Results 1 to 2 of 2

Thread: First Time and Help with Virtumonde

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Posts
    11

    Question First Time and Help with Virtumonde

    Hello there. This is my first time at Safer Networking but ive been using Spybot for a long time. But now i need help. I have a few Trojans which seem to not be able to go away after many trys from Spybot. I know that VirtuMonde,VirtuMonde.generaic and others are Stuck on my computer. I have read many Posts on Virtumonde but i need to Post my own log for someone nice to help me. I have not gotten any Back round changes but some Popups have "popped UP" and ive had a million Registery Key changes which i always DECLINE. So far i only have Spybot and AVG which i only keep for other purposes but Right at this moment im using Malwarebytes anti malaware scan.
    Theres alot of things on this SpyBOT log but ill post it now


    --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

    2008-07-07 blindman.exe (1.0.0.8)
    2008-07-07 SDFiles.exe (1.6.0.4)
    2008-07-07 SDMain.exe (1.0.0.6)
    2008-07-07 SDShred.exe (1.0.2.3)
    2008-07-07 SDUpdate.exe (1.6.0.8)
    2008-07-07 SDWinSec.exe (1.0.0.12)
    2008-07-07 SpybotSD.exe (1.6.0.30)
    2008-09-16 TeaTimer.exe (1.6.3.25)
    2008-08-24 unins000.exe (51.49.0.0)
    2008-07-07 Update.exe (1.6.0.7)
    2008-10-22 advcheck.dll (1.6.2.13)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-09-15 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2008-10-22 Tools.dll (2.1.6.8)
    2008-11-04 Includes\Adware.sbi
    2008-12-29 Includes\AdwareC.sbi
    2008-06-03 Includes\Cookies.sbi
    2009-01-06 Includes\Dialer.sbi
    2009-01-06 Includes\DialerC.sbi
    2008-07-23 Includes\HeavyDuty.sbi
    2008-11-18 Includes\Hijackers.sbi
    2009-01-05 Includes\HijackersC.sbi
    2008-12-09 Includes\Keyloggers.sbi
    2008-12-22 Includes\KeyloggersC.sbi
    2004-11-29 Includes\LSP.sbi
    2008-11-18 Includes\Malware.sbi
    2009-01-06 Includes\MalwareC.sbi
    2008-12-16 Includes\PUPS.sbi
    2009-01-06 Includes\PUPSC.sbi
    2007-11-07 Includes\Revision.sbi
    2008-06-18 Includes\Security.sbi
    2008-12-29 Includes\SecurityC.sbi
    2008-06-03 Includes\Spybots.sbi
    2008-06-03 Includes\SpybotsC.sbi
    2008-12-10 Includes\Spyware.sbi
    2009-01-06 Includes\SpywareC.sbi
    2008-06-03 Includes\Tracks.uti
    2009-01-05 Includes\Trojans.sbi
    2009-01-06 Includes\TrojansC.sbi
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll


