PDA

View Full Version : No Threats found



thetechguy
2005-11-04, 09:29
Not long ago I saw a short article on this site for SpyBot sd - not finding threats. It stated that there are some spyware that have the ability to hinder programs like SpotBot Sd from finding threats. I am unable to find that article anymore on this site and I think I am experiancing that problem. When I check for problems I see 0/30 problems found at the bottom and then Congratulations! no threates found.

Please help

Thank you

Jon

thetechguy
2005-11-04, 09:34
I have recently removed some nasty spyware. It took SpyBot - SpySweeper and SpyEmergency to find it all and kill it. However now I am getting remnant side effects from them. I am getting errors that I cant google info on.

Applications errors of files isrdpapi.exe and atbdjpn.exe

Please advise

thank you

Jon

Merged two topics.

David Arnatt
2005-11-04, 09:41
Just wondering what version of windows are you running i did a search for those files and i think they were 'common' names for the spyware that was running and you might have other programs crawling on your pc.

Have you done a msconfig in run and made sure there wasnt any unwanted programs on startup?
Maybe if your running different version of windows or even different program files such as photoshop, that might be an install file that it keeps.

I am running XP Pro with SP2 - and i cant find any of those files on my PC so i recommend a clean install or spending time and going through files such as...
C:\Program Files\Common Files
When in a file such as this press ctrl+a for some reason if i have 'show hidden files on' it still doesn't find all files and i am unsure why do this and it will tell you if there are any hidden files anywhere.

tashi
2005-11-04, 10:01
Hello thetechguy and welcome to the forum. :)

David Arnatt it would not be a good move to do a clean install of XP SP2 on a computer that might be infected. First of all we need to take a look at the system.

thetechguy please do the following if able:

Open SpyBot, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Attach or copy paste the log into this topic. :)

Make sure you update the program after installing and before scanning. (If you receive a Bad Checksum Error please try another download mirror.)

If you are running an older version of Spybot-S&D.

Spybot-S&D 1.4 Final has been released.
Uninstalling Previous Spybot-S&D (http://www.safer-networking.org/en/faq/27.html)
Spybot-S&D Version 1.4 Download (http://www.spybot.info/en/download/index.html)

Tutorial (http://www.spybot.info/en/tutorial/index.html)

Cheers.

thetechguy
2005-11-04, 11:22
--- Search result list ---
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2005-10-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-28 Includes\Cookies.sbi (*)
2005-10-28 Includes\Dialer.sbi (*)
2005-10-28 Includes\Hijackers.sbi (*)
2005-10-28 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-10-28 Includes\Malware.sbi (*)
2005-10-28 Includes\PUPS.sbi (*)
2005-10-28 Includes\Revision.sbi (*)
2005-10-28 Includes\Security.sbi (*)
2005-10-28 Includes\Spybots.sbi (*)
2005-02-16 Includes\Tracks.uti
2005-10-28 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)

thetechguy
2005-11-04, 11:23
--- Startup entries list ---
Located: HK_LM:Run, APL
command: "C:\Program Files\ACT\ACT for Win 7\APL.exe"
file: C:\Program Files\ACT\ACT for Win 7\APL.exe
size: 20480
MD5: 0d88047a483c5aee81af6ea0e3353d4e

Located: HK_LM:Run, BluetoothAuthenticationAgent
command: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 5712b77158fbbb5ab5aebc396e15499d

Located: HK_LM:Run, CloneCDElbyCDFL
command: "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
file: C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
size: 45056
MD5: fb408b5e89b7eb5720e04485b847cbd4

Located: HK_LM:Run, CloneCDTray
command: "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
file: C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
size: 57344
MD5: 7451a022e910fb8e91c7f6d5049a9e83

Located: HK_LM:Run, DownloadAccelerator
command: C:\PROGRA~1\DAP\DAP.EXE /STARTUP
file: C:\PROGRA~1\DAP\DAP.EXE
size: 1069056
MD5: 357c0898b3cc52ff08ed68787dc0e0a8

Located: HK_LM:Run, FaxTalk CallControl 7.0
command: "C:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe"
file: C:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe
size: 122880
MD5: 3d29a4bf90da0a8870fa5167b3dbda96

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, LogMeIn GUI
command: "C:\Program Files\LogMeIn\LogMeInSystray.exe"
file: C:\Program Files\LogMeIn\LogMeInSystray.exe
size: 189168
MD5: 2fdbd9191a9576a3e41edd230b68297c

