Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rkill won't run after finding suspious .exe's


  • Please log in to reply
8 replies to this topic

#1 scubasteve_plushbuck

scubasteve_plushbuck

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 01 March 2011 - 05:14 AM

i found some .exe programs that look strange to me. ZQDrweb.exe, WOLrweb.exe and a couple more. the detail file said they were .exe files that were used by windows tool 2011. i tried running rkill, all the files, but i get a failed install notice when i run the program. what now? oh yeah i have,


Manufacturer Custom Build
Mother Board Asus 8p8000 deluxe


Processor Intel® Celeron® CPU 2.53GHz 1.3 1.0


Memory (RAM) 1.50 GB

Primary hard disk 42GB Free (285GB Total)
Windows 7 Ultimate

System type 32-bit operating system

Edited by hamluis, 01 March 2011 - 08:29 AM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 scubasteve_plushbuck

scubasteve_plushbuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 02 March 2011 - 12:07 AM

ok, so i ended up running SUPERantivirus and after a grueling eight hour scan i found most of my problem. window tools 20011. got to remind my self not to go to unknown pdf sites when looking for shop manuals for customers cars. what malwarebytes didn't pick up SUPERantivirus did. sorry i posted in the wrong forum, have pitty opn me, i'm just a old man noob. oh yeah, this is what i found, besides about 1300 tracking cookies, make note to clean out the cookie jar.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/01/2011 at 10:34 AM

Application Version : 4.49.1000

Core Rules Database Version : 6500
Trace Rules Database Version: 4316

Scan type : Complete Scan
Total Scan Time : 10:30:00

Memory items scanned : 331
Memory threats detected : 0
Registry items scanned : 7037
Registry threats detected : 0
File items scanned : 118145
File threats detected : 1431


Trojan.Agent/Gen-IEFake
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX1\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX10\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX10\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX11\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX11\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX12\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX12\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX13\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX13\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX14\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX14\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX15\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX15\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX16\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX16\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX17\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX17\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX18\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX18\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX19\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX19\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX2\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX20\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX20\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX21\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX21\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX22\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX22\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX3\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX3\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX4\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX4\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX5\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX5\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX6\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX6\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX7\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX7\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX8\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX8\PROCS\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX9\H\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX9\PROCS\IEXPLORE.EXE

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX10\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX11\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX12\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX13\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX14\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX15\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX16\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX17\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX18\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX19\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX2\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX20\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX21\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX22\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX3\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX4\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX5\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX6\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX7\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX8\NIRD\IEXPLORE.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX9\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX10\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX11\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX12\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX13\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX14\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX15\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX16\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX17\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX18\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX19\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX20\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX21\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX22\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX3\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX4\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX5\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX6\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX7\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX8\PROCS\EXPLORER.EXE
C:\USERS\SCUBASTEVE PLUSHBUCK\APPDATA\LOCAL\TEMP\RARSFX9\PROCS\EXPLORER.EXE

Edited by scubasteve_plushbuck, 02 March 2011 - 12:14 AM.


#3 scubasteve_plushbuck

scubasteve_plushbuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 03 March 2011 - 02:24 AM

ok, it's back. what i thought got removed by superantispyware, didn't. rkill dosen"t work, i tried every named version on the page and none of them seems to load properly. and now when i close ie i get pop-ups that tell me that i need whatg appears to be windows tools 2011. and it opens what looks like my control panel page only none of the programs on the page are mine. anyways , totally stumped as to how to get rid of this. any help would be grately appreciated.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 AM

Posted 03 March 2011 - 07:36 AM

RKill is not a comprehensive malware removal tool. If you are you able to run Malwarebytes Anti-Malware and other security tools without them terminating, there is no need to run RKill. Using RKill is only necessary to fix the most common malware processes that stop us from using security tools and completing scans so its not required in all situations.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan a usb flash drives or other removable drives not listed, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • When the 'Setup page' appears, click Next, check the box 'I accept the license agreement' and click Next twice more to begin extracting the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan and one for Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen. Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected and if they were successfully removed in your next reply. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 scubasteve_plushbuck

scubasteve_plushbuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 03 March 2011 - 09:28 AM

[quote name='quietman7' timestamp='1299155790' post='2154865']
RKill is not a comprehensive malware removal tool. If you are you able to run Malwarebytes Anti-Malware and other security tools without them terminating, there is no need to run RKill. Using RKill is only necessary to fix the most common malware processes that stop us from using security tools and completing scans so its not required in all situations.

. i used rkill only after malwarebytes and superantispyware had stopped mid scan.
thanks for the help, am downloading normans as i speak. will reply later with all necessary logs

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 AM

Posted 03 March 2011 - 09:34 AM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 scubasteve_plushbuck

scubasteve_plushbuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 03 March 2011 - 11:07 PM

i first like to thank you for your help quietman7.
so i ran norman this morning and i'm going to run kaspersky now. here is the log file from norman.

Norman Malware Cleaner
Version 1.8.3
Copyright © 1990 - 2010, Norman ASA. Built 2011/03/02 18:15:03

Norman Scanner Engine Version: 6.07.03
Nvcbin.def Version: 6.07.00, Date: 2011/03/02 18:15:03, Variants: 10212383

Switches: /nounpack

Scan started: 2011/03/03 06:50:44

Running pre-scan cleanup routine:
Operating System: Microsoft Windows 7 6.1.7600
Logged on user: befroomblackbox\scubasteve plushbuck

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = 0x00000000

Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 1s 141ms


Scanning running processes and process memory...