    --- System information ---
    Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
    / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
    / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Windows XP Hotfix - KB885250
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887472
    / Windows XP / SP3: Windows XP Hotfix - KB887742
    / Windows XP / SP3: Windows XP Hotfix - KB888113
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Windows XP Hotfix - KB889673
    / Windows XP / SP3: Security Update for Windows XP (KB890046)
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Security Update for Windows XP (KB893756)
    / Windows XP / SP3: Update for Windows XP (KB894391)
    / Windows XP / SP3: Hotfix for Windows XP (KB896256)
    / Windows XP / SP3: Hotfix for Windows XP (KB896344)
    / Windows XP / SP3: Security Update for Windows XP (KB896358)
    / Windows XP / SP3: Security Update for Windows XP (KB896422)
    / Windows XP / SP3: Security Update for Windows XP (KB896423)
    / Windows XP / SP3: Security Update for Windows XP (KB896424)
    / Windows XP / SP3: Security Update for Windows XP (KB896428)
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP3: Security Update for Windows XP (KB899587)
    / Windows XP / SP3: Security Update for Windows XP (KB899588)
    / Windows XP / SP3: Security Update for Windows XP (KB899591)
    / Windows XP / SP3: Update for Windows XP (KB900485)
    / Windows XP / SP3: Security Update for Windows XP (KB900725)
    / Windows XP / SP3: Security Update for Windows XP (KB901017)
    / Windows XP / SP3: Security Update for Windows XP (KB901190)
    / Windows XP / SP3: Security Update for Windows XP (KB901214)
    / Windows XP / SP3: Security Update for Windows XP (KB902400)
    / Windows XP / SP3: Security Update for Windows XP (KB904706)
    / Windows XP / SP3: Update for Windows XP (KB904942)
    / Windows XP / SP3: Security Update for Windows XP (KB905414)
    / Windows XP / SP3: Security Update for Windows XP (KB905749)
    / Windows XP / SP3: Hotfix for Windows XP (KB906569)
    / Windows XP / SP3: Security Update for Windows XP (KB908519)
    / Windows XP / SP3: Update for Windows XP (KB908531)
    / Windows XP / SP3: Hotfix for Windows XP (KB908673)
    / Windows XP / SP3: Update for Windows XP (KB910437)
    / Windows XP / SP3: Update for Windows XP (KB911280)
    / Windows XP / SP3: Security Update for Windows XP (KB911562)
    / Windows XP / SP3: Security Update for Windows XP (KB911567)
    / Windows XP / SP3: Security Update for Windows XP (KB911927)
    / Windows XP / SP3: Security Update for Windows XP (KB912812)
    / Windows XP / SP3: Security Update for Windows XP (KB912919)
    / Windows XP / SP3: Update for Windows XP (KB912945)
    / Windows XP / SP3: Security Update for Windows XP (KB913580)
    / Windows XP / SP3: Security Update for Windows XP (KB914388)
    / Windows XP / SP3: Security Update for Windows XP (KB914389)
    / Windows XP / SP3: Hotfix for Windows XP (KB915865)
    / Windows XP / SP3: Security Update for Windows XP (KB916281)
    / Windows XP / SP3: Update for Windows XP (KB916595)
    / Windows XP / SP3: Security Update for Windows XP (KB917159)
    / Windows XP / SP3: Security Update for Windows XP (KB917344)
    / Windows XP / SP3: Security Update for Windows XP (KB917422)
    / Windows XP / SP3: Security Update for Windows XP (KB917953)
    / Windows XP / SP3: Security Update for Windows XP (KB918118)
    / Windows XP / SP3: Security Update for Windows XP (KB918439)
    / Windows XP / SP3: Security Update for Windows XP (KB918899)
    / Windows XP / SP3: Security Update for Windows XP (KB919007)
    / Windows XP / SP3: Security Update for Windows XP (KB920213)
    / Windows XP / SP3: Security Update for Windows XP (KB920214)
    / Windows XP / SP3: Security Update for Windows XP (KB920670)
    / Windows XP / SP3: Security Update for Windows XP (KB920683)
    / Windows XP / SP3: Security Update for Windows XP (KB920685)
    / Windows XP / SP3: Update for Windows XP (KB920872)
    / Windows XP / SP3: Security Update for Windows XP (KB921398)
    / Windows XP / SP3: Security Update for Windows XP (KB921503)
    / Windows XP / SP3: Security Update for Windows XP (KB921883)
    / Windows XP / SP3: Update for Windows XP (KB922582)
    / Windows XP / SP3: Security Update for Windows XP (KB922616)
    / Windows XP / SP3: Security Update for Windows XP (KB922760)
    / Windows XP / SP3: Security Update for Windows XP (KB922819)