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 782336
MD5: 1821fb026290a1c26a235406b5ccf434

Located: HK_LM:Run, Omnipage
command: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
file: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
size: 49152
MD5: bb272fcbc0fcf0bf43fe75d81ec17899

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, type32
command: "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
file: C:\Program Files\Microsoft IntelliType Pro\type32.exe
size: 172032
MD5: 05e10c2c3736e52fe33d16d2f9c73c04

Located: HK_LM:Run, VC5Player
command: C:\Program Files\HHVcdV5Sys\VC5Play.exe
file: C:\Program Files\HHVcdV5Sys\VC5Play.exe
size: 176128
MD5: 9aeba99ad111e10519e6cff2f4a2df05

Located: HK_LM:Run, WinVNC
command: "C:\Program Files\RealVNC\WinVNC\winvnc.exe" -servicehelper
file:

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file:

Located: HK_LM:Run, RoxioAudioCentral (DISABLED)
command: "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
file:

Located: HK_LM:Run, RoxioDragToDisc (DISABLED)
command: "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
file:

Located: HK_LM:Run, RoxioEngineUtility (DISABLED)
command: "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
file:

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, Eraser
command: C:\Program Files\Eraser\eraser.exe -hide
file:

Located: HK_CU:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 120320
MD5: d7ff5e298a0ad6c01e06bc1b2d202cf6

Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 405583
MD5: a4ce7e9913893e1b59e303cf2a43d5d6

Located: HK_CU:Run, MoneyAgent
command: "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
file: C:\Program Files\Microsoft Money\System\mnyexpr.exe
size: 200704
MD5: b0342cdf37f346704708c6d924028a5a

Located: HK_CU:Run, NBJ
command: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
file: C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
size: 1945600
MD5: 8e8237f0468c7ede1480b261e2121367

Located: HK_CU:Run, OnlinePCfix SmoothSurfer
command: C:\Program Files\OnlinePCfix\SmoothSurfer\SS.exe -start
file:

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 8f1862afc3c79c0ea37621e87cc2fe6e

Located: HK_CU:Run, SpyEmergency
command: "C:\Program Files\Spy Emergency 2005\SpyEmergency.exe"
file:

Located: HK_CU:Run, Yahoo! Pager
command: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
file:

Located: HK_CU:Run, MSMSGS (DISABLED)
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: Startup (common), Acrobat Assistant.lnk
command: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
file: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), InterVideo WinCinema Manager.lnk
command: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 237568
MD5: 2e756973deb506be033151bde547f4bf

Located: Startup (common), Kaiser VPN Client.lnk
command: C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
file: C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
size: 1269836
MD5: 639c4eb0e3bc42fcb141ef45cb1fa1b4

Located: Startup (common), QuickBooks Update Agent.lnk
command: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
file: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
size: 806912
MD5: 0029df834c3bfd1008bb78b618125c73

Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: 67b2e7b6ae3b400d832f0456068ea83d

Located: Startup (user), Adobe Gamma.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (user), FaxTalk Messenger Pro 7.0.lnk
command: C:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGR32.EXE
file: C:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGR32.EXE
size: 585728
MD5: e8bf10d4fc3480d2000599108c8320a8

Located: Startup (user), Launch Microsoft Office Outlook.lnk
command: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
file: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 196296
MD5: edb2d35ef459fa287d02206602301e91

Located: Startup (user), Toddler Keys.lnk
command: C:\Documents and Settings\Jon\Application Data\Microsoft\Installer\{59B57716-4626-4EF1-AB4D-3EA14B13082C}\_5e9d489c.exe
file: C:\Documents and Settings\Jon\Application Data\Microsoft\Installer\{59B57716-4626-4EF1-AB4D-3EA14B13082C}\_5e9d489c.exe
size: 766
MD5: 004ba4b735b2879d26f46e3270241c1e

Located: WinLogon, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll

thetechguy
2005-11-04, 11:24
--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 10/30/2005 8:46:48 AM
Date (last access): 11/4/2005 12:32:28 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{00000074-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\voxacm.inf
Codebase: http://codecs.microsoft.com/codecs/i386/voxacm.CAB
description:
classification: Open for discussion
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.