Number of processes/threads found: 6703
Number of processes/threads scanned: 6703
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 25m 4s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Program Files\BurnAware Professional\MultiBurn.exe (Infected with W32/FakeAV.AADY)
Deleted file

C:\Program Files\HTSKApp\HS1418_CRK.exe (Infected with W32/Suspicious_Gen2.DTXCI)
Deleted file

C:\Program Files\Morpheus Photo Animation Suite\Patch.exe (Infected with W32/Suspicious.D2!genr)
Deleted file

C:\Users\Public\unzipped\6552e5e389ffe21b8c503006ff10765bbf9\Zeallsoft_Fun_Morph_v4_35-Patch_CiM\zeallsoft.fun.morph.v4.35-patch.exe (Infected with W32/Malware.CFUV)
Deleted file

C:\Users\Public\unzipped\664ee11c1c815ca99cc1a22784dc2a2ca12[1]\Mr.Robot.v1.10ZG.Keygen.Only.GAME-Lz0\Crack\keygen.exe (Infected with W32/Suspicious_Gen2.YXDT)
Deleted file

C:\Users\Public\unzipped\9709c31941028301ce0c19bc8622b519893[1]\Magic_Morph.exe (Infected with W32/Suspicious_Gen2.GJUN)
Deleted file

C:\Users\scubasteve plushbuck\AppData\Local\Temp\bassmod.dll (Infected with Suspicious_Gen.NHP)
Deleted file

C:\Users\scubasteve plushbuck\AppData\Local\Temp\spypal-home-pc-spy-2010-8.3.exe (Infected with Suspicious_Gen2.ANKXS)
Deleted file

C:\Users\scubasteve plushbuck\Desktop\Morpheus.Photo.Animation.Suite.Industrial.v3.15.WinALL.Cracked-BRD\crack\Patch.exe (Infected with W32/Suspicious.D2!genr)
Deleted file

C:\Users\scubasteve plushbuck\Desktop\Sun.River.Systems.Heatseek.Gold.v1.4.1.8[1]\HTG.part1\Crack\HS1418_CRK.exe (Infected with W32/Suspicious_Gen2.DTXCI)
Deleted file

C:\Users\scubasteve plushbuck\Desktop\VideoConverter_Setup.exe (Infected with W32/Suspicious_Gen2.HIACJ)
Deleted file

Scanning: C:\System Volume Information\*.*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 310358
Number of archives unpacked: 0
Number of files scanned: 310317
Number of files not scanned: 41
Number of files skipped due to exclude list: 0
Number of infected files found: 11
Number of infected files repaired/deleted: 11
Number of infections removed: 11
Total scanning time: 8h 18m 58s

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:29 AM

Posted 04 March 2011 - 07:26 AM

Your scan log results indicate you are using keygens/crack tools.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 scubasteve_plushbuck

scubasteve_plushbuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 05 March 2011 - 04:57 PM