    / Windows XP / SP3: Security Update for Windows XP (KB923191)
    / Windows XP / SP3: Security Update for Windows XP (KB923414)
    / Windows XP / SP3: Security Update for Windows XP (KB923694)
    / Windows XP / SP3: Security Update for Windows XP (KB923980)
    / Windows XP / SP3: Security Update for Windows XP (KB924191)
    / Windows XP / SP3: Security Update for Windows XP (KB924270)
    / Windows XP / SP3: Security Update for Windows XP (KB924496)
    / Windows XP / SP3: Security Update for Windows XP (KB924667)
    / Windows XP / SP3: Security Update for Windows XP (KB925486)
    / Windows XP / SP3: Update for Windows XP (KB925720)
    / Windows XP / SP3: Security Update for Windows XP (KB925902)
    / Windows XP / SP3: Hotfix for Windows XP (KB926239)
    / Windows XP / SP3: Security Update for Windows XP (KB926255)
    / Windows XP / SP3: Security Update for Windows XP (KB926436)
    / Windows XP / SP3: Security Update for Windows XP (KB927779)
    / Windows XP / SP3: Security Update for Windows XP (KB927802)
    / Windows XP / SP3: Update for Windows XP (KB927891)
    / Windows XP / SP3: Security Update for Windows XP (KB928090)
    / Windows XP / SP3: Security Update for Windows XP (KB928255)
    / Windows XP / SP3: Security Update for Windows XP (KB928843)
    / Windows XP / SP3: Security Update for Windows XP (KB929123)
    / Windows XP / SP3: Update for Windows XP (KB929338)
    / Windows XP / SP3: Security Update for Windows XP (KB929969)
    / Windows XP / SP3: Security Update for Windows XP (KB930178)
    / Windows XP / SP3: Update for Windows XP (KB930916)
    / Windows XP / SP3: Security Update for Windows XP (KB931261)
    / Windows XP / SP3: Security Update for Windows XP (KB931768)
    / Windows XP / SP3: Security Update for Windows XP (KB931784)
    / Windows XP / SP3: Update for Windows XP (KB931836)
    / Windows XP / SP3: Security Update for Windows XP (KB932168)
    / Windows XP / SP3: Update for Windows XP (KB933360)
    / Windows XP / SP3: Security Update for Windows XP (KB933566)
    / Windows XP / SP3: Security Update for Windows XP (KB933729)
    / Windows XP / SP3: Security Update for Windows XP (KB935839)
    / Windows XP / SP3: Security Update for Windows XP (KB935840)
    / Windows XP / SP3: Security Update for Windows XP (KB936021)
    / Windows XP / SP3: Update for Windows XP (KB936357)
    / Windows XP / SP3: Security Update for Windows XP (KB937143)
    / Windows XP / SP3: Security Update for Windows XP (KB938127)
    / Windows XP / SP3: Update for Windows XP (KB938828)
    / Windows XP / SP3: Security Update for Windows XP (KB938829)
    / Windows XP / SP3: Security Update for Windows XP (KB939653)
    / Windows XP / SP3: Security Update for Windows XP (KB941202)
    / Windows XP / SP3: Security Update for Windows XP (KB941568)
    / Windows XP / SP3: Security Update for Windows XP (KB941644)
    / Windows XP / SP3: Security Update for Windows XP (KB941693)
    / Windows XP / SP3: Security Update for Windows XP (KB942615)
    / Windows XP / SP3: Update for Windows XP (KB942763)
    / Windows XP / SP3: Update for Windows XP (KB942840)
    / Windows XP / SP3: Security Update for Windows XP (KB943055)
    / Windows XP / SP3: Security Update for Windows XP (KB943460)
    / Windows XP / SP3: Security Update for Windows XP (KB943485)
    / Windows XP / SP3: Security Update for Windows XP (KB944338)
    / Windows XP / SP3: Security Update for Windows XP (KB944533)
    / Windows XP / SP3: Security Update for Windows XP (KB944653)
    / Windows XP / SP3: Security Update for Windows XP (KB945553)
    / Windows XP / SP3: Security Update for Windows XP (KB946026)
    / Windows XP / SP3: Update for Windows XP (KB946627)
    / Windows XP / SP3: Security Update for Windows XP (KB947864)
    / Windows XP / SP3: Security Update for Windows XP (KB948590)
    / Windows XP / SP3: Security Update for Windows XP (KB948881)
    / Windows XP / SP3: Security Update for Windows XP (KB950749)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Security Update for Windows XP (KB950759)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Update for Windows XP (KB951072-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951376)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951698)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB953838)
    / Windows XP / SP4: Security Update for Windows XP (KB953839)
    / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
    / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