{00000161-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\msaudio.inf
Codebase: http://codecs.microsoft.com/codecs/i386/msaudio.cab
description: Microsoft Audio Codec
classification: Legitimate
known filename: MSAUDIO.CAB
info link:
info source: Patrick M. Kolla

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer:
Codebase:
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla

{254AA86E-5655-4518-AA87-185D7CC41801} (Rescue Technician Console)
DPF name:
CLSID name: Rescue Technician Console
Installer: C:\WINDOWS\Downloaded Program Files\RescueControl.inf
Codebase: https://secure.logmeinrescue.com/TechConsole/RescueControl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: RescueControl.dll
Short name: RESCUE~1.DLL
Date (created): 7/7/2005 5:58:24 PM
Date (last access): 11/4/2005 1:03:36 AM
Date (last write): 10/13/2005 12:06:22 PM
Filesize: 1880800
Attributes: archive
MD5: B61028562302D5555811B3A67F33F9BD
CRC32: 8CB42BD9
Version: 1.0.0.84

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 8/10/2005 8:10:10 PM
Date (last access): 10/31/2005 11:21:02 AM
Date (last write): 11/7/2004 3:29:46 PM
Filesize: 173168
Attributes: archive
MD5: 4C0658E518FA9D08E884DB717A7087AE
CRC32: FFDA1549
Version: 2004.11.7.1

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc2.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 8/27/2003 4:10:30 AM
Date (last access): 11/4/2005 1:11:42 AM
Date (last write): 1/18/2005 12:07:18 AM
Filesize: 326656
Attributes:
MD5: 20393D64F69F26361A97FD9AFB3C9243
CRC32: 0B4DBA7F
Version: 11.0.6466.0

{556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client)
DPF name:
CLSID name: Remote Access ActiveX Client
Installer: C:\WINDOWS\Downloaded Program Files\RACtrl.inf
Codebase: https://secure.logmein.com/activex/RACtrl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: RACtrl.dll
Short name:
Date (created): 9/29/2005 5:19:48 PM
Date (last access): 11/4/2005 12:40:36 AM
Date (last write): 9/29/2005 5:19:48 PM
Filesize: 1282792
Attributes: archive
MD5: 9F6232005A0DD9CFE0E8CC41B485EC0A
CRC32: F7EBA7CB
Version: 1.0.0.222

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_15)
DPF name: Java Runtime Environment 1.3.1_15
CLSID name: Java Plug-in 1.3.1_15
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-1_3_1_15.inf
Codebase: http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\JavaSoft\JRE\1.3.1_15\bin\
Long name: NPJava131_15.dll
Short name: NPJAVA~1.DLL
Date (created): 1/29/2005 2:50:20 PM
Date (last access): 11/1/2005 7:30:26 AM
Date (last write): 12/8/2004 8:40:24 AM
Filesize: 53365
Attributes:
MD5: E3FD389B57416687BD51F6077CAE81A3
CRC32: 5BBA9C9F
Version: 1.3.1.15

{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_15)
DPF name: Java Runtime Environment 1.3.1_15
CLSID name: Java Plug-in 1.3.1_15
Installer: c:\winnt\Downloaded Program Files\jinstall_1_3_1_15.inf
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_15-windows-i586.cab
Path: C:\Program Files\JavaSoft\JRE\1.3.1_15\bin\
Long name: NPJava131_15.dll
Short name: NPJAVA~1.DLL
Date (created): 1/29/2005 2:50:20 PM
Date (last access): 11/4/2005 1:18:04 AM
Date (last write): 12/8/2004 8:40:24 AM
Filesize: 53365
Attributes:
MD5: E3FD389B57416687BD51F6077CAE81A3
CRC32: 5BBA9C9F
Version: 1.3.1.15

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash.ocx
Short name:
Date (created): 4/8/2004 5:51:02 PM
Date (last access): 11/4/2005 12:37:22 AM
Date (last write): 4/8/2004 5:51:02 PM
Filesize: 939368
Attributes: archive
MD5: 2FB1D6FAB135CEE391AB3D70E1C26347
CRC32: 488FA4EC
Version: 7.0.19.0

{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control)
DPF name:
CLSID name: Performance Viewer Activex Control
Installer: C:\WINDOWS\Downloaded Program Files\RACtrl.inf
Codebase: https://secure.logmein.com/activex/ractrl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: RACtrl.dll
Short name:
Date (created): 9/29/2005 5:19:48 PM
Date (last access): 11/4/2005 12:40:36 AM
Date (last write): 9/29/2005 5:19:48 PM
Filesize: 1282792
Attributes: archive
MD5: 9F6232005A0DD9CFE0E8CC41B485EC0A
CRC32: F7EBA7CB
Version: 1.0.0.222

