
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : SystemSuite Task Manager
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Telephony
   DEPENDENCIES    : PlugPlay
          : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Terminal Services
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : UIGroup
   TAG       : 0
   DISPLAY_NAME    : Themes
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 60000 seconds
          : Restart   DELAY: 60000 seconds
          : None   DELAY: 0 seconds

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Distributed Link Tracking Client
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Universal Plug and Play Device Host
   DEPENDENCIES    : SSDPSRV
          : HTTP
   SERVICE_START_NAME: NT AUTHORITY\LocalService
   FAIL_RESET_PERIOD : -1 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Uninterruptible Power Supply
   DEPENDENCIES    :
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: vsmon
Monitors internet traffic and generates alerts for disallowed access.
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : TrueVector Internet Monitor
   DEPENDENCIES    : Afd
          : RpcSs
          : vsdatant
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Volume Shadow Copy
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Time
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP : NetworkProvider
   TAG       : 0
   DISPLAY_NAME    : WebClient
   DEPENDENCIES    : MRxDAV
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: WebrootSpySweeperService
Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Webroot Spy Sweeper Engine
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Management Instrumentation
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 60000 seconds
          : Restart   DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Portable Media Serial Number Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\wbem\wmiapsrv.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : WMI Performance Adapter
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Security Center
   DEPENDENCIES    : RpcSs
          : winmgmt
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Automatic Updates
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : Wireless Zero Configuration
   DEPENDENCIES    : RpcSs
          : Ndisuio
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Network Provisioning Service
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

Uninstall list
Adobe Photoshop CS
ANIO Service
GhostSurf 2005
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
InCD
iTunes
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
MSN
MSN Messenger 6.1
Nero Media Player
Nero PhotoShow Express
NeroVision Express 3
QuickTime
Spy Sweeper
VCOM Anti-Spam
VCOM SystemSuite Professional 6
Web Easy Professional Express 5.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Yahoo! Toolbar for Internet Explorer
ZoneAlarm Security Suite

guestolo · « **Reply #9 on:** November 11, 2006, 10:41:27 PM »

I don't understand why your experiencing those issues with system restore and zonealarm

Quote

My system restore won't work at all I have tried for days

Are you saying system restore can't be accessed or you can't use it?
It looks like it's running properly

Can you try the following
It looks as if you may of already scanned for rootkits, but please try this scanner
Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ï¿½Show Allï¿½.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Let's see if it comes up with anything

Also, not sure why zonealarms av won't complete
Can you followup with this scanner too please
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:<img
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Back in Windows

Post the log from Dr.Web with the GMER log please

KristyHillman · « **Reply #10 on:** November 12, 2006, 05:02:35 AM »

Hello There Again

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />. What I meant was that upom several times of going through a sys restore, they came up unsuccsessful no matter what. I tried this many times.

I was suspecting a sub system running off of print spooler. I was not able to turn spooler off in any way. Then I had an unusual admin account opened up somehow running when I had logged into my usual account. It even had a log on photo I had never seen or would have used. It freaked me out. I tried to find it in safe mode & regular mode and couldn't find it...duh. Well I know I am not crazy, but it's stuff like this that gets me. The Zone alarm was a trial version I started on the 2nd of this month. On the 5th of this month, it displayed a registered date which I didn't do. Nobody here had access. The viruses that were detected never got to be deleted Because they would never show on a log and rarely would a scan finish. I aslo sar a remote access key window open with a miniport available. There is a traffic fowarder driver loaded on here. My dmboot, dmio,and dmload drivers are disabled. These are one of the only oned identified with a file name. Everything else has just the name like sparrow, Abiosdsk, simbad, perc2, perchib, asc just top name a few. It looks suspicious but maybe not. Sigh! This one is a tough one and I a challenge to me. Thank you for your time.

Oh and wow. When clicked on gmer modules after doing the rootkit, I got about 25 things that were disabled that I didn't disable such as the name of the process
"sr" file name is \SystemRoot\system32\DRIVERS description - System Restore Filter Driver

many of them do not even have file names but have just a name

GMER 1.0.12.11889 - http://www.gmer.net
Rootkit scan 2006-11-12 03:10:38
Windows 5.1.2600 Service Pack 2