and here is what kaspersky had to say:
- <!-- AVZ XML Report
-->
- <AVZ Version="4.32" LogDate="3/4/2011 8:50:57 AM" WinDir="C:\Windows\" ProfileDir="C:\Users\scubasteve plushbuck" IsWow64="False" CompHash="DF7551D2DA777B720388F5EC23450AEE">
- <PROCESS>
<ITEM PID="2860" File="c:\program files\superantispyware\2e7e8db1-7e32-4b48-bc2f-6dfab7efbf1b.com" CheckResult="0" Descr="SUPERAntiSpyware Application" LegalCopyright="Copyright © 2005-2011 by SUPERAntiSpyware.com and SUPERAdBlocker.com" Hidden="0" CmdLine=""C:\Program Files\SUPERAntiSpyware\2e7e8db1-7e32-4b48-bc2f-6dfab7efbf1b.com"" Size="2423752" Attr="rsAh" CreateDate="3/2/2011 11:55:41 AM" ChageDate="3/2/2011 11:55:41 AM" MD5="E7E49ED9E2C247CCE519D84C880EADAE" />
<ITEM PID="1696" File="c:\program files\motorola\moto helper service\motohelper.exe" CheckResult="-1" Descr="MotoHelp" LegalCopyright="Copyright © 2009" Hidden="0" CmdLine=""C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe"" Size="6656" Attr="rsAh" CreateDate="9/14/2010 11:33:34 PM" ChageDate="9/14/2010 11:33:34 PM" MD5="2708DFE5E9ADFC94E56DAEA76DDE614D" />
<ITEM PID="1664" File="c:\program files\motorola\motohelper\motohelperservice.exe" CheckResult="0" Descr="MotoHelper Service" LegalCopyright="Copyright © 2010" Hidden="0" CmdLine=""C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe"" Size="218432" Attr="rsAh" CreateDate="12/2/2010 3:48:00 PM" ChageDate="12/2/2010 3:48:00 PM" MD5="6B4F753DE350AC86504E9CBE45B752DE" />
</PROCESS>
- <DLL>
<ITEM File="C:\Users\scubasteve plushbuck\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2860" Hidden="0" Size="52736" Attr="rsAh" CreateDate="3/1/2011 12:02:47 AM" ChageDate="3/4/2011 5:30:49 AM" MD5="DB4B28B8F25B3A2548B947A42B2DF3B3" />
<ITEM File="C:\Program Files\Motorola\Moto Helper Service\Command.dll" CheckResult="-1" Descr="Command" LegalCopyright="Copyright © 2009" UsedBy="1696" Hidden="0" Size="4608" Attr="rsAh" CreateDate="9/14/2010 11:33:34 PM" ChageDate="9/14/2010 11:33:34 PM" MD5="233A9BC98C8295F0CE517DFB74C2E431" />
<ITEM File="C:\Program Files\Motorola\Moto Helper Service\merapi-core-cs.dll" CheckResult="-1" Descr="merapi-core-cs" LegalCopyright="Copyright © 2009" UsedBy="1696" Hidden="0" Size="17920" Attr="rsAh" CreateDate="6/20/2010 7:22:54 PM" ChageDate="6/20/2010 7:22:54 PM" MD5="64AD3D9D7F1DDCAF5441FF29069A56E2" />
<ITEM File="C:\Program Files\Motorola\MotoHelper\PST.dll" CheckResult="-1" Descr="PST_CORE DLL" LegalCopyright="Copyright © 2007 - 2012 Motorola MDB-SIG" UsedBy="1664" Hidden="0" Size="1028096" Attr="rsAh" CreateDate="12/2/2010 11:14:36 AM" ChageDate="12/2/2010 11:14:36 AM" MD5="643791058C5A0F852BAE7F80572D9051" />
</DLL>
- <KERNELOBJ>
<ITEM File="C:\Windows\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="8FB3A000" MemSize="009000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_dumpata.sys" CheckResult="-1" Base="8FB2F000" MemSize="00B000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_dumpfve.sys" CheckResult="-1" Base="8FB43000" MemSize="011000" Descr="" LegalCopyright="" />
</KERNELOBJ>
- <Service>
<ITEM File="C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe" Name="MotoHelper.exe" CheckResult="-1" Type="272" State="4" Size="6656" Attr="rsAh" CreateDate="9/14/2010 11:33:34 PM" ChageDate="9/14/2010 11:33:34 PM" MD5="2708DFE5E9ADFC94E56DAEA76DDE614D" />
<ITEM File="C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe" Name="WPFFontCache_v0400" CheckResult="-1" Type="16" State="1" />
</Service>
- <Drivers>
<ITEM File="C:\Windows\system32\drivers\lxgzamrc.sys" Name="lxgzamrc" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FDA5678-8931-47C8-A5D2-CD0D3E8EFFF2}\MpKsl0537a768.sys" Name="MpKsl0537a768" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3716515F-7B95-4AF2-A576-C014C4FABD31}\MpKsl0c58b3a0.sys" Name="MpKsl0c58b3a0" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75B414A7-4817-4FF7-8D1D-E8DD3D00A3FB}\MpKsl0f3bb461.sys" Name="MpKsl0f3bb461" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E086405-76B3-402E-B4B6-C1C30E50B798}\MpKsl11081e80.sys" Name="MpKsl11081e80" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3716515F-7B95-4AF2-A576-C014C4FABD31}\MpKsl1202d93c.sys" Name="MpKsl1202d93c" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3716515F-7B95-4AF2-A576-C014C4FABD31}\MpKsl1b33b6ee.sys" Name="MpKsl1b33b6ee" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38CFE977-9C33-4481-BFDF-56ABC5280CFE}\MpKsl20be2e21.sys" Name="MpKsl20be2e21" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FDA5678-8931-47C8-A5D2-CD0D3E8EFFF2}\MpKsl3678f53e.sys" Name="MpKsl3678f53e" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85BDD484-3391-4C5B-8171-E3DC2EC9B468}\MpKsl375c725e.sys" Name="MpKsl375c725e" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E1C8EB1-BB60-40EF-8307-50E074B9DA87}\MpKsl47a846b0.sys" Name="MpKsl47a846b0" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09E5AB1B-1F77-4C2F-975C-87DAD3F0796F}\MpKsl4f56b9a4.sys" Name="MpKsl4f56b9a4" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E1C8EB1-BB60-40EF-8307-50E074B9DA87}\MpKsl63a40333.sys" Name="MpKsl63a40333" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5904D9D-47B2-427B-9E63-232DF3CFD14F}\MpKsl76c987d3.sys" Name="MpKsl76c987d3" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F56CC94D-6B92-4258-AA3F-53CC6AF057E8}\MpKsl7beb6c22.sys" Name="MpKsl7beb6c22" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FDA5678-8931-47C8-A5D2-CD0D3E8EFFF2}\MpKsl8d05fc3b.sys" Name="MpKsl8d05fc3b" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FDA5678-8931-47C8-A5D2-CD0D3E8EFFF2}\MpKsla8826915.sys" Name="MpKsla8826915" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3716515F-7B95-4AF2-A576-C014C4FABD31}\MpKslb1f78154.sys" Name="MpKslb1f78154" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F56CC94D-6B92-4258-AA3F-53CC6AF057E8}\MpKslbc5501d3.sys" Name="MpKslbc5501d3" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E1C8EB1-BB60-40EF-8307-50E074B9DA87}\MpKslc399a2aa.sys" Name="MpKslc399a2aa" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{327DC7F9-CAF8-41B1-9A23-A5CE9D6F7A1F}\MpKsld09eced4.sys" Name="MpKsld09eced4" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09E5AB1B-1F77-4C2F-975C-87DAD3F0796F}\MpKsld3cf299b.sys" Name="MpKsld3cf299b" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3474DA7-48DE-4DE9-93B2-70805D559B56}\MpKsld9ac7b45.sys" Name="MpKsld9ac7b45" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File=""c:\Program Files\Microsoft IntelliType Pro\dw15.exe"" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\IntelliType Pro" X3="EventMessageFile" />
<ITEM File="C:\5e464a4f6b7ea6bdd385f1189410c9\DW\DW20.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X3="EventMessageFile" />
