xp is alive

M

Mack

hello i have 6 administrator and 1 unknown user on my hdd
i did netsh qprocess quser they all have the same base
addy but they use my gate ip and create servers on my hdd
they modify the register so i cant do much like modify the
programs antivirus do mimic on the ones online i can't
format it comes back what can i do here some info i got:

boot:[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft
Windows XP Professionnel" /fastdetect

shell32:

HKCU,"%PATH_EXPLORER%\NoRoamObfuscated"
HKLM,"%PATH_AUTOPLAY%
\ContentTypeHandlers\MixedContentHandler\EventHandlers\Medi
aArrival","Fake",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceAr
rival","GenericVolumeArrival",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceAr
rival","DefaultIcon",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceAr
rival","FriendlyName",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArr
ival","GenericVolumeArrival",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArr
ival","DefaultIcon",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArr
ival","FriendlyName",,""
HKLM,"%PATH_AUTOPLAY%\DeviceClasses\{53f5630d-b6bf-11d0-
94f2-00a0c91efb8b}","DeviceHandlers",,
HKLM,"%PATH_AUTOPLAY%
\EventHandlers\PlayMusicFilesOnArrival","MSPlayMusicFilesOn
Arrival",,""
HKLM,"%PATH_AUTOPLAY%
\EventHandlers\PlayVideoFilesOnArrival","MSPlayVideoFilesOn
Arrival",,""
HKLM,"%ADV_VISUALEFFECTS%\MenuFade"
HKLM,"%ADV_VISUALEFFECTS%\UIEffects"
HKLM,"%ADV_VISUALEFFECTS%\GradientCaptions"
HKLM,"%ADV_VISUALEFFECTS%\HotTracking"
HKLM,"%ADV_VISUALEFFECTS%\ListviewScrollOver"
HKCR,mp3file,TileInfo
HKCR,wmafile,TileInfo
HKCR,jpegfile,TileInfo
HKCR,Paint.Picture,TileInfo
HKCR,TIFImage.Document,TileInfo
HKCR,pngfile,TileInfo
HKCR,PCXImage.Document,TileInfo
HKCR,"CLSID\{0003000C-0000-0000-C000-000000000046}\TreatAs"
HKCR,"CLSID\{0003000C-0000-0000-C000-000000000046}
\NotInsertable"
HKCR,"CLSID\%CLSID_UserNotification%\%LS%"
HKCR,"exefile\shell\runas",Extended
HKLM,"%ADV_FOLDER%\NetPlacesOnDesktop"
HKCR,"CLSID\%CLSID_AutoCMWinSecurity%"
HKLM,"%PATH_HIDEDESKICONS%","%CLSID_RecycleBin%"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Explorer\Hi
deDesktopIcons\ClassicStartMenu","%CLSID_RecycleBin%"
HKCR,"CLSID\%CLSID_RecycleBin%
\ShellFolder",HideOnDesktopPerUser
HKCR,".cdburn"
HKCR,"CLSID\%CLSID_CDBurn%","NeverShowExt"
HKCR,"CLSID\%CLSID_CDBurn%\DefaultIcon"
HKCR,"CLSID\%CLSID_CDBurn%\shellex\DropHandler"
[!DelRegShell]
HKCR,"CLSID\%CLSID_ShellDesktop%\%EXTVIEW%\%
VID_WebView%","PersistFile"
[RegShellNamespace]
HKCR,"CLSID\%CLSID_MyDocuments%\%IPS%",,%REGEXSZ%,"%
_SYS_MOD_PATH%"
HKCR,"CLSID\%CLSID_MyDocuments%\%
IPS%",ThreadingModel,,Apartment
HKCR,"CLSID\%CLSID_MyDocuments%\%IPS%",LoadWithoutCOM
HKCR,"CLSID\%CLSID_MyDocuments%
\ShellFolder",WantsFORPARSING
HKCR,"CLSID\%CLSID_MyDocuments%
\ShellFolder",CallForAttributes,%REGDW%,0x00020040
HKCR,"CLSID\%CLSID_MyDocuments%
\ShellFolder",HideOnDesktopPerUser
HKCR,"CLSID\%CLSID_MyDocuments%
\ShellFolder",QueryForOverlay
HKCR,"CLSID\%CLSID_MyDocuments%\ShellFolder",Attributes,%
REGDW%,0xF080013D
HKCR,"CLSID\%CLSID_MyDocuments%\DefaultIcon",,%REGEXSZ%,"%
_SYS_MOD_PATH%,-235"
HKCR,"CLSID\%CLSID_MyDocuments%",SortOrderIndex,%
REGDW%,0x00000048
HKCR,"CLSID\%CLSID_MyDocuments%
\shell\find",SuppressionPolicy,%REGDW%,0x00000080
HKCR,"CLSID\%CLSID_MyDocuments%\shell\find\command",,%
REGEXSZ%,"%25%\Explorer.exe"
HKCR,"CLSID\%CLSID_MyDocuments%
\shell\find\ddeexec",,,"[FindFolder(""%l"", %I)]"
HKCR,"CLSID\%CLSID_MyDocuments%
\shell\find\ddeexec\application",,,"Folders"
HKCR,"CLSID\%CLSID_MyDocuments%
\shell\find\ddeexec\topic",,,"AppProperties"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Explorer\De
sktop\NameSpace\%CLSID_MyDocuments%",,"My Documents"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Explorer\De
sktop\NameSpace\%CLSID_MyDocuments%","Removal
Message",,"@mydocs.dll,-900"
HKCR,"CLSID\%CLSID_DocFindFolder%",,2,"Search Results
Folder"
HKCR,"CLSID\%CLSID_DocFindFolder%",LocalizedString,%
REGEXSZ%,"@%_SYS_MOD_PATH%,-30520"
HKCR,"CLSID\%CLSID_DocFindFolder%\DefaultIcon",,%
REGEXSZ%,"%_SYS_MOD_PATH%,-134"
HKCR,"CLSID\%CLSID_DocFindFolder%\%IPS%",,%REGEXSZ%,"%
_SYS_MOD_PATH%"
HKCR,"CLSID\%CLSID_DocFindFolder%\%
IPS%",ThreadingModel,,Apartment
HKCR,"CLSID\%CLSID_DocFindFolder%
\ShellFolder","Attributes",%REGDW%,0x20180000
HKLM,"%PATH_EXPLORER%\Desktop\NameSpace\%
CLSID_DocFindFolder%",,,"Search Results Folder"
HKCR,"CLSID\%CLSID_ComputerFindFolder%",,2,"Computer
Search Results Folder"
HKCR,"CLSID\%CLSID_ComputerFindFolder%",LocalizedString,%
REGEXSZ%,"@%_SYS_MOD_PATH%,-30521"
HKCR,"CLSID\%CLSID_ComputerFindFolder%\DefaultIcon",,%
REGEXSZ%,"%_SYS_MOD_PATH%,-135"
HKCR,"CLSID\%CLSID_ComputerFindFolder%\%IPS%",,%REGEXSZ%,"%
_SYS_MOD_PATH%"