    --- Startup entries list ---
    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 39792
    MD5: 8B9145D229D4E89D15ACB820D4A3A90F

    Located: HK_LM:Run, AVG8_TRAY
    command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
    file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
    size: 1232152
    MD5: 348A781AEF0870A56549F53BB37A233A

    Located: HK_LM:Run, b0ee80b1
    command: rundll32.exe "C:\WINDOWS\system32\lejnicfc.dll",b
    file: C:\WINDOWS\system32\lejnicfc.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, BMb3ddb32d
    command: Rundll32.exe "C:\WINDOWS\system32\ibkwxskx.dll",s
    file: C:\WINDOWS\system32\ibkwxskx.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, DLCCCATS
    command: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
    file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll
    size: 73728
    MD5: A7CC5CA9026665C588368441E6A39DE2

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 413696
    MD5: 6CD5C3276C83F72677D647F27EE14ABD

    Located: HK_LM:Run, wekewfjo983mkefdd
    command: C:\DOCUME~1\goof\LOCALS~1\Temp\winlogan.exe
    file: C:\DOCUME~1\goof\LOCALS~1\Temp\winlogan.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, Zune Launcher
    command: "C:\Program Files\Zune\ZuneLauncher.exe"
    file: C:\Program Files\Zune\ZuneLauncher.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, DWQueuedReporting
    where: .DEFAULT...
    command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    size: 437160
    MD5: 9435C1C2D2111573111367F92F208C1F

    Located: HK_CU:Run, Nokia.PCSync
    where: .DEFAULT...
    command: "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    file: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    size: 1294336
    MD5: 7E024CD0041CF4211FB1C0183744D548

    Located: HK_CU:Run, DellSupport
    where: PE_C_ADMINISTRATOR...
    command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    file: C:\Program Files\Dell Support\DSAgnt.exe
    size: 332800
    MD5: A40D952C0355C85867517AA529A06741

    Located: HK_CU:Run, DellSupport
    where: PE_C_GUEST...
    command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    file: C:\Program Files\Dell Support\DSAgnt.exe
    size: 332800
    MD5: A40D952C0355C85867517AA529A06741

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-1922755085-1678472594-1395284061-1012...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, Jnskdfmf9eldfd
    where: S-1-5-21-1922755085-1678472594-1395284061-1012...
    command: C:\DOCUME~1\goof\LOCALS~1\Temp\csrssc.exe
    file: C:\DOCUME~1\goof\LOCALS~1\Temp\csrssc.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, MSMSGS
    where: S-1-5-21-1922755085-1678472594-1395284061-1012...
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

    Located: HK_CU:Run, PC Suite Tray
    where: S-1-5-21-1922755085-1678472594-1395284061-1012...
    command: "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    file: C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    size: 695808
    MD5: 74CCF2E5134893B97B3BB0FAF6587F2D

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-1922755085-1678472594-1395284061-1012...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1833296
    MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

    Located: HK_CU:Run, wekewfjo983mkefdd
    where: S-1-5-21-1922755085-1678472594-1395284061-1012...
    command: C:\DOCUME~1\goof\LOCALS~1\Temp\winlogan.exe
    file: C:\DOCUME~1\goof\LOCALS~1\Temp\winlogan.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, Yahoo! Pager
    where: S-1-5-21-1922755085-1678472594-1395284061-1012...
    command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    size: 4670704
    MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F

    Located: HK_CU:Run, DWQueuedReporting
    where: S-1-5-18...
    command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    size: 437160
    MD5: 9435C1C2D2111573111367F92F208C1F

    Located: HK_CU:Run, Nokia.PCSync
    where: S-1-5-18...
    command: "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    file: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    size: 1294336
    MD5: 7E024CD0041CF4211FB1C0183744D548

    Located: Startup (user), FIFA 09 Registration.lnk
    where: C:\Documents and Settings\goof\Start Menu\Programs\Startup...
    command: C:\Program Files\EA Sports\Support\EAregister.exe
    file: C:\Program Files\EA Sports\Support\EAregister.exe
    size: 4369408
    MD5: 80487901FAF5EA07E6BF82390B4CFD3A