<ITEM File="C:\Program Files\Driver Performer\DriverPerformer2010.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-21-426445199-1005836897-153288975-1000\Software\Microsoft\Windows\CurrentVersion\Run" X3="Driver Performer" />
<ITEM File="C:\Users\scubasteve plushbuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini" CheckResult="-1" Enabled="1" Type="FILE" Size="286" Attr="rSAH" CreateDate="12/19/2010 5:19:08 PM" ChageDate="12/26/2010 9:32:34 PM" MD5="B93E8F034B75E8C33B8D70FCA7FBF674" X1="C:\Users\scubasteve plushbuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\" X2="C:\Users\scubasteve plushbuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini" X3="" />
<ITEM File="C:\Windows\System32\Drivers\yk60x86.sys" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\yukonwlh" X3="EventMessageFile" />
<ITEM File="C:\Windows\System32\dfsrres.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\DFS Replication" X3="DisplayNameFile" />
<ITEM File="C:\Windows\System32\dfsrres.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\DFS Replication\DFS Replication" X3="EventMessageFile" />
<ITEM File="C:\Windows\System32\dfsrres.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\DFS Replication\DFSR" X3="EventMessageFile" />
<ITEM File="C:\Windows\System32\igmpv2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X3="EventMessageFile" />
<ITEM File="C:\Windows\System32\ipbootp.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X3="EventMessageFile" />
<ITEM File="C:\Windows\System32\iprip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X3="EventMessageFile" />
<ITEM File="C:\Windows\System\LVMaLogD.DLL" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\LOGITECH" X3="EventMessageFile" />
<ITEM File="C:\Windows\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="C:\Windows\system32\slsvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Licensing Service" X3="EventMessageFile" />
<ITEM File="C:\Windows\system32\xvid.dll" CheckResult="-1" Enabled="1" Type="REG" Size="602112" Attr="rsAh" CreateDate="6/22/2010 4:30:10 AM" ChageDate="6/22/2010 4:30:10 AM" MD5="DE6D17448A26A5D5E3CB41B5860E99E0" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Drivers32" X3="vidc.xvid" />
<ITEM File="progman.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="shell" />
<ITEM File="vgafix.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fixedfon.fon" />
<ITEM File="vgaoem.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="oemfonts.fon" />
<ITEM File="vgasys.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fonts.fon" />
</AUTORUN>
- <BHO>
<ITEM File="res:\C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}" Descr="" LegalCopyright="" />
<ITEM File="res:\C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" Descr="" LegalCopyright="" />
</BHO>
- <ExplorerExt>
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="lnkfile" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00020d75-0000-0000-c000-000000000046}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Contacts folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ActiveDirectory Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1b24a030-9b20-49bc-97ac-1be4426f9e59}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Explorer Query Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2C2577C2-63A7-40e3-9B7F-586602617ECB}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="ActiveDirectory Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{34449847-FD14-4fc8-A75A-7432F5181EFB}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName=".cab or .zip files" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{911051fa-c21c-4246-b470-070cd8df6dc4}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Sam Account Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C8494E42-ACDD-4739-B0FB-217361E4894F}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Windows Search Shell Service" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{da67b8ad-e81b-4c70-9b91b417b5e33527}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Sam Account Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E29F9716-5C08-4FCD-955A-119FDB5A522D}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="IE User Assist" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" Descr="" LegalCopyright="" />
</ExplorerExt>
<PrintEXT />
<TaskScheduler />
- <SPI>
<ITEM File="C:\Windows\system32\NLAapi.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" Descr="Network Location Awareness 2" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="51712" Attr="rsAh" CreateDate="7/13/2009 3:53:54 PM" ChageDate="7/13/2009 5:16:03 PM" MD5="045DB4EAB4FBD23210E85ECC3F464A2E" />
<ITEM File="C:\Windows\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="20992" Attr="rsAh" CreateDate="7/13/2009 3:37:57 PM" ChageDate="7/13/2009 5:16:19 PM" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" />
<ITEM File="C:\Windows\system32\napinsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" Descr="E-mail Naming Shim Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="52224" Attr="rsAh" CreateDate="7/13/2009 3:54:55 PM" ChageDate="7/13/2009 5:16:02 PM" MD5="0B7E85364CB878E2AD531DB7B601A9E5" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="7/13/2009 3:55:50 PM" ChageDate="7/13/2009 5:16:12 PM" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="7/13/2009 3:55:50 PM" ChageDate="7/13/2009 5:16:12 PM" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{F29EC251-F55B-4B96-9FD9-1C45080375A0}] SEQPACKET 1" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{F29EC251-F55B-4B96-9FD9-1C45080375A0}] DATAGRAM 1" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{02126AF2-AF32-43BF-AB18-09B2B50ED249}] SEQPACKET 5" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{02126AF2-AF32-43BF-AB18-09B2B50ED249}] DATAGRAM 5" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3C18EBB6-8A62-4104-89A1-B0605A57E8CB}] SEQPACKET 4" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3C18EBB6-8A62-4104-89A1-B0605A57E8CB}] DATAGRAM 4" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0555F361-C260-4699-BA24-0ACF2633BA76}] SEQPACKET 3" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0555F361-C260-4699-BA24-0ACF2633BA76}] DATAGRAM 3" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{82EB3444-F721-46F1-8FA0-BA9F95F2766C}] SEQPACKET 0" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{82EB3444-F721-46F1-8FA0-BA9F95F2766C}] DATAGRAM 0" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F29EC251-F55B-4B96-9FD9-1C45080375A0}] SEQPACKET 2" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F29EC251-F55B-4B96-9FD9-1C45080375A0}] DATAGRAM 2" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="7/13/2009 3:12:34 PM" ChageDate="7/13/2009 5:15:51 PM" MD5="11A41F17527ED75D6B758FDD7F4FD00D" />
</SPI>