thetechguy
2005-11-04, 11:25
--- Process list ---
PID: 0 ( 0) [System]
PID: 1160 ( 4) \SystemRoot\System32\smss.exe
PID: 1344 (1160) \??\C:\WINDOWS\system32\winlogon.exe
PID: 1388 (1344) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1400 (1344) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1588 (1388) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 280 (1388) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1076 (1388) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1840 (1388) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 235120
MD5: CDAB825C28154669AB35EA731B8E452B
PID: 1872 (1388) C:\WINDOWS\system32\crypserv.exe
size: 52224
MD5: 85A6662B5F12B84D599A74119F04B381
PID: 1932 (1388) C:\Program Files\Kaiser\VPN Client\cvpnd.exe
size: 1282112
MD5: 8B97718424672CAD4AD99D72310C1644
PID: 1956 (1388) C:\Program Files\1208_Fiberlink\Fgrd.exe
size: 57344
MD5: B5D0855755291A3D076A9798BC3911FD
PID: 2020 (1388) C:\Program Files\LogMeIn\RaMaint.exe
size: 58096
MD5: 1638C0EE2F18E2E13611B71CD554E9ED
PID: 772 (1388) C:\Program Files\LogMeIn\LogMeIn.exe
size: 1565424
MD5: 2F9A09346A94DED4C9F62A2706E4A40D
PID: 596 ( 556) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1284 (1388) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1772 (1388) C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
size: 7544916
MD5: 1251256FEFC2B00A7BD603578241F0AD
PID: 2028 (1388) C:\Program Files\Norton AntiVirus\navapsvc.exe
size: 158848
MD5: 106188EE7FCE8C769DEFEC27C1EDB67C
PID: 396 (1388) C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
size: 135168
MD5: 4914A155F9B73317B14F94BBA4A79639
PID: 332 (1388) C:\WINDOWS\System32\nvsvc32.exe
size: 77824
MD5: 8610B4BA98C37BBFF4C46E93039F4D3F
PID: 1612 (1388) C:\Program Files\Norton AntiVirus\SAVScan.exe
size: 194272
MD5: DE337E8649E1970C5663999457A9352F
PID: 1768 ( 596) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 5712B77158FBBB5AB5AEBC396E15499D
PID: 1256 ( 596) C:\PROGRA~1\DAP\DAP.EXE
size: 1069056
MD5: 357C0898B3CC52FF08ED68787DC0E0A8
PID: 2088 ( 596) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
size: 49152
MD5: BB272FCBC0FCF0BF43FE75D81EC17899
PID: 2100 (1388) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2132 ( 596) C:\Program Files\HHVcdV5Sys\VC5Play.exe
size: 176128
MD5: 9AEBA99AD111E10519E6CFF2F4A2DF05
PID: 2208 ( 596) C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
size: 57344
MD5: 7451A022E910FB8E91C7F6D5049A9E83
PID: 2244 ( 596) C:\Program Files\Microsoft IntelliType Pro\type32.exe
size: 172032
MD5: 05E10C2C3736E52FE33D16D2F9C73C04
PID: 2300 (1388) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 585728
MD5: 94D3C8257776019A7A96AF69F62BA509
PID: 2348 ( 596) C:\Program Files\LogMeIn\LogMeInSystray.exe
size: 189168
MD5: 2FDBD9191A9576A3E41EDD230B68297C
PID: 2368 ( 596) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2524 ( 596) C:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe
size: 122880
MD5: 3D29A4BF90DA0A8870FA5167B3DBDA96
PID: 2564 (1388) C:\Program Files\HHVcdV5Sys\VC5SecS.exe
size: 147456
MD5: 0ABB2DD8C150B994385CFDB276B09E03
PID: 2692 (2536) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2716 (1388) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
size: 380928
MD5: 7043DDF51D7135C1D1B83B4213DFED61
PID: 2744 ( 596) C:\Program Files\Eraser\eraser.exe
size: 487424
MD5: E60FA707BCB0AAD4299C0EEF7602FFD4
PID: 2756 ( 596) C:\Program Files\OnlinePCfix\SmoothSurfer\SS.exe
size: 714240
MD5: 5E141022688A47367241740D9D3654FE
PID: 2772 ( 596) C:\Program Files\Microsoft Money\System\mnyexpr.exe
size: 200704
MD5: B0342CDF37F346704708C6D924028A5A
PID: 2804 (1388) C:\WINDOWS\System32\MsPMSPSv.exe
size: 53248
MD5: 668056D5C3C11AB7D266819A96B964E8
PID: 2832 ( 596) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2856 (1388) C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
size: 41025
MD5: E8C30EF9BBC6DDB71F0F77FA3A96515F
PID: 2924 (2856) C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
size: 5751808
MD5: B7AED819A8BD186881D2FBE1E64BA08C
PID: 2972 (1388) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 255600
MD5: 620CC860890D50FD18D5D9508C5551B2
PID: 3248 (2132) C:\Program Files\Virtual CD v5\System\VC5Tray.exe
size: 155648