    Located: Startup (user), hamachi.lnk
    where: C:\Documents and Settings\goof\Start Menu\Programs\Startup...
    command: C:\Program Files\Hamachi\hamachi.exe
    file: C:\Program Files\Hamachi\hamachi.exe
    size: 625952
    MD5: 6C39D81E69A1EEAEF0259961D7FB4793

    Located: Startup (disabled), Xfire (DISABLED)
    command: C:\PROGRA~1\Xfire\xfire.exe
    file: C:\PROGRA~1\Xfire\xfire.exe
    size: 2998608
    MD5: F10EDDFB305CDAC417DD36698C9230C4

    Located: WinLogon, AtiExtEvent
    command: Ati2evxx.dll
    file: Ati2evxx.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, iifdcDsS
    command: iifdcDsS.dll
    file: iifdcDsS.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, PRISMAPI.DLL
    command: PRISMAPI.DLL
    file: PRISMAPI.DLL
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: &Yahoo! Toolbar Helper
    description: Yahoo Companion!
    classification: Legitimate
    known filename: Ycomp*_*_*_*.dll
    info link: http://companion.yahoo.com/
    info source: TonyKlein
    Path: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\
    Long name: yt.dll
    Short name:
    Date (created): 12/18/2007 4:49:22 PM
    Date (last access): 1/9/2009 5:03:28 PM
    Date (last write): 12/18/2007 4:49:22 PM
    Filesize: 817936
    Attributes: archive
    MD5: 5A9E77C71D6D7030BC170DD7CF04CF5D
    CRC32: 74F4CBB1
    Version: 2007.12.18.1

    {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: iifdcDsS.dll
    Short name:
    Date (created): 1/8/2009 4:56:48 PM
    Date (last access): 1/9/2009 4:52:22 PM
    Date (last write): 1/8/2009 4:56:52 PM
    Filesize: 57856
    Attributes: archive
    MD5: 9863EAC8A2F078C4F22326B64A03D3A1
    CRC32: 82D5DCCD

    {81E89DDA-F393-43A5-BAFF-72A81F1539CF} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {B4B09E93-8567-4BC5-9A22-1C9BEC9A6502} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: jkkKebAq.dll
    Short name:
    Date (created): 1/8/2009 5:02:00 PM
    Date (last access): 1/9/2009 4:52:22 PM
    Date (last write): 1/8/2009 5:02:04 PM
    Filesize: 297984
    Attributes: archive
    MD5: AE92F1848C3D10E1ED7B4B1786717C55
    CRC32: 490184AF
    Version: 1.2.626.1

    {D5BF4552-94F1-42BD-F434-3604812C807D} (C:\WINDOWS\system32\rakmdlkd83indfgnbu.dll)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: C:\WINDOWS\system32\rakmdlkd83indfgnbu.dll
    Path: C:\WINDOWS\system32\
    Long name: rakmdlkd83indfgnbu.dll
    Short name: RAKMDL~1.DLL
    Date (created): 1/8/2009 5:11:42 PM
    Date (last access): 1/9/2009 4:52:22 PM
    Date (last write): 1/8/2009 5:11:42 PM
    Filesize: 15000
    Attributes: archive
    MD5: 65B6BB4AF8EE37FF6C13854D5319EDE0
    CRC32: 1F6CC96F



    --- ActiveX list ---
    {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
    DPF name:
    CLSID name: PCPitstop Utility
    Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
    Codebase: http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    description: Gateway tools
    classification: Legitimate
    known filename: PCPITSTOP.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: PCPitstop.dll
    Short name: PCPITS~1.DLL
    Date (created): 4/29/2008 11:06:38 AM
    Date (last access): 1/2/2009 3:54:16 PM
    Date (last write): 4/29/2008 11:06:38 AM
    Filesize: 440536
    Attributes: archive
    MD5: 9EB9D81B780C184D56070EFFD84004BB
    CRC32: B7355015
    Version: 1.0.0.187