- <DPF>
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" CodeBase="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" Descr="" LegalCopyright="" />
</DPF>
<CPL />
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
<ITEM Line="::1 localhost" />
</HOSTS>
<SuspFiles />
- <RK_UM>
<ITEM DLL="advapi32.dll" FNaim="AddMandatoryAce" FIndx="27" HookPtr="75FA193A" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="I_QueryTagInformation" FIndx="359" HookPtr="77DC72D8" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="I_ScIsSecurityProcess" FIndx="361" HookPtr="77DC733F" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="I_ScPnPGetServiceName" FIndx="362" HookPtr="77DC7C40" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="I_ScQueryServiceConfig" FIndx="363" HookPtr="77DC5F8A" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="I_ScSendPnPMessage" FIndx="364" HookPtr="77DC5E7D" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="I_ScSendTSMessage" FIndx="365" HookPtr="77DC71C5" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="I_ScValidatePnPService" FIndx="368" HookPtr="77DC6B9D" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="IsValidRelativeSecurityDescriptor" FIndx="388" HookPtr="75F9977E" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfCreateInstance" FIndx="514" HookPtr="75AE2187" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfDecrementULongCounterValue" FIndx="515" HookPtr="75AE2A1D" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfDecrementULongLongCounterValue" FIndx="516" HookPtr="75AE2B3C" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfDeleteInstance" FIndx="518" HookPtr="75AE2259" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfIncrementULongCounterValue" FIndx="521" HookPtr="75AE27B9" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfIncrementULongLongCounterValue" FIndx="522" HookPtr="75AE28D6" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfQueryInstance" FIndx="527" HookPtr="75AE2373" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfSetCounterRefValue" FIndx="528" HookPtr="75AE2447" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfSetCounterSetInfo" FIndx="529" HookPtr="75AE20B0" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfSetULongCounterValue" FIndx="530" HookPtr="75AE2565" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfSetULongLongCounterValue" FIndx="531" HookPtr="75AE2680" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfStartProvider" FIndx="532" HookPtr="75AE1FED" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfStartProviderEx" FIndx="533" HookPtr="75AE1F34" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="PerfStopProvider" FIndx="534" HookPtr="75AE2026" HookType="1" />
<ITEM DLL="advapi32.dll" FNaim="SystemFunction035" FIndx="752" HookPtr="75513EA8" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DavAddConnection" FIndx="0" HookPtr="6D7F29DD" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DavDeleteConnection" FIndx="1" HookPtr="6D7F181B" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DavFlushFile" FIndx="2" HookPtr="6D7F1713" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DavGetExtendedError" FIndx="3" HookPtr="6D7F2347" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DavGetHTTPFromUNCPath" FIndx="4" HookPtr="6D7F275B" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DavGetUNCFromHTTPPath" FIndx="5" HookPtr="6D7F257D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsAddressToSiteNamesA" FIndx="6" HookPtr="75374A4D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsAddressToSiteNamesExA" FIndx="7" HookPtr="75374D79" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsAddressToSiteNamesExW" FIndx="8" HookPtr="75375049" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsAddressToSiteNamesW" FIndx="9" HookPtr="75374C29" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsDeregisterDnsHostRecordsA" FIndx="10" HookPtr="75376DD9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsDeregisterDnsHostRecordsW" FIndx="11" HookPtr="75376D59" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsEnumerateDomainTrustsA" FIndx="12" HookPtr="75376771" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsEnumerateDomainTrustsW" FIndx="13" HookPtr="753660BC" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcCloseW" FIndx="14" HookPtr="7537495D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcNameA" FIndx="15" HookPtr="75375BB2" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcNameW" FIndx="16" HookPtr="75364CA8" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcNameWithAccountA" FIndx="17" HookPtr="753755E9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcNameWithAccountW" FIndx="18" HookPtr="75364CD1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcNextA" FIndx="19" HookPtr="75374896" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcNextW" FIndx="20" HookPtr="753747ED" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcOpenA" FIndx="21" HookPtr="7537473D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcOpenW" FIndx="22" HookPtr="753746AB" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcSiteCoverageA" FIndx="23" HookPtr="75375239" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetDcSiteCoverageW" FIndx="24" HookPtr="75375409" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetForestTrustInformationW" FIndx="25" HookPtr="75376E6F" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetSiteNameA" FIndx="26" HookPtr="75375B39" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsGetSiteNameW" FIndx="27" HookPtr="75365F24" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsMergeForestTrustInformationW" FIndx="28" HookPtr="75376F71" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleAbortDownlevelServerUpgrade" FIndx="29" HookPtr="74074339" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleCancel" FIndx="30" HookPtr="740734A9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleDcAsDc" FIndx="31" HookPtr="74073EAD" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleDcAsReplica" FIndx="32" HookPtr="74073F99" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleDemoteDc" FIndx="33" HookPtr="74074189" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleDnsNameToFlatName" FIndx="34" HookPtr="740732B5" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleFreeMemory" FIndx="35" HookPtr="740719A9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleGetDatabaseFacts" FIndx="36" HookPtr="74073651" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleGetDcOperationProgress" FIndx="37" HookPtr="74073351" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleGetDcOperationResults" FIndx="38" HookPtr="74073401" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleGetPrimaryDomainInformation" FIndx="39" HookPtr="74071F3D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleIfmHandleFree" FIndx="40" HookPtr="74073539" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleServerSaveStateForUpgrade" FIndx="41" HookPtr="740735C9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsRoleUpgradeDownlevelServer" FIndx="42" HookPtr="74074261" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsValidateSubnetNameA" FIndx="43" HookPtr="75375AF9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="DsValidateSubnetNameW" FIndx="44" HookPtr="753749E1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_BrowserDebugCall" FIndx="45" HookPtr="698524A9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_BrowserDebugTrace" FIndx="46" HookPtr="69852581" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_BrowserQueryEmulatedDomains" FIndx="47" HookPtr="698529F9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_BrowserQueryOtherDomains" FIndx="48" HookPtr="698522C1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_BrowserQueryStatistics" FIndx="49" HookPtr="69852651" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_BrowserResetNetlogonState" FIndx="50" HookPtr="698523D1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_BrowserResetStatistics" FIndx="51" HookPtr="69852729" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_BrowserServerEnum" FIndx="52" HookPtr="698520BF" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_BrowserSetNetlogonState" FIndx="53" HookPtr="69852919" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_DsUpdateReadOnlyServerDnsRecords" FIndx="54" HookPtr="75375569" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetAccountDeltas" FIndx="55" HookPtr="753763AB" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetAccountSync" FIndx="56" HookPtr="753763AB" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetChainSetClientAttributes" FIndx="57" HookPtr="75376FA6" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetChainSetClientAttributes2" FIndx="58" HookPtr="75377029" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetDatabaseDeltas" FIndx="59" HookPtr="75376391" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetDatabaseRedo" FIndx="60" HookPtr="75376521" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetDatabaseSync" FIndx="61" HookPtr="75376391" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetDatabaseSync2" FIndx="62" HookPtr="7537639E" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetDfsGetVersion" FIndx="63" HookPtr="75627CA1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetDfsIsThisADomainName" FIndx="64" HookPtr="6E554E39" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetGetDCList" FIndx="65" HookPtr="75375D9C" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetGetForestTrustInformation" FIndx="66" HookPtr="75376EF1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonControl" FIndx="67" HookPtr="753763B8" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonControl2" FIndx="68" HookPtr="75376439" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonGetDomainInfo" FIndx="69" HookPtr="753664A4" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonSamLogoff" FIndx="70" HookPtr="75376091" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonSamLogon" FIndx="71" HookPtr="75375F39" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonSamLogonEx" FIndx="72" HookPtr="75375FE1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonSamLogonWithFlags" FIndx="73" HookPtr="7536B22A" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonSendToSam" FIndx="74" HookPtr="75376111" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonUasLogoff" FIndx="75" HookPtr="75375EC9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetLogonUasLogon" FIndx="76" HookPtr="75375E53" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerAuthenticate" FIndx="77" HookPtr="75376191" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerAuthenticate2" FIndx="78" HookPtr="75376211" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerAuthenticate3" FIndx="79" HookPtr="75366393" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerGetTrustInfo" FIndx="80" HookPtr="75376C61" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerPasswordGet" FIndx="81" HookPtr="75376B61" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerPasswordSet" FIndx="82" HookPtr="75376291" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerPasswordSet2" FIndx="83" HookPtr="75376311" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerReqChallenge" FIndx="84" HookPtr="75366424" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerSetServiceBits" FIndx="85" HookPtr="7562426D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerSetServiceBitsEx" FIndx="86" HookPtr="75626D11" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetServerTrustPasswordsGet" FIndx="87" HookPtr="75376BE1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetlogonComputeClientDigest" FIndx="88" HookPtr="75365C20" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="I_NetlogonComputeServerDigest" FIndx="89" HookPtr="75376AEC" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetAddAlternateComputerName" FIndx="96" HookPtr="74565B21" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetAddServiceAccount" FIndx="97" HookPtr="753770B1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetApiBufferAllocate" FIndx="100" HookPtr="74571415" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetApiBufferFree" FIndx="101" HookPtr="745713D2" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetApiBufferReallocate" FIndx="102" HookPtr="74573729" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetApiBufferSize" FIndx="103" HookPtr="74573771" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetBrowserStatisticsGet" FIndx="107" HookPtr="69852801" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetConnectionEnum" FIndx="111" HookPtr="75625521" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsAdd" FIndx="112" HookPtr="6E5578FD" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsAddFtRoot" FIndx="113" HookPtr="6E556859" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsAddRootTarget" FIndx="114" HookPtr="6E557401" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsAddStdRoot" FIndx="115" HookPtr="6E552B1E" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsAddStdRootForced" FIndx="116" HookPtr="6E552BB1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsEnum" FIndx="117" HookPtr="6E5570F9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsGetClientInfo" FIndx="118" HookPtr="6E553F25" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsGetDcAddress" FIndx="119" HookPtr="6E552C51" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsGetFtContainerSecurity" FIndx="120" HookPtr="6E555363" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsGetInfo" FIndx="121" HookPtr="6E552D69" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsGetSecurity" FIndx="122" HookPtr="6E557741" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsGetStdContainerSecurity" FIndx="123" HookPtr="6E553AD5" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsGetSupportedNamespaceVersion" FIndx="124" HookPtr="6E555C19" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsManagerGetConfigInfo" FIndx="125" HookPtr="6E552E9C" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsManagerInitialize" FIndx="126" HookPtr="6E552F91" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsManagerSendSiteInfo" FIndx="127" HookPtr="6E5572C5" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsMove" FIndx="128" HookPtr="6E555651" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsRemove" FIndx="129" HookPtr="6E557A19" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsRemoveFtRoot" FIndx="130" HookPtr="6E556A99" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsRemoveFtRootForced" FIndx="131" HookPtr="6E556BE5" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsRemoveRootTarget" FIndx="132" HookPtr="6E555879" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsRemoveStdRoot" FIndx="133" HookPtr="6E552CE1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsRename" FIndx="134" HookPtr="6E552E91" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsSetClientInfo" FIndx="135" HookPtr="6E554301" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsSetFtContainerSecurity" FIndx="136" HookPtr="6E5553AF" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsSetInfo" FIndx="137" HookPtr="6E556D8B" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsSetSecurity" FIndx="138" HookPtr="6E557822" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetDfsSetStdContainerSecurity" FIndx="139" HookPtr="6E553B24" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetEnumerateComputerNames" FIndx="140" HookPtr="74565E39" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetEnumerateServiceAccounts" FIndx="141" HookPtr="75377199" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetEnumerateTrustedDomains" FIndx="142" HookPtr="7537652E" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetFileClose" FIndx="146" HookPtr="75625659" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetFileEnum" FIndx="147" HookPtr="75625729" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetFileGetInfo" FIndx="148" HookPtr="75625859" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGetAnyDCName" FIndx="149" HookPtr="7537496D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGetDCName" FIndx="150" HookPtr="75375913" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGetDisplayInformationIndex" FIndx="151" HookPtr="74554117" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGetJoinInformation" FIndx="152" HookPtr="74562DC7" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGetJoinableOUs" FIndx="153" HookPtr="745659D1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGroupAdd" FIndx="154" HookPtr="745571C3" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGroupAddUser" FIndx="155" HookPtr="745573AD" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGroupDel" FIndx="156" HookPtr="745573CB" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGroupDelUser" FIndx="157" HookPtr="745573EB" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGroupEnum" FIndx="158" HookPtr="74557409" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGroupGetInfo" FIndx="159" HookPtr="745578C8" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGroupGetUsers" FIndx="160" HookPtr="74557952" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGroupSetInfo" FIndx="161" HookPtr="74557C02" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetGroupSetUsers" FIndx="162" HookPtr="74557DAE" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetIsServiceAccount" FIndx="163" HookPtr="753772D9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetJoinDomain" FIndx="164" HookPtr="745654B9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupAdd" FIndx="165" HookPtr="7455875A" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupAddMember" FIndx="166" HookPtr="74558886" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupAddMembers" FIndx="167" HookPtr="74558E99" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupDel" FIndx="168" HookPtr="745588A4" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupDelMember" FIndx="169" HookPtr="74558928" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupDelMembers" FIndx="170" HookPtr="74558EBD" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupEnum" FIndx="171" HookPtr="74558946" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupGetInfo" FIndx="172" HookPtr="74558CE4" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupGetMembers" FIndx="173" HookPtr="74552265" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupSetInfo" FIndx="174" HookPtr="74558D57" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLocalGroupSetMembers" FIndx="175" HookPtr="74558E75" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLogonGetTimeServiceParentDomain" FIndx="176" HookPtr="75376CE9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetLogonSetServiceBits" FIndx="177" HookPtr="7536603C" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetProvisionComputerAccount" FIndx="183" HookPtr="755FF2D3" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetQueryDisplayInformation" FIndx="184" HookPtr="74553D87" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetQueryServiceAccount" FIndx="185" HookPtr="75377249" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetRemoteComputerSupports" FIndx="187" HookPtr="74572160" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetRemoteTOD" FIndx="188" HookPtr="75626C11" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetRemoveAlternateComputerName" FIndx="189" HookPtr="74565C29" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetRemoveServiceAccount" FIndx="190" HookPtr="75377129" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetRenameMachineInDomain" FIndx="191" HookPtr="74565751" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetRequestOfflineDomainJoin" FIndx="207" HookPtr="755FB52F" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetScheduleJobAdd" FIndx="208" HookPtr="74FA19D1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetScheduleJobDel" FIndx="209" HookPtr="74FA1AC9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetScheduleJobEnum" FIndx="210" HookPtr="74FA1BC1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetScheduleJobGetInfo" FIndx="211" HookPtr="74FA1CE1