MD5: C998F0F55B257DF39693CF1E85DF85AA
PID: 3392 ( 596) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 120320
MD5: D7FF5E298A0AD6C01E06BC1B2D202CF6
PID: 3412 ( 596) C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 405583
MD5: A4CE7E9913893E1B59E303CF2A43D5D6
PID: 3460 ( 596) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 8F1862AFC3C79C0EA37621E87CC2FE6E
PID: 3504 ( 596) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78BFE3201ADA2FE02D1E35D2488E5F55
PID: 3676 (1388) C:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGSVC.EXE
size: 147456
MD5: 97ABAC7FD929E42D1BE1653E4CEE0752
PID: 4064 ( 596) C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: 67B2E7B6AE3B400D832F0456068EA83D
PID: 748 (1388) C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
size: 316544
MD5: 67C5AF84809468061121FBCBECB19285
PID: 2428 ( 596) C:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGR32.EXE
size: 585728
MD5: E8BF10D4FC3480D2000599108C8320A8
PID: 2900 ( 596) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 196296
MD5: EDB2D35EF459FA287D02206602301E91
PID: 2992 (3676) C:\Program Files\FaxTalk Messenger Pro 7.0\FAPIEXE.EXE
size: 25088
MD5: 136CF6C7280644EDAFF838B08ED84C52
PID: 3120 ( 596) C:\Program Files\Toddler Keys\Toddler Keys.exe
size: 61440
MD5: 6D81B0F4B3CC960C799F8FEDDABB6C20
PID: 1104 (3392) C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
size: 382976
MD5: 04E65FB737A4AA3A8BC50349C7500CE1
PID: 2432 (3172) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
size: 90112
MD5: 84E9420764BA31B9FE5DC6CE275EAD4C
PID: 2192 (3392) C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
size: 129536
MD5: 69985BA9AFEA7FFA539B1B0F6E524F11
PID: 4812 (1588) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 4728 ( 596) C:\Program Files\Internet Explorer\iexplore.exe
size: 85504
MD5: 3AFD5B645BA12214FCFA165ECEDE43B8
PID: 5584 (1588) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12047560
MD5: 5FEAF6AB43AA477597F9F8DB0E8CB69C
PID: 6808 ( 596) C:\Program Files\Internet Explorer\iexplore.exe
size: 85504
MD5: 3AFD5B645BA12214FCFA165ECEDE43B8
PID: 25172 ( 596) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
PID: 1300 (1160) csrss.exe
PID: 1696 (1388) svchost.exe
PID: 388 (1388) svchost.exe
PID: 740 (1388) svchost.exe
PID: 1828 (1388) svchost.exe
PID: 928 (1388) locator.exe
PID: 2452 (1388) wdfmgr.exe
PID: 1836 (1388) alg.exe

thetechguy
2005-11-04, 11:26
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/4/2005 1:18:06 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
c:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://thetechguyusa.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
www.thetechguyusa.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

thetechguy
2005-11-04, 11:27
--- Winsock Layered Service Provider list ---
Protocol 0: Google Desktop over [MSAFD Tcpip [TCP/IP]]
GUID: {59E73D90-C111-4323-AA42-A4B79D86F38A}
Filename: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

Protocol 1: Google Desktop over [MSAFD Tcpip [UDP/IP]]
GUID: {59E73D90-C111-4323-AA42-A4B79D86F38A}
Filename: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

Protocol 2: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *

Protocol 9: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 10: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 11: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 12: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 13: Google Desktop
GUID: {E5A29CC9-CDB8-4771-BC4F-B09FBEFF9814}
Filename: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

Protocol 14: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 15: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B119F16B-2B7B-45AE-969E-C2B9D28C1F08}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B119F16B-2B7B-45AE-969E-C2B9D28C1F08}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C70662BC-6007-48DF-AB69-850185D0549D}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C70662BC-6007-48DF-AB69-850185D0549D}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B40F3236-C1AB-4671-876A-DD4478F8DA77}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

tashi
2005-11-21, 19:15
http://forums.spybot.info/showthread.php?t=502