    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
    DPF name:
    CLSID name: Installation Support
    Installer:
    Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    description: Yahoo! Installation helper
    classification: Legitimate
    known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Yahoo!\Common\
    Long name: YInstHelper.dll
    Short name: YINSTH~1.DLL
    Date (created): 11/28/2007 4:55:58 PM
    Date (last access): 1/8/2009 6:05:40 PM
    Date (last write): 11/28/2007 4:55:58 PM
    Filesize: 211744
    Attributes: archive
    MD5: 48FF0FA1CAB4AD6ACEF9027F34090880
    CRC32: 284355E3
    Version: 2007.11.28.1

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_02
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.6.0_02\bin\
    Long name: npjpi160_02.dll
    Short name: NPJPI1~1.DLL
    Date (created): 7/12/2007 1:22:38 AM
    Date (last access): 1/8/2009 5:47:24 PM
    Date (last write): 7/12/2007 3:00:36 AM
    Filesize: 132496
    Attributes: archive
    MD5: E3811F1A1C5063C941EC0E2766C3EA39
    CRC32: AEFD3747
    Version: 6.0.20.6

    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
    DPF name:
    CLSID name: ActiveScan Installer Class
    Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
    Codebase: http://acs.pandasoftware.com/actives...ree/asinst.cab
    description:
    classification: Legitimate
    known filename: ASINST.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: asinst.dll
    Short name:
    Date (created): 8/24/2006 7:28:54 AM
    Date (last access): 1/2/2009 3:54:16 PM
    Date (last write): 8/24/2006 7:28:54 AM
    Filesize: 141424
    Attributes: archive
    MD5: CB0EBD772D7D003BD11A999FF515A89A
    CRC32: 3CFE74C1
    Version: 58.6.0.0

    {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0)
    DPF name: Java Runtime Environment 1.4.0
    CLSID name: Java Plug-in 1.4.0
    Installer:
    Codebase: http://java.sun.com/update/1.4.0/jin...ndows-i586.cab
    description: Sun Java 2 Runtime 1.4
    classification: Legitimate
    known filename: install-14-win.cab
    info link:
    info source: JavaCool
    Path: C:\Program Files\Java\jre1.5.0_03\bin\
    Long name: npjpi140.dll

    {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_02
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi160_02.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.6.0_02\bin\
    Long name: npjpi160_02.dll
    Short name: NPJPI1~1.DLL
    Date (created): 7/12/2007 1:22:38 AM
    Date (last access): 1/9/2009 5:34:34 PM
    Date (last write): 7/12/2007 3:00:36 AM
    Filesize: 132496
    Attributes: archive
    MD5: E3811F1A1C5063C941EC0E2766C3EA39
    CRC32: AEFD3747
    Version: 6.0.20.6

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_02
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.6.0_02\bin\
    Long name: npjpi160_02.dll
    Short name: NPJPI1~1.DLL
    Date (created): 7/12/2007 1:22:38 AM
    Date (last access): 1/9/2009 5:34:34 PM
    Date (last write): 7/12/2007 3:00:36 AM
    Filesize: 132496
    Attributes: archive
    MD5: E3811F1A1C5063C941EC0E2766C3EA39
    CRC32: AEFD3747
    Version: 6.0.20.6