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerAliasAdd" FIndx="212" HookPtr="75627843" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerAliasDel" FIndx="213" HookPtr="75627A79" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerAliasEnum" FIndx="214" HookPtr="75627931" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerComputerNameAdd" FIndx="215" HookPtr="75627411" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerComputerNameDel" FIndx="216" HookPtr="756276FB" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerDiskEnum" FIndx="217" HookPtr="75626559" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerEnum" FIndx="218" HookPtr="69852F61" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerEnumEx" FIndx="219" HookPtr="69852C5F" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerGetInfo" FIndx="220" HookPtr="75623CFA" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerSetInfo" FIndx="221" HookPtr="75626681" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerTransportAdd" FIndx="222" HookPtr="75626851" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerTransportAddEx" FIndx="223" HookPtr="75627329" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerTransportDel" FIndx="224" HookPtr="75626A01" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetServerTransportEnum" FIndx="225" HookPtr="75626AD9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetSessionDel" FIndx="230" HookPtr="75625941" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetSessionEnum" FIndx="231" HookPtr="75625A11" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetSessionGetInfo" FIndx="232" HookPtr="75625B41" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetSetPrimaryComputerName" FIndx="233" HookPtr="74565D31" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetShareAdd" FIndx="234" HookPtr="75625C81" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetShareCheck" FIndx="235" HookPtr="75625E91" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetShareDel" FIndx="236" HookPtr="75625F81" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetShareDelEx" FIndx="237" HookPtr="75627B61" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetShareDelSticky" FIndx="238" HookPtr="756260D1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetShareEnum" FIndx="239" HookPtr="75623F91" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetShareEnumSticky" FIndx="240" HookPtr="756261C9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetShareGetInfo" FIndx="241" HookPtr="7562433F" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetShareSetInfo" FIndx="242" HookPtr="75626341" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUnjoinDomain" FIndx="244" HookPtr="74565641" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUseAdd" FIndx="246" HookPtr="74563693" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUseDel" FIndx="247" HookPtr="74565FA9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUseEnum" FIndx="248" HookPtr="74563184" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUseGetInfo" FIndx="249" HookPtr="74566039" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserAdd" FIndx="250" HookPtr="7455464F" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserChangePassword" FIndx="251" HookPtr="74555A06" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserDel" FIndx="252" HookPtr="74554826" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserEnum" FIndx="253" HookPtr="745549D6" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserGetGroups" FIndx="254" HookPtr="74554E01" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserGetInfo" FIndx="255" HookPtr="74551C60" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserGetLocalGroups" FIndx="256" HookPtr="74552875" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserModalsGet" FIndx="257" HookPtr="7455206B" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserModalsSet" FIndx="258" HookPtr="745554AA" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserSetGroups" FIndx="259" HookPtr="74555095" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetUserSetInfo" FIndx="260" HookPtr="74554D1D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetValidateName" FIndx="261" HookPtr="74565859" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetValidatePasswordPolicy" FIndx="262" HookPtr="74559967" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetValidatePasswordPolicyFree" FIndx="263" HookPtr="74559B6B" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetWkstaTransportAdd" FIndx="266" HookPtr="74564E45" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetWkstaTransportDel" FIndx="267" HookPtr="74564F21" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetWkstaTransportEnum" FIndx="268" HookPtr="74564CF9" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetWkstaUserEnum" FIndx="269" HookPtr="74564AD1" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetWkstaUserGetInfo" FIndx="270" HookPtr="74563280" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetWkstaUserSetInfo" FIndx="271" HookPtr="74564C15" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetapipBufferAllocate" FIndx="272" HookPtr="745737AA" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetpIsRemote" FIndx="288" HookPtr="7457382D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetpwNameCanonicalize" FIndx="295" HookPtr="74571C30" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetpwNameCompare" FIndx="296" HookPtr="74571F2E" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetpwNameValidate" FIndx="297" HookPtr="74571990" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetpwPathCanonicalize" FIndx="298" HookPtr="7457275D" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetpwPathCompare" FIndx="299" HookPtr="74574086" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NetpwPathType" FIndx="300" HookPtr="74572533" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NlBindingAddServerToCache" FIndx="301" HookPtr="753661F8" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NlBindingRemoveServerFromCache" FIndx="302" HookPtr="75365D67" HookType="1" />
<ITEM DLL="netapi32.dll" FNaim="NlBindingSetAuthInfo" FIndx="303" HookPtr="75366198" HookType="1" />
</RK_UM>
- <IPU>
<ITEM Code="1" X1="TermService" X2="@%SystemRoot%\System32\termsrv.dll,-268" />
<ITEM Code="1" X1="SSDPSRV" X2="@%systemroot%\system32\ssdpsrv.dll,-100" />
<ITEM Code="1" X1="Schedule" X2="@%SystemRoot%\system32\schedsvc.dll,-100" />
<ITEM Code="2" />
<ITEM Code="3" />
<ITEM Code="5" />
<ITEM Code="8" X1="-1" />
</IPU>
- <WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="60" Level="1" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
</WIZARD-TSW>
</AVZ>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users