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 8A0461F0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 8A056C28
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 8A17D0E0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 8A07F0D0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 8A065D48
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 8A068640
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 8A06A920
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 89F35690
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 8A024F00
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 8A02E020
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 8A035120
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 8A03CC70
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 8A0193F0
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 89FEF428
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 89FF29E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 89FF3470
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 89FF5270
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 89FF5FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 89FF6268
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 89FF7D28
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 89FF81F8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 89FF8020
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 89FFA6F8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 8A0461F0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 8A056C28
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 8A17D0E0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 8A07F0D0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 8A065D48
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 8A068640
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 8A06A920
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 89F35690
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 8A024F00
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 8A02E020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 8A035120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 8A03CC70
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 8A0193F0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 89FEF428
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 89FF29E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 89FF3470
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 89FF5270
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 89FF5FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 89FF6268
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 89FF7D28
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 89FF81F8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 89FF8020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 89FFA6F8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 8A0461F0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 8A056C28
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 8A17D0E0
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 8A07F0D0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 8A065D48
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 8A068640
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 8A06A920
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 89F35690
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 8A024F00
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 8A02E020
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 8A035120
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 8A03CC70
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 8A0193F0
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 89FEF428
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 89FF29E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 89FF3470
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 89FF5270
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 89FF5FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 89FF6268
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 89FF7D28
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 89FF81F8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 89FF8020
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 89FFA6F8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 8A0461F0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 8A056C28
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 8A17D0E0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 8A07F0D0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 8A065D48
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 8A068640
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 8A06A920
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 89F35690
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 8A024F00
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 8A02E020
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 8A035120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 8A03CC70
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 8A0193F0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 89FEF428
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B84B72A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 89FF29E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 89FF3470
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 89FF5270
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 89FF5FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 89FF6268
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 89FF7D28
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 89FF81F8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 89FF8020
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 89FFA6F8

---- EOF - GMER 1.0.12 ----
TipTopDeluxe_v11.exe;D:\My Documents\My Real Estate\My Programs\9 Popcap Games with numbers\TipTop Deluxe v1.1 with Crack;Tool.ASEye.2;;

This is not my main drive , my c drive showed no virus. This has been around a long time, dont think it is my surface problem.

KristyHillman · « **Reply #11 on:** November 12, 2006, 05:16:27 AM »

I am investigating WOW@cmdline looks suspicious and I think it is bad...Symantec says it is W32.Dozic that propigateds itself through Instant message. I rember through MSN the messnger comes on auto and would never shut off. Some asian messages cane asking me to add them on to my list. I clicked no. Things never ran right since. maybe more things are on here. I will spend some time looking, meanwhile let me know what you think. Thanks ...This stinks. You have done well already. That tool didnt come back as a positive but I am snooping around for things that are coookie looking. Ty Again!

KristyHillman · « **Reply #12 on:** November 12, 2006, 05:41:20 AM »

[quote name=\'guestolo\' post=\'237538\' date=\'Nov 11 2006, 08:37 PM\']Can you show me 2 other logs please

supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Also
Could you Download GetServices.zip
Unzip it to a folder
Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder.
getservice.txt will list all active Services

Post the getservices.txt[/quote]

KristyHillman · « **Reply #13 on:** November 12, 2006, 05:57:32 AM »

Oh no--It has shared access on here amoung other things......nothing has picked this up but I need to know ow to get rid of the hijacker since this is not just the 32.Dozie. Take a look at this......non of this should be here. svchost is always running. This is why I think.

GMER 1.0.12.11889 - http://www.gmer.net

Autostart scan 2006-11-12 04:36:23
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll
WRNotifier@DLLName = WRLogonNTF.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Alerter /*Alerter*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
AudioSrv /*Windows Audio*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BITS /*Background Intelligent Transfer Service*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Browser /*Computer Browser*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" /*file not found*/
ClipSrv /*ClipBook*/@ = %SystemRoot%\system32\clipsrv.exe
CryptSvc /*Cryptographic Services*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*DCOM Server Process Launcher*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*DHCP Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dnscache /*DNS Client*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc /*Error Reporting Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Event Log*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Help and Support*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ /*Human Interface Device Access*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
InCDsrv /*InCD Helper*/@ = C:\Program Files\Ahead\InCD\InCDsrv.exe
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*TCP/IP NetBIOS Helper*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
NetDDE /*Network DDE*/@ = %SystemRoot%\system32\netdde.exe
NetDDEdsdm /*Network DDE DSDM*/@ = %SystemRoot%\system32\netdde.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe
PolicyAgent /*IPSEC Services*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Protected Storage*/@ = %SystemRoot%\system32\lsass.exe
RemoteAccess /*Routing and Remote Access*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
RpcSs /*Remote Procedure Call (RPC)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Security Accounts Manager*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Task Scheduler*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Secondary Logon*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*System Event Notification*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall/Internet Connection Sharing (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Shell Hardware Detection*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*System Restore Service*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc /*Windows Image Acquisition (WIA)*/@ = %SystemRoot%\system32\svchost.exe -k imgsvc
SystemSuite Task Manager /*SystemSuite Task Manager*/@ = C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe -Service
Themes /*Themes*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Distributed Link Tracking Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
W32Time /*Windows Time*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
WebrootSpySweeperService /*Webroot Spy Sweeper Engine*/@ = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
winmgmt /*Windows Management Instrumentation*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Security Center*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Automatic Updates*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Wireless Zero Configuration*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@iTunesHelper"C:\Documents and Settings\Owner\My Documents\New Folder\iPod\iTunesHelper.exe" = "C:\Documents and Settings\Owner\My Documents\New Folder\iPod\iTunesHelper.exe"
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@Zone Labs Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@SpySweeper"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
@HP Software Update"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
@GhostSurfDelSatelliteC:\Program Files\GhostSurf 2005\DeleteSatellite.exe /*file not found*/ = C:\Program Files\GhostSurf 2005\DeleteSatellite.exe /*file not found*/
@GhostSurf Reminder"C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder = "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder
@InCD"C:\Program Files\Ahead\InCD\InCD.exe" = "C:\Program Files\Ahead\InCD\InCD.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\[email protected] = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Program Files\Common Files\System\Ole DB\oledb32.dll = C:\Program Files\Common Files\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Scheduled Tasks*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Shell Folder 2*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Track Popup Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*IE4 Suite Splash Screen*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Shell Application Manager*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Installed Apps Enumerator*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ file thumbnail extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML Thumbnail Extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Get a Passport Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/C:\Program Files\Outlook Express\wabfind.dll = C:\Program Files\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Documents and Settings\Owner\My Documents\New Folder\iPod\iTunesMiniPlayer.dll = C:\Documents and Settings\Owner\My Documents\New Folder\iPod\iTunesMiniPlayer.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Program Files\Ahead\InCD\incdshx.dll = C:\Program Files\Ahead\InCD\incdshx.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Fix-It Menu@{A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Fix-It Menu@{A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{02478D38-C3F9-4EFB-9B51-7695ECA05670} = C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.yahoo.com = http://www.yahoo.com
@Start Pagehttp://www.yahoo.com = http://www.yahoo.com
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://search.yahoo.com/search?ei=utf-8&fr=slv8-yie7&p=thetechguide = http://search.yahoo.com/search?ei=utf-8&am...;p=thetechguide
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = C:\WINDOWS\system32\mscoree.dll
application/x-complus@CLSID = C:\WINDOWS\system32\mscoree.dll
application/x-msdownload@CLSID = C:\WINDOWS\system32\mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
res@CLSID = C:\WINDOWS\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000021@PackedCatalogItem = C:\WINDOWS\system32\ZoneLabs\vetredir.dll

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
GhostSurf proxy.lnk = GhostSurf proxy.lnk
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
HP Image Zone Fast Start.lnk = HP Image Zone Fast Start.lnk

---- EOF - GMER 1.0.12 ----

guestolo · « **Reply #14 on:** November 12, 2006, 09:17:41 AM »

Most of what you see is Normal in the GMER logs
Can you run Dr.Web and post the log please

TheTechGuide Forum

News:

Author Topic: I am going crazy!! My kids have school projects to do and we a (Read 1432 times)

KristyHillman

I am going crazy!! My kids have school projects to do and we a

guestolo

I am going crazy!! My kids have school projects to do and we a

KristyHillman

I am going crazy!! My kids have school projects to do and we a

guestolo

I am going crazy!! My kids have school projects to do and we a

~Blak~

I am going crazy!! My kids have school projects to do and we a

KristyHillman

I am going crazy!! My kids have school projects to do and we a

KristyHillman

I am going crazy!! My kids have school projects to do and we a

guestolo

I am going crazy!! My kids have school projects to do and we a

KristyHillman

I am going crazy!! My kids have school projects to do and we a

guestolo

I am going crazy!! My kids have school projects to do and we a

KristyHillman

I am going crazy!! My kids have school projects to do and we a

KristyHillman

I am going crazy!! My kids have school projects to do and we a

KristyHillman

I am going crazy!! My kids have school projects to do and we a

KristyHillman

I am going crazy!! My kids have school projects to do and we a

guestolo

I am going crazy!! My kids have school projects to do and we a