thanks for your help
 
M

Michael Solomon \(MS-MVP Windows Shell/User\)

If you are implying this is coming in from the outside, have you installed a
firewall? Are you sure none of the applications you installing are not some
sort of spyware that might be opening the door to intruders?

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

Mack said:
hello i have 6 administrator and 1 unknown user on my hdd
i did netsh qprocess quser they all have the same base
addy but they use my gate ip and create servers on my hdd
they modify the register so i cant do much like modify the
programs antivirus do mimic on the ones online i can't
format it comes back what can i do here some info i got:

boot:[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft
Windows XP Professionnel" /fastdetect

shell32:

HKCU,"%PATH_EXPLORER%\NoRoamObfuscated"
HKLM,"%PATH_AUTOPLAY%
\ContentTypeHandlers\MixedContentHandler\EventHandlers\Medi
aArrival","Fake",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceAr
rival","GenericVolumeArrival",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceAr
rival","DefaultIcon",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceAr
rival","FriendlyName",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArr
ival","GenericVolumeArrival",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArr
ival","DefaultIcon",,""
HKLM,"%PATH_AUTOPLAY%
\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArr
ival","FriendlyName",,""
HKLM,"%PATH_AUTOPLAY%\DeviceClasses\{53f5630d-b6bf-11d0-
94f2-00a0c91efb8b}","DeviceHandlers",,
HKLM,"%PATH_AUTOPLAY%
\EventHandlers\PlayMusicFilesOnArrival","MSPlayMusicFilesOn
Arrival",,""
HKLM,"%PATH_AUTOPLAY%
\EventHandlers\PlayVideoFilesOnArrival","MSPlayVideoFilesOn
Arrival",,""
HKLM,"%ADV_VISUALEFFECTS%\MenuFade"
HKLM,"%ADV_VISUALEFFECTS%\UIEffects"
HKLM,"%ADV_VISUALEFFECTS%\GradientCaptions"
HKLM,"%ADV_VISUALEFFECTS%\HotTracking"
HKLM,"%ADV_VISUALEFFECTS%\ListviewScrollOver"
HKCR,mp3file,TileInfo
HKCR,wmafile,TileInfo
HKCR,jpegfile,TileInfo
HKCR,Paint.Picture,TileInfo
HKCR,TIFImage.Document,TileInfo
HKCR,pngfile,TileInfo
HKCR,PCXImage.Document,TileInfo
HKCR,"CLSID\{0003000C-0000-0000-C000-000000000046}\TreatAs"
HKCR,"CLSID\{0003000C-0000-0000-C000-000000000046}
\NotInsertable"
HKCR,"CLSID\%CLSID_UserNotification%\%LS%"
HKCR,"exefile\shell\runas",Extended
HKLM,"%ADV_FOLDER%\NetPlacesOnDesktop"
HKCR,"CLSID\%CLSID_AutoCMWinSecurity%"
HKLM,"%PATH_HIDEDESKICONS%","%CLSID_RecycleBin%"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Explorer\Hi
deDesktopIcons\ClassicStartMenu","%CLSID_RecycleBin%"
HKCR,"CLSID\%CLSID_RecycleBin%
\ShellFolder",HideOnDesktopPerUser
HKCR,".cdburn"
HKCR,"CLSID\%CLSID_CDBurn%","NeverShowExt"
HKCR,"CLSID\%CLSID_CDBurn%\DefaultIcon"
HKCR,"CLSID\%CLSID_CDBurn%\shellex\DropHandler"
[!DelRegShell]
HKCR,"CLSID\%CLSID_ShellDesktop%\%EXTVIEW%\%
VID_WebView%","PersistFile"
[RegShellNamespace]
HKCR,"CLSID\%CLSID_MyDocuments%\%IPS%",,%REGEXSZ%,"%
_SYS_MOD_PATH%"
HKCR,"CLSID\%CLSID_MyDocuments%\%
IPS%",ThreadingModel,,Apartment
HKCR,"CLSID\%CLSID_MyDocuments%\%IPS%",LoadWithoutCOM
HKCR,"CLSID\%CLSID_MyDocuments%
\ShellFolder",WantsFORPARSING
HKCR,"CLSID\%CLSID_MyDocuments%
\ShellFolder",CallForAttributes,%REGDW%,0x00020040
HKCR,"CLSID\%CLSID_MyDocuments%
\ShellFolder",HideOnDesktopPerUser
HKCR,"CLSID\%CLSID_MyDocuments%
\ShellFolder",QueryForOverlay
HKCR,"CLSID\%CLSID_MyDocuments%\ShellFolder",Attributes,%
REGDW%,0xF080013D
HKCR,"CLSID\%CLSID_MyDocuments%\DefaultIcon",,%REGEXSZ%,"%
_SYS_MOD_PATH%,-235"
HKCR,"CLSID\%CLSID_MyDocuments%",SortOrderIndex,%
REGDW%,0x00000048
HKCR,"CLSID\%CLSID_MyDocuments%
\shell\find",SuppressionPolicy,%REGDW%,0x00000080
HKCR,"CLSID\%CLSID_MyDocuments%\shell\find\command",,%
REGEXSZ%,"%25%\Explorer.exe"
HKCR,"CLSID\%CLSID_MyDocuments%
\shell\find\ddeexec",,,"[FindFolder(""%l"", %I)]"
HKCR,"CLSID\%CLSID_MyDocuments%
\shell\find\ddeexec\application",,,"Folders"
HKCR,"CLSID\%CLSID_MyDocuments%
\shell\find\ddeexec\topic",,,"AppProperties"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Explorer\De
sktop\NameSpace\%CLSID_MyDocuments%",,"My Documents"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Explorer\De
sktop\NameSpace\%CLSID_MyDocuments%","Removal
Message",,"@mydocs.dll,-900"
HKCR,"CLSID\%CLSID_DocFindFolder%",,2,"Search Results
Folder"
HKCR,"CLSID\%CLSID_DocFindFolder%",LocalizedString,%
REGEXSZ%,"@%_SYS_MOD_PATH%,-30520"
HKCR,"CLSID\%CLSID_DocFindFolder%\DefaultIcon",,%
REGEXSZ%,"%_SYS_MOD_PATH%,-134"
HKCR,"CLSID\%CLSID_DocFindFolder%\%IPS%",,%REGEXSZ%,"%
_SYS_MOD_PATH%"
HKCR,"CLSID\%CLSID_DocFindFolder%\%
IPS%",ThreadingModel,,Apartment
HKCR,"CLSID\%CLSID_DocFindFolder%
\ShellFolder","Attributes",%REGDW%,0x20180000
HKLM,"%PATH_EXPLORER%\Desktop\NameSpace\%
CLSID_DocFindFolder%",,,"Search Results Folder"
HKCR,"CLSID\%CLSID_ComputerFindFolder%",,2,"Computer
Search Results Folder"
HKCR,"CLSID\%CLSID_ComputerFindFolder%",LocalizedString,%
REGEXSZ%,"@%_SYS_MOD_PATH%,-30521"
HKCR,"CLSID\%CLSID_ComputerFindFolder%\DefaultIcon",,%
REGEXSZ%,"%_SYS_MOD_PATH%,-135"
HKCR,"CLSID\%CLSID_ComputerFindFolder%\%IPS%",,%REGEXSZ%,"%
_SYS_MOD_PATH%"

thanks for your help
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

sos i have lost my Admin rights on my hdd 1
Problem updating windows media player 9 5

Top