Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infection trojan:dos/alureon.a and trojan:dos/alureon.dx


  • This topic is locked This topic is locked
86 replies to this topic

#31 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 01:48 AM

You know this is so amazing that tonight is just not my night. I can understand where you are coming from because no virus software ever picks this up. I do not ever share anything in my computer. All the entries that are showing shared tasks are all brand new with this trojan. Whether they be macrovision, microsoft, etc they are all new. the host file has one very brief line in it and everything else is gone. All it says is 127.0.0.1 localhost, that's it.

The internet icon disappeared from my desktop tonight and it was hard to find another point of entry. My network places ended up as a shortcut on my desktop in the middle of the screen. When I used Ace utilities tonight to get a log of the top 100 files they were all files I have never seen before. There are all these hidden files on the my docs folder and in the root directory. There are 2 files showing listening on the netstat window that are netbios-ssn and netbios.sys that was the file that was infected. This is the scariest trojan ever because it is so stealth in my system and you just would not know it if you are casually reviewing logs. There is a program that was created in the events called serial model reg tool. That was not something I put there. I disable everything that can control my computer registry and it has found a way to create it. This was all done with components and global objects. Then there is that new service called the remote packet capture. I know my services because I study them and I learned how to optimize my own computer for stealth and safety but this one got past us into the tcpip stack as it was identified on combofix. I am not a developer so I don't use anything remotely. All remote access points are never ever available or present or running. That is all new. heavy sigh. I will run the program that you asked me to run.

I'll be back shortly with that log. I have not shut my computer off today because I'm thinking I will not get back on. I don't know if the recovery console will do any good since it may be all corrupted now. I'm so sad. :( stand by and i'll get the logs.

BC AdBot (Login to Remove)

 


#32 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 02:03 AM

okay the aswmbr program the first time did not run because it said it was not a valid win32 program. I downloaded it again and replaced the file then it ran. and in the middle it gave me a blue screen and crashed and restarted the computer. When it restated I saw on the startup page that there was no longer just 2 start up points. There were 3 and the 3rd one was some sort of a debugger. I could not get all the info that it had in there. I think this trojan is working right along with me and all my info is being logged and recoreded by the plugins of real player and adobe shared and all that junk. Please tell me what is the easiest way to immediately lock this computer down and wipe to zeros. I am totally screwed. Once the host file changed and it has a 3rd profile to start and it is doing this faster. I don't have the cd emulating software enabled and will that prevent me from being able to wipe it to zeros? I am just devastated. And not only that ... what luck, my cable tv went out tonight at the last half hour of the show I watched all season ... so you think you can dance. the final show and the cable went down. ..... awwwww. I fell wiped out and so sad.

I did not get any log off that program because it crashed the computer. Can I run combo fix again or you think that is history too? wow, what a bleepty thing. what do I do? is there a way to get on the phone with you ?

#33 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 02:06 AM

yeah right it must be 3 am. if you are still tending to my woes then I thank you my friend. I used to have a floppy disk setup to run dr dos and that used to reformat the drives for me but now it is all dvds and no floppy anymore and that means I have no way to run that program to suddenly wipe it to zeros. yikes. any suggestions? i feel like a lost a huge battle here tonight. not your fault just hurt. this will be a huge setback for my business and my ... business.

#34 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 11 August 2011 - 02:10 AM

Hello

All it says is 127.0.0.1 localhost, that's it.
this was done by one of our tools

remote packet capture.
already told you that this is normal

There were 3 and the 3rd one was some sort of a debugger.
done by combofix when we ran it the other night

MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#35 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 02:13 AM

hey gringo I see you are still with me here. I'm still here but I'm sitting here stumped as to what to do.

#36 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 02:15 AM

when my computer started up today there were 2 points of log on. The windows operating system and the recovery console. Tonight there are 3 entries. after combo fix it was running okay and everything seemed normal. so I don't know but it is really changing fast. I'll do mbr. thanks.

#37 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 11 August 2011 - 02:15 AM

run post 34


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#38 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 02:17 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB8671000 amdide.sys
0xB80C8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB80F8000 PxHelp20.sys
0xB7ED4000 KSecDD.sys
0xB7EC1000 WudfPf.sys
0xB7EAE000 DefragFS.sys
0xB7E21000 Ntfs.sys
0xB7DF4000 NDIS.sys
0xB7D71000 timntr.sys
0xB7C96000 tdrpm228.sys
0xB7C75000 snapman.sys
0xB7C5B000 Mup.sys
0xB8138000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xB4DC2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB4DAE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB4D7E000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB8148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB4D5B000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8418000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB4D37000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8420000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB4D0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8178000 \SystemRoot\system32\DRIVERS\serial.sys
0xB5BEF000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8188000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8430000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB87B4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB85DC000 \SystemRoot\System32\Drivers\RootMdm.sys
0xB8438000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB5BEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB4CF8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8440000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB4CE7000 \SystemRoot\system32\DRIVERS\psched.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8448000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8450000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8458000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB4CB7000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB85DE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB4C59000 \SystemRoot\system32\DRIVERS\update.sys
0xB5BCF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB81F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB2351000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB232D000 \SystemRoot\system32\drivers\portcls.sys
0xB8218000 \SystemRoot\system32\drivers\drmk.sys
0xB85F8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87C1000 \SystemRoot\System32\Drivers\Null.SYS
0xB85FA000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8490000 \SystemRoot\System32\drivers\vga.sys
0xB85FC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85FE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8498000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB84A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB5BFF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB22D2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB2279000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB2251000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB222B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8228000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB2209000 \SystemRoot\System32\drivers\afd.sys
0xB8238000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB21DE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB87D4000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB216E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8258000 \SystemRoot\System32\Drivers\Fips.SYS
0xB84A8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB4C39000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB84B0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB8340000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB4C35000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8278000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB287A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB2876000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB82A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB212E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8610000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2319000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8378000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86BC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD623000 \SystemRoot\System32\ATMFD.DLL
0xB8298000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xB1B31000 \SystemRoot\system32\drivers\wdmaud.sys
0xB82C8000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1469000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 25):
0 System Idle Process
4 System
744 C:\WINDOWS\system32\smss.exe
792 csrss.exe
816 C:\WINDOWS\system32\winlogon.exe
860 C:\WINDOWS\system32\services.exe
896 C:\WINDOWS\system32\lsass.exe
1072 C:\WINDOWS\system32\svchost.exe
1156 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1308 svchost.exe
1452 C:\WINDOWS\system32\spoolsv.exe
1744 C:\WINDOWS\explorer.exe
2008 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
2016 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
2032 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
272 C:\Program Files\Real\RealPlayer\Update\realsched.exe
1856 alg.exe
1804 C:\WINDOWS\system32\svchost.exe
564 C:\Program Files\Internet Explorer\IEXPLORE.EXE
1828 C:\Program Files\Internet Explorer\IEXPLORE.EXE
1620 C:\Program Files\Internet Explorer\IEXPLORE.EXE
360 C:\Program Files\Internet Explorer\IEXPLORE.EXE
2560 C:\Program Files\Internet Explorer\IEXPLORE.EXE
3048 C:\Documents and Settings\Gabi\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000024`9ed86400 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721010SLA360, Rev: ST6OA31B

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: 532A52DCB6D59E22E0582B8A2DA2F10FDFA0A7F3


Done!

#39 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 11 August 2011 - 02:32 AM

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

  • Right click and run as admin (xp please double click to run)
  • select lang
  • click on next
  • accept the license aggreement
  • select location and click on next
  • in autoscan make sure the first three boxes are checked and the box next to the C:/ drive
  • click on start scan
  • when complete click on report
  • in the three drop down boxes choose autoscan - do not group and important events
  • click on save and save to desktop
  • copy and paste this report in your next post

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#40 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 02:35 AM

there is a new program in my hijack this log called gabi.exe. what is that?
there is a new start up program in my auto start programs called kernelfaultcheck
it is showing the command: %systemroot%\system32\dumprep0 -k and then showing status of enabled, New and it is showing the company of microsoft.

I just pulled up ace utilities to see what is auto starting. the ctfmon that always was checked as an auto start is no longer checked. and this new one of kernel fault is checked.

there are 6 entries of the winsock providers all showing netbios devices with long numbers of seq packets and datagrams. I've never seen those in there before. At least not with these same identifiers in there. I'm just giving you things that look wierd to me.

Okay I see that the entries that look like they are not well are all in the system local machine. I would like to export that log from ace utilities since it may help. Sorry if you are not asking for it but here is my ace log. I think this looks very different from the other reports of ace utilities for explorer.


Report Created on 10 Aug 2011, 09:29 PM by Ace Utilities Version 5.2.4.474

Header 1: Name
Header 2: Command
Header 3: Company
Header 4: Status
-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------

Internet Explorer Version Update
C:\WINDOWS\system32\ieudinit.exe
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Windows Media Player
C:\WINDOWS\inf\unregmp2.exe /HideWMP
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Internet Explorer
C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Browser Customizations
"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Windows Desktop Update
regsvr32.exe /s /n /i:U shell32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Themes Setup
C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Windows Media Player
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Windows Desktop Update
regsvr32.exe /s /n /i:U shell32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Internet Explorer
C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
DOTNETFRAMEWORKS
C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Outlook Express
C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Microsoft Corporation
Disabled
-------------------------------------------------------------------------------------------------------
Microsoft Outlook Express 6
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Microsoft Corporation
Disabled
-------------------------------------------------------------------------------------------------------
NetMeeting 3.01
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
Microsoft Corporation
Disabled
-------------------------------------------------------------------------------------------------------
Windows Messenger 4.7
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Microsoft Corporation
Disabled
-------------------------------------------------------------------------------------------------------
Address Book 6
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
Microsoft Corporation
Disabled
-------------------------------------------------------------------------------------------------------
Browseui preloader
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Component Categories cache daemon
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
WebCheck
C:\WINDOWS\system32\webcheck.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
WPDShServiceObj
C:\WINDOWS\system32\wpdshserviceobj.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
PostBootReminder
C:\WINDOWS\system32\shell32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
CDBurn
C:\WINDOWS\system32\SHELL32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
SysTray
C:\WINDOWS\system32\stobject.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Multimedia File Property Sheet
mmsys.cpl
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ICM Scanner Management
icmui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
NTFS Security Page
rshx32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
OLE Docfile Property Page
docprop.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell extensions for sharing
ntshrui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
PlusPack CPL Extension
C:\WINDOWS\system32\themeui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Display Adapter CPL Extension
deskadp.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Display Monitor CPL Extension
deskmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
DS Security Page
dssec.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Compatibility Page
SlayerXP.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Scrap DataHandler
shscrap.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Disk Copy Extension
diskcopy.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell extensions for Microsoft Windows Network objects
ntlanui2.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ICM Monitor Management
C:\WINDOWS\System32\icmui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ICM Printer Management
C:\WINDOWS\system32\icmui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Web Printer Shell Extension
printui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Disk Quota UI
dskquoui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Briefcase
syncui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
HyperTerminal Icon Ext
C:\WINDOWS\system32\hticons.dll
Hilgraeve, Inc.
Enabled
-------------------------------------------------------------------------------------------------------
Fonts
fontext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ICC Profile
C:\WINDOWS\system32\icmui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Printers Security Page
rshx32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell extensions for sharing
ntshrui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Display TroubleShoot CPL Extension
deskperf.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
MMC Icon Handler
C:\WINDOWS\System32\mmcshext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Search Band
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Crypto PKO Extension
C:\WINDOWS\system32\cryptext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Crypto Sign Extension
C:\WINDOWS\system32\cryptext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Network Connections
C:\WINDOWS\system32\NETSHELL.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Network Connections
C:\WINDOWS\system32\NETSHELL.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Scanners & Cameras
wiashext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Scanners & Cameras
wiashext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Scanners & Cameras
wiashext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Scanners & Cameras
wiashext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Scanners & Cameras
wiashext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Remote Sessions CPL Extension
C:\WINDOWS\system32\remotepg.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Microsoft BrowserBand
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
WebCheckWebCrawler
C:\WINDOWS\system32\webcheck.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Fade Task
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Menu Desk Bar
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE AutoComplete
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Search Band
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Url History Service
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
The Internet
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Navigation Bar
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Menu Site
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Menu Band
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Microsoft History AutoComplete List
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Extensions Manager Folder
C:\WINDOWS\system32\extmgr.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Tracking Shell Menu
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE IShellFolderBand
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE BandProxy
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Temporary Internet Files
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Temporary Internet Files
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Code Download Agent
C:\WINDOWS\system32\webcheck.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
WebCheck SyncMgr Handler
C:\WINDOWS\system32\webcheck.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Internet Name Space
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ActiveX Cache Folder
C:\WINDOWS\system32\occache.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE MRU AutoComplete List
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE RSS Feeder Folder
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Microsoft Shell Folder AutoComplete List
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Subscription Mgr
C:\WINDOWS\system32\webcheck.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Microsoft Multiple AutoComplete List Container
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Browser Architecture
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Shell Rebar BandSite
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Url Search Hook
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Shell Band Site Menu
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
WebCheck
C:\WINDOWS\system32\webcheck.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell DocObject Viewer
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
&Links
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Subscription Folder
C:\WINDOWS\system32\webcheck.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Registry Tree Options Utility
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE User Assist
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
InternetShortcut
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE Custom MRU AutoCompleted List
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
History
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell extensions for Windows Script Host
C:\WINDOWS\system32\wshext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
IE History and Feeds Shell Data Source for Windows Search
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
HTML Document
C:\WINDOWS\system32\mshtml.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
MSHTML Document
C:\WINDOWS\system32\mshtml.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Web Browser
C:\WINDOWS\system32\ieframe.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Data Link
C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Tasks Folder Icon Handler
C:\WINDOWS\system32\mstask.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Tasks Folder Shell Extension
C:\WINDOWS\system32\mstask.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Scheduled Tasks
C:\WINDOWS\system32\mstask.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Set Program Access and Defaults
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Auto Update Property Sheet Extension
C:\WINDOWS\system32\wuaucpl.cpl
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Portable Devices
C:\WINDOWS\system32\wpdshext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Portable Devices Menu
C:\WINDOWS\system32\wpdshext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Office Document Property Handler
C:\WINDOWS\system32\propsys.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Windows Search Deskbar
C:\Program Files\Windows Desktop Search\deskbar.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Windows Desktop Search
C:\Program Files\Windows Desktop Search\msnlExt.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Taskbar and Start Menu
rundll32.exe shell32.dll,Options_RunDLL 1
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Search
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Help and Support
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Help and Support
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Run...
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Internet
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
E-mail
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Fonts
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Administrative Tools
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Previous Versions Property Page
C:\WINDOWS\system32\twext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Previous Versions
C:\WINDOWS\system32\twext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Audio Media Properties Handler
C:\WINDOWS\system32\shmedia.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Video Media Properties Handler
C:\WINDOWS\system32\shmedia.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Wav Properties Handler
C:\WINDOWS\system32\shmedia.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Avi Properties Handler
C:\WINDOWS\system32\shmedia.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Midi Properties Handler
C:\WINDOWS\system32\shmedia.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Video Thumbnail Extractor
C:\WINDOWS\system32\shmedia.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Internet Toolbar
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Download Status
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Augmented Shell Folder
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Augmented Shell Folder 2
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
BandProxy
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft BrowserBand
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
In-pane search
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Registry Tree Options Utility
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
&Address
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Address EditBox
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Microsoft AutoComplete
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
MRU AutoComplete List
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Custom MRU AutoCompleted List
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Accessible
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Track Popup Bar
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft History AutoComplete List
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Shell Folder AutoComplete List
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Multiple AutoComplete List Container
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Band Site Menu
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell DeskBarApp
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell DeskBar
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Rebar BandSite
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
User Assist
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Global Folder Settings
C:\WINDOWS\system32\browseui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Favorites Band
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
History Band
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Automation Inproc Service
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Browser Architecture
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ISFBand OC
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Search Assistant OC
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Explorer Band
C:\WINDOWS\system32\shdocvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Sendmail service
C:\WINDOWS\system32\sendmail.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Sendmail service
C:\WINDOWS\system32\sendmail.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Application Manager
C:\WINDOWS\system32\appwiz.cpl
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Installed Apps Enumerator
C:\WINDOWS\system32\appwiz.cpl
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Darwin App Publisher
C:\WINDOWS\system32\appwiz.cpl
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Image Verbs
C:\WINDOWS\system32\shimgvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Image Data Factory
C:\WINDOWS\system32\shimgvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
GDI+ file thumbnail extractor
C:\WINDOWS\system32\shimgvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Summary Info Thumbnail handler (DOCFILES)
C:\WINDOWS\system32\shimgvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
HTML Thumbnail Extractor
C:\WINDOWS\system32\shimgvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Image Property Handler
C:\WINDOWS\system32\shimgvw.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Web Publishing Wizard
C:\WINDOWS\system32\netplwiz.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Print Ordering via the Web
C:\WINDOWS\system32\netplwiz.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Publishing Wizard Object
C:\WINDOWS\system32\netplwiz.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Get a Passport Wizard
C:\WINDOWS\system32\netplwiz.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
User Accounts
rundll32.exe C:\WINDOWS\system32\netplwiz.dll,UsersRunDll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Compressed (zipped) Folder
C:\WINDOWS\system32\zipfldr.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Compressed (zipped) Folder Right Drag Handler
C:\WINDOWS\system32\zipfldr.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Compressed (zipped) Folder SendTo Target
C:\WINDOWS\system32\zipfldr.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
FTP Folders Webview
C:\WINDOWS\system32\msieftp.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft DocProp Shell Ext
C:\WINDOWS\system32\docprop2.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft DocProp Inplace Edit Box Control
C:\WINDOWS\system32\docprop2.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft DocProp Inplace ML Edit Box Control
C:\WINDOWS\system32\docprop2.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft DocProp Inplace Droplist Combo Control
C:\WINDOWS\system32\docprop2.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft DocProp Inplace Calendar Control
C:\WINDOWS\system32\docprop2.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft DocProp Inplace Time Control
C:\WINDOWS\system32\docprop2.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Directory Query UI
C:\WINDOWS\system32\dsquery.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell properties for a DS object
C:\WINDOWS\system32\dsquery.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Directory Object Find
C:\WINDOWS\system32\dsquery.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Directory Start/Search Find
C:\WINDOWS\system32\dsquery.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Directory Property UI
C:\WINDOWS\system32\dsuiext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Directory Context Menu Verbs
C:\WINDOWS\system32\dsuiext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
MyDocs Copy Hook
C:\WINDOWS\system32\mydocs.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
MyDocs Drop Target
C:\WINDOWS\system32\mydocs.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
MyDocs Properties
C:\WINDOWS\system32\mydocs.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Offline Files Menu
C:\WINDOWS\System32\cscui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Offline Files Folder Options
C:\WINDOWS\System32\cscui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Offline Files Folder
C:\WINDOWS\System32\cscui.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Agent Character Property Sheet Handler
C:\WINDOWS\msagent\agentpsh.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
DfsShell
C:\WINDOWS\system32\dfsshlex.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
%DESC_PublishDropTarget%
C:\WINDOWS\system32\photowiz.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
.CAB file viewer
cabview.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
For &People...
C:\Program Files\Outlook Express\wabfind.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Portable Media Devices
C:\WINDOWS\system32\audiodev.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Windows Media Player Burn Audio CD Context Menu Handler
C:\WINDOWS\system32\wmpshell.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Windows Media Player Play as Playlist Context Menu Handler
C:\WINDOWS\system32\wmpshell.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Windows Media Player Add to Playlist Context Menu Handler
C:\WINDOWS\system32\wmpshell.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Fusion Cache
C:\WINDOWS\system32\mscoree.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft.XPS.Shell.Metadata.1
C:\WINDOWS\System32\XPSSHHDR.DLL
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft.XPS.Shell.Thumbnail.1
C:\WINDOWS\System32\XPSSHHDR.DLL
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Desktop Explorer
C:\Program Files\NVIDIA Corporation\nView\nvshell.dll

Enabled
-------------------------------------------------------------------------------------------------------
Desktop Explorer Menu
C:\Program Files\NVIDIA Corporation\nView\nvshell.dll

Enabled
-------------------------------------------------------------------------------------------------------
nView Desktop Context Menu
C:\Program Files\NVIDIA Corporation\nView\nvshell.dll

Enabled
-------------------------------------------------------------------------------------------------------
NvCpl DesktopContext Class
C:\WINDOWS\system32\nvcpl.dll
NVIDIA Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Acronis True Image Shell Context Menu Extension
C:\Program Files\Acronis\TrueImageHome\tishell.dll
Acronis
Enabled
-------------------------------------------------------------------------------------------------------
Acronis True Image Shell Extension
C:\Program Files\Acronis\TrueImageHome\tishell.dll
Acronis
Enabled
-------------------------------------------------------------------------------------------------------
NeroCoverEd Live Icons
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
Nero AG
Enabled
-------------------------------------------------------------------------------------------------------
NeroDigitalIconHandler
C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
Nero AG
Enabled
-------------------------------------------------------------------------------------------------------
NeroDigitalPropSheetHandler
C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
Nero AG
Enabled
-------------------------------------------------------------------------------------------------------
Web Folders
C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Office OneNote Namespace Extension for Windows Desktop Search
C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Office HTML Icon Handler
C:\Program Files\Microsoft Office\Office12\msohevi.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Office Metadata Handler
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Office Thumbnail Handler
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
WinRAR shell extension
C:\Program Files\WinRAR\rarext.dll

Enabled
-------------------------------------------------------------------------------------------------------
WipeExt Class
C:\Program Files\Ace Utilities\wipext.dll

Enabled
-------------------------------------------------------------------------------------------------------
AceFTP Context Menu Shell Extension
C:\PROGRA~1\VISICO~1\ACEFTP~1\ftpcntxt.dll
Visicom Media Inc.
Enabled
-------------------------------------------------------------------------------------------------------
Adobe.Acrobat.ContextMenu
C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
Adobe Systems Inc.
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Office Outlook Custom Icon Handler
C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Microsoft Office Outlook Desktop Icon Handler
C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Shell Extensions for RealOne Player
c:\program files\real\realplayer\rpshell.dll
RealNetworks, Inc.
Enabled
-------------------------------------------------------------------------------------------------------
Shell Icon Handler for Application References
C:\WINDOWS\system32\dfshim.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ShellLink for Application References
C:\WINDOWS\system32\dfshim.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
application/octet-stream
mscoree.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
application/x-complus
mscoree.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
application/x-msdownload
mscoree.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
AP Deflate Encoding/Decoding Filter
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
AP GZIP Encoding/Decoding Filter
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
WebView MIME Filter
C:\WINDOWS\system32\SHELL32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
text/xml
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
about
C:\WINDOWS\system32\mshtml.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
CDL: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
DVD: Pluggable Protocol
C:\WINDOWS\system32\msvidctl.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
file:, local: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ftp: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
gopher: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
http: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
https: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ipp
C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
its: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\itss.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
javascript
C:\WINDOWS\system32\mshtml.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
file:, local: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
mailto
C:\WINDOWS\system32\mshtml.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
MHTML Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\inetcomm.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
mk: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\urlmon.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
Help HxProtocol
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
ms-its: Asychronous Pluggable Protocol Handler
C:\WINDOWS\system32\itss.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
msdaipp
C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
res
C:\WINDOWS\system32\mshtml.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
TV: Pluggable Protocol
C:\WINDOWS\system32\msvidctl.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
vbscript
C:\WINDOWS\system32\mshtml.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
wia: Asychronous Pluggable Protocol Handler for WIA devices
C:\WINDOWS\system32\wiascr.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
{24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
{24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
{66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
Microsoft Corporation
Enabled
-------------------------------------------------------------------------------------------------------
NeroDigitalExt.NeroDigitalColumnHandler
C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
Nero AG
Enabled
-------------------------------------------------------------------------------------------------------
PDF Column Info
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
Adobe Systems, Inc.
Enabled
-------------------------------------------------------------------------------------------------------
Display Panning CPL Extension
<Not Found> deskpan.dll

Disabled
-------------------------------------------------------------------------------------------------------
Microsoft Office Outlook Custom Icon Handler
C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
Microsoft Corporation
Disabled
-------------------------------------------------------------------------------------------------------
Microsoft Office Outlook Desktop Icon Handler
C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
Microsoft Corporation
Disabled
-------------------------------------------------------------------------------------------------------
Play on my TV helper
C:\WINDOWS\system32\nvcpl.dll
NVIDIA Corporation
Disabled
-------------------------------------------------------------------------------------------------------
Total 275 item(s)

#41 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 02:38 AM

okay I'll do kaspersky. thanks and just the fact that you are staying up for me is so awesome. thank you. thank you.

#42 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 02:47 AM

its taking a long time to download the kaspersky program. very slow. almost downloaded.
I just saw the catchme dot sys driver got enabled in the ace utilities auto start entries. I just disabled it since we ar enot using combofix at this moment right? there are a lot of new enabled entries. I can tell because they all are showing new next to the ones that were not enabled before.

#43 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 11 August 2011 - 02:48 AM

Well running out of ideas


If there is nothing to see then I can't fight itif this don't show mw anything then there is nothing I can do


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#44 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 02:59 AM

Okay so now it is prompting me to do something. It found the exploit.java.cve-2010-4452.a. Should I be letting it delete these automatically?

#45 gabstercol

gabstercol
  • Topic Starter

  • Members
  • 192 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 11 August 2011 - 03:01 AM

gringo do i want it to automatically remove things as it goes or you want me to skip it and not perform any action?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users