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 820 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 876 ( 820) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 904 ( 820) \??\C:\WINDOWS\system32\winlogon.exe
    size: 502272
    PID: 948 ( 904) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 960 ( 904) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 1172 ( 948) C:\WINDOWS\system32\Ati2evxx.exe
    size: 483328
    MD5: 65B2AF103A6BF703D9BA6873C4725553
    PID: 1188 ( 948) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1288 ( 948) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1432 ( 948) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1468 ( 948) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1500 ( 904) C:\WINDOWS\system32\Ati2evxx.exe
    size: 483328
    MD5: 65B2AF103A6BF703D9BA6873C4725553
    PID: 1652 ( 948) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1712 ( 948) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1864 ( 948) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
    PID: 1772 ( 568) C:\WINDOWS\system32\PRISMSVR.EXE
    size: 381014
    MD5: 99914AF4CB946177B56CFDDCA8B08505
    PID: 272 (1756) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    size: 577024
    MD5: DD1ABC8DD84233E1CAAE9537E46331F6
    PID: 416 ( 948) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    size: 231192
    MD5: F43C8FCC7FDB984FD06FE29BAA741947
    PID: 472 (1756) C:\PROGRA~1\AVG\AVG8\avgtray.exe
    size: 1232152
    MD5: 348A781AEF0870A56549F53BB37A233A
    PID: 592 ( 948) C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    size: 810632
    MD5: 073029D068CE38E27E768E2F02E21F90
    PID: 600 (1756) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1833296
    MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
    PID: 700 (1756) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8
    PID: 708 (1756) C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    size: 695808
    MD5: 74CCF2E5134893B97B3BB0FAF6587F2D
    PID: 412 ( 948) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1512 ( 948) C:\Program Files\Viewpoint\Common\ViewpointService.exe
    size: 24652
    MD5: 5F974FDE801C73952770736BECDE11E7
    PID: 560 ( 948) C:\WINDOWS\system32\ZuneBusEnum.exe
    size: 61856
    MD5: A2612386460EA7DAD56D0DAC63B67AB5
    PID: 2960 ( 416) C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    size: 287000
    MD5: BA1CE056CE1466CA28CE118585EA86C4
    PID: 3148 ( 948) C:\PROGRA~1\AVG\AVG8\avgemc.exe
    size: 873752
    MD5: 85C11B32FE239B3B3136EE9572DA9702
    PID: 3604 ( 948) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 3760 ( 948) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    size: 353280
    MD5: 56EB980DA71B94B79A341615C3C256CF
    PID: 2324 (3760) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    size: 122880
    MD5: B9A5BCC9317313FD21FBE58A9943AB7C
    PID: 2432 (3760) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    size: 117248
    MD5: ABD0E03553D1DB17B64EF044C6D124A7
    PID: 292 (1756) C:\Program Files\Winamp\winamp.exe
    size: 1120768
    MD5: 5B301D0C1DA1F57E6638BDB28C9FB332
    PID: 2380 ( 948) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 3176 (1756) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 307704
    MD5: 8DA0A66CB74FCBB393038E37E0F691BA
    PID: 3324 (3232) C:\WINDOWS\explorer.exe
    size: 1033216
    MD5: 97BD6515465659FF8F3B7BE375B2EA87
    PID: 1736 ( 656) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    size: 1269392
    MD5: D27B5CE6DDCF8833ACB32C198028C34A
    PID: 3616 (3324) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4891472
    MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 1/9/2009 5:34:34 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.msn.com/?wl=true
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.google.com/ig/dell?hl=en&...inc&channel=us
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://home.microsoft.com/access/autosearch.asp?p=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\windows\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://us.rd.yahoo.com/customize/ie/...ch/search.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.yahoo.com/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.yahoo.com/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC4987B0-602E-498D-A34C-66926D3C37AD}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC4987B0-602E-498D-A34C-66926D3C37AD}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{33B3F4AA-810D-4387-B217-472C24C6351F}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{33B3F4AA-810D-4387-B217-472C24C6351F}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1AD0E897-8291-44B0-889D-5E37F7206E7E}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1AD0E897-8291-44B0-889D-5E37F7206E7E}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACD2793B-A174-45C5-BC91-7CCE02D8B16A}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACD2793B-A174-45C5-BC91-7CCE02D8B16A}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA6DB531-11F9-4A43-80DA-975E966A47CE}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA6DB531-11F9-4A43-80DA-975E966A47CE}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3E3305B-2E39-40B2-8DBD-FA5FB28C59ED}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3E3305B-2E39-40B2-8DBD-FA5FB28C59ED}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D14E935C-2E8B-420F-A2E9-E4AC67F69E34}] SEQPACKET 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D14E935C-2E8B-420F-A2E9-E4AC67F69E34}] DATAGRAM 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CA839C6F-930C-47CC-80A7-829542659650}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CA839C6F-930C-47CC-80A7-829542659650}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{137CE66F-E3B4-449A-9C2D-95561C94EBEA}] SEQPACKET 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{137CE66F-E3B4-449A-9C2D-95561C94EBEA}] DATAGRAM 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Please Help me... I hate Viruses

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hello Oh_noes117

    Please see this next

    Please follow the instructions in the above thread and then start a fresh topic with the logs required.

    Regards.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •