Derek_the_Wolves_Fan
2009-08-31, 22:37
Hi all,
As did 'this is a username', I did a scan with spybot today and also found 1 instance of virtumonde.dll. I'm not getting pop ups or anything, but also my internet is running slower.
The registry key that spybot says is infected is the same ie: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
I happen to be using the same version of vista.
I am a bit nervous of just using the instructions provided as I know sometimes you need to be very specific. Are the instructions given OK for everyone to use or do you need to see the spybot report?
Many thanks.
:thanks:
Derek
In case the spybot report is needed, here it is.
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---
2008-08-14 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-08-26 unins000.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi (*)
2009-08-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-25 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-25 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi (*)
2009-08-26 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, Ad-Watch
command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441
Located: HK_LM:Run, CCUTRAYICON
command: "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
file: C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
size: 215256
MD5: D3E15273940EB78870146BF7592666D3
Located: HK_LM:Run, DellSupportCenter
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA
Located: HK_LM:Run, dscactivate
command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
file: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
size: 16384
MD5: 267B3A856E9F4DB1CABD4E6DB71E07D2
Located: HK_LM:Run, ECenter
command: C:\Dell\E-Center\EULALauncher.exe
file: C:\Dell\E-Center\EULALauncher.exe
size: 17920
MD5: D6B7814AA0D1412F0EA77845C0AF7B51
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: FF3BF05021BFECC92DB81B8257EEB026
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
Located: HK_LM:Run, NMSSupport
command: "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
file: C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
size: 439512
MD5: FEC7A0C94B73E46AFEEEEDF53548AAEA
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 8429568
MD5: D4A6BC45D9085120056C22A32B93B95A
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 81920
MD5: 4AFB2A44374C53E5ECBB3CFC44661FBE
Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\nvsvc.dll
size: 86016
MD5: A172FE2A532FE2145247BDB8EE3EBC8E
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
file: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 221184
MD5: 1AAD451CCBECE62987591B35AE8037A8
Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4452352
MD5: 8C7DDBBF366869A61218AB7A6802C3E9
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
Located: HK_LM:Run, TalkTalk
command: "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
file: C:\Program Files\TalkTalk\bin\sprtcmd.exe
size: 202016
MD5: 7685012305BC2C395139BAA9A1D7462E
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_LM:Run, WPCUMI
command: C:\Windows\system32\WpcUmi.exe
file: C:\Windows\system32\WpcUmi.exe
size: 176128
MD5: C456658AF90F42BE3CDF1048F9CDB5CA
Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13
Located: HK_CU:Run, DellSupport
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
Located: HK_CU:Run, DellSupportCenter
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA
Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
Located: HK_CU:Run, Messenger (Yahoo!)
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4351216
MD5: B2A71BBFFB31A196DE001CF94EB8D3B4
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, swg
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: HK_CU:Run, TomTomHOME.exe
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
file: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
size: 247144
MD5: EA0B99460FE002E8588808F297160548
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name:
Date (created): 27/02/2009 13:07:26
Date (last access): 14/03/2009 19:15:02
Date (last write): 27/02/2009 13:07:26
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name:
Date (created): 25/11/2007 23:23:02
Date (last access): 24/04/2009 20:40:36
Date (last write): 24/04/2009 20:40:36
Filesize: 312928
Attributes: archive
MD5: F0F67D3349B5CA1D162A2F29C647F842
CRC32: B48F6120
Version: 1.0.1.200
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 10/09/2008 19:55:32
Date (last access): 18/07/2009 20:32:56
Date (last write): 18/07/2009 20:32:56
Filesize: 1111320
Attributes: archive
MD5: A8F964A2FB9400B81E1483AA5A8B39F5
CRC32: E3F2A2F4
Version: 8.5.0.392
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 06/02/2008 22:36:20
Date (last access): 02/10/2008 21:04:46
Date (last write): 15/09/2008 14:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name:
Date (created): 30/03/2009 16:31:54
Date (last access): 29/06/2009 19:50:52
Date (last write): 30/03/2009 16:31:54
Filesize: 403824
Attributes: archive
MD5: 9144D1A2D7AC4CE489C863E11FC5E478
CRC32: 55343708
Version: 6.500.3146.0
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar.dll
Short name:
Date (created): 12/01/2009 20:16:14
Date (last access): 12/01/2009 20:16:14
Date (last write): 16/06/2009 12:47:48
Filesize: 259696
Attributes: archive
MD5: B2A3EE0D6570BAE9BD90892E0009A6AB
CRC32: 230192E8
Version: 6.1.1715.1442
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\
Long name: swg.dll
Short name:
Date (created): 30/06/2009 10:59:06
Date (last access): 30/06/2009 10:59:06
Date (last write): 30/06/2009 10:59:06
Filesize: 669168
Attributes: archive
MD5: 7C987CAB519BC858FD4DBB6B40EE4BD2
CRC32: 2CC83660
Version: 5.1.1309.15642
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Dictionary Compression sdch
CLSID name: Google Dictionary Compression sdch
Path: C:\Program Files\Google\Google Toolbar\Component\
Long name: fastsearch_A8904FB862BD9564.dll
Short name:
Date (created): 03/05/2009 09:56:00
Date (last access): 03/05/2009 09:56:00
Date (last write): 03/05/2009 09:56:00
Filesize: 470512
Attributes: archive
MD5: E35BCCB1D1D96F8E5B09C72AF70EC3F6
CRC32: 73C702FE
Version: 1.0.610.27482
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Browser Address Error Redirector)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Browser Address Error Redirector
CLSID name: CBrowserHelperObject Object
Path: C:\Program Files\Dell\BAE\
Long name: BAE.dll
Short name:
Date (created): 09/11/2006 10:56:48
Date (last access): 20/11/2007 16:33:50
Date (last write): 09/11/2006 10:56:48
Filesize: 98304
Attributes: archive
MD5: 1A4F60EF6DA38621F1091B0CB0FA2C09
CRC32: 54D81822
Version: 1.2.0.3
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3
--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 21/07/2009 09:18:18
Date (last access): 09/10/2008 11:18:50
Date (last write): 21/07/2009 09:18:18
Filesize: 206264
Attributes: archive
MD5: 349F6A65776365ACBC8EB12A0509AF6A
CRC32: A801793B
Version: 11.5.1.601
{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 21/07/2009 09:18:18
Date (last access): 09/10/2008 11:18:50
Date (last write): 21/07/2009 09:18:18
Filesize: 206264
Attributes: archive
MD5: 349F6A65776365ACBC8EB12A0509AF6A
CRC32: A801793B
Version: 11.5.1.601
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 25/11/2007 17:40:14
Date (last access): 25/11/2007 17:40:14
Date (last write): 30/07/2006 14:25:34
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2
{3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control)
DPF name:
CLSID name: Windows Live OneCare safety scanner control
Installer: C:\Windows\Downloaded Program Files\wlscCtrl2.inf
Codebase: http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
Path: %ProgramFiles%\Windows Live Safety Center\
Long name: wlscCtrl2.dll
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\Windows\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222159915213
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: wuweb.dll
Short name:
Date (created): 18/07/2008 22:08:04
Date (last access): 18/07/2008 22:08:04
Date (last write): 18/07/2008 22:08:04
Filesize: 205000
Attributes: archive
MD5: B39BAFEA128BDD104C2857733F21DE2F
CRC32: F53B9409
Version: 7.2.6001.784
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\Windows\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222117933488
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: muweb.dll
Short name:
Date (created): 18/07/2008 22:07:54
Date (last access): 18/07/2008 22:07:54
Date (last write): 18/07/2008 22:07:54
Filesize: 210976
Attributes: archive
MD5: 5D5DE96F10C6ACDFBEF06125D0EC5890
CRC32: 8B6B8748
Version: 7.2.6001.784
{77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control)
DPF name:
CLSID name: Groove Control
Installer:
Codebase: http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
description:
classification: Open for discussion
known filename: GROOVEAX.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: OTOYAX.dll
Short name:
Date (created): 21/10/2005 16:38:02
Date (last access): 21/10/2005 16:38:02
Date (last write): 21/10/2005 16:38:02
Filesize: 510136
Attributes: archive
MD5: BE3D9B33F73C8A26274AA8CE6DBB43FE
CRC32: E84AE30A
Version: 1.0.29.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name:
Date (created): 09/03/2009 03:53:24
Date (last access): 09/03/2073 06:20:10
Date (last write): 09/03/2009 06:19:10
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3
--- Process list ---
PID: 3700 (1204) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 3832 (2240) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 2528 (1228) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 4552 (3832) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 4596 (3832) C:\Windows\RtHDVCpl.exe
size: 4452352
MD5: 8C7DDBBF366869A61218AB7A6802C3E9
PID: 4608 (3832) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: FF3BF05021BFECC92DB81B8257EEB026
PID: 4620 (3832) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 221184
MD5: 1AAD451CCBECE62987591B35AE8037A8
PID: 4720 (3832) C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
size: 439512
MD5: FEC7A0C94B73E46AFEEEEDF53548AAEA
PID: 4752 (3832) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
size: 215256
MD5: D3E15273940EB78870146BF7592666D3
PID: 4760 (3832) C:\Windows\System32\wpcumi.exe
size: 176128
MD5: C456658AF90F42BE3CDF1048F9CDB5CA
PID: 4768 (3832) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA
PID: 4792 (3832) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 4800 (3832) C:\Program Files\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441
PID: 4828 (3832) C:\Program Files\TalkTalk\bin\sprtcmd.exe
size: 202016
MD5: 7685012305BC2C395139BAA9A1D7462E
PID: 4848 (3832) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
PID: 4856 (3832) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13
PID: 4864 (3832) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
PID: 4872 (3832) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2
PID: 4888 (3832) C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
PID: 4952 (3832) C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
PID: 4976 (4776) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 4992 (3832) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 5036 (3832) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 5096 (3832) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 5124 ( 968) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 3500 ( 968) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
size: 293080
MD5: 0F7DC49086CC3644B45DC58B5998609D
PID: 1280 (4620) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
size: 10752
MD5: C551D15D5D0F875D7BF0BC4FBB6EB2D9
PID: 4100 (3832) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908280
MD5: 0AF842F82CB567E79D065C12E029560C
PID: 1576 (3832) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 488 ( 4) smss.exe
size: 64000
PID: 564 ( 552) csrss.exe
size: 6144
PID: 616 ( 552) wininit.exe
size: 96768
PID: 628 ( 608) csrss.exe
size: 6144
PID: 676 ( 616) services.exe
size: 279552
PID: 740 ( 608) winlogon.exe
size: 314368
PID: 748 ( 616) lsass.exe
size: 9728
PID: 772 ( 616) lsm.exe
size: 229888
PID: 968 ( 676) svchost.exe
size: 21504
PID: 1032 ( 676) svchost.exe
size: 21504
PID: 1072 ( 676) svchost.exe
size: 21504
PID: 1172 ( 676) svchost.exe
size: 21504
PID: 1204 ( 676) svchost.exe
size: 21504
PID: 1228 ( 676) svchost.exe
size: 21504
PID: 1348 (1172) audiodg.exe
size: 88576
PID: 1368 ( 676) svchost.exe
size: 21504
PID: 1384 ( 676) SLsvc.exe
size: 3408896
PID: 1408 ( 676) svchost.exe
size: 21504
PID: 1580 ( 676) svchost.exe
size: 21504
PID: 1600 ( 676) vsmon.exe
PID: 1848 ( 676) AAWService.exe
PID: 1960 ( 676) spoolsv.exe
size: 127488
PID: 1988 ( 676) svchost.exe
size: 21504
PID: 572 (1228) taskeng.exe
size: 169984
PID: 1252 ( 676) a2service.exe
PID: 1520 ( 676) AlertService.exe
PID: 1652 ( 676) AppleMobileDeviceService.exe
PID: 1828 ( 676) avgwdsvc.exe
PID: 2036 ( 676) mDNSResponder.exe
PID: 340 ( 676) CDAC11BA.EXE
PID: 432 ( 676) DQLWinService.exe
PID: 908 ( 676) KService.exe
PID: 2116 (2072) GoogleCrashHandler.exe
PID: 2168 (1828) avgrsx.exe
PID: 2392 ( 676) NMSCore.exe
PID: 2432 ( 676) svchost.exe
size: 21504
PID: 2464 ( 676) QualityManager.exe
PID: 2504 ( 676) RoxWatch9.exe
PID: 2584 ( 676) sprtsvc.exe
PID: 2640 ( 676) sprtsvc.exe
PID: 2672 ( 676) svchost.exe
size: 21504
PID: 2724 ( 676) tgsrvc.exe
PID: 2740 ( 676) TomTomHOMEService.exe
PID: 2804 ( 676) svchost.exe
size: 21504
PID: 2820 ( 676) WLIDSVC.EXE
PID: 2952 ( 676) SearchIndexer.exe
size: 441344
PID: 3024 ( 676) YahooAUService.exe
PID: 3156 ( 676) issm.exe
PID: 3192 ( 676) MCLServiceATL.exe
PID: 3368 ( 676) SDWinSec.exe
size: 809296
MD5: C4CB6FA165448681EE81B00819114704
PID: 3852 (2820) WLIDSVCM.EXE
PID: 3880 ( 676) Remote UI Service.exe
PID: 3924 ( 676) mediaserver.exe
PID: 3760 (1228) taskeng.exe
size: 169984
PID: 3120 (3760) AWC.exe
PID: 4196 ( 676) RoxMediaDB9.exe
PID: 4244 ( 968) unsecapp.exe
PID: 4392 ( 968) WmiPrvSE.exe
PID: 5480 ( 676) wmpnetwk.exe
PID: 3080 ( 676) iPodService.exe
PID: 5972 (5412) notepad.exe
size: 151040
PID: 1164 ( 676) TrustedInstaller.exe
PID: 5568 ( 676) svchost.exe
size: 21504
PID: 3576 ( 480) MpCmdRun.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 31/08/2009 20:29:18
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://login.yahoo.com/config/mail?.intl=uk&.src=ym&.done=http://uk.mail.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
--- Winsock Layered Service Provider list ---
Protocol 0: Parental Controls LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {2D292C25-7584-489B-B15A-289EE2ABE01B}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 1: Parental Controls LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {1E52807A-CE33-4042-A02E-810820B3B698}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 2: Parental Controls LSP over [MSAFD Tcpip [TCP/IPv6]]
GUID: {4A00445D-7D88-4A61-BDE2-FB3B784487BD}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 3: Parental Controls LSP over [MSAFD Tcpip [UDP/IPv6]]
GUID: {1B3B790C-E804-451D-A6D8-800F06116104}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 4: Parental Controls LSP over [RSVP TCPv6 Service Provider]
GUID: {A9655C03-5200-49F8-B270-779F62EF6E02}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 5: Parental Controls LSP over [RSVP TCP Service Provider]
GUID: {680ED6D1-2975-4CEF-86A7-FBEBC30097F0}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 6: Parental Controls LSP over [RSVP UDPv6 Service Provider]
GUID: {33C1ECF6-BF82-48E3-BB56-FA1A6A2216DC}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 7: Parental Controls LSP over [RSVP UDP Service Provider]
GUID: {C8A53BB3-8372-4757-B16A-5069CD2E676B}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 8: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 9: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 10: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 11: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 12: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 13: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 14: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 15: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 16: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 17: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 18: Parental Controls LSP
GUID: {572F18CF-62F6-4456-BE0E-AF2D8FDBCE0B}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{475AAFD1-557C-4618-B1E6-32ADDB7E7CB4}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{475AAFD1-557C-4618-B1E6-32ADDB7E7CB4}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Namespace Provider 5: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 6: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
As did 'this is a username', I did a scan with spybot today and also found 1 instance of virtumonde.dll. I'm not getting pop ups or anything, but also my internet is running slower.
The registry key that spybot says is infected is the same ie: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
I happen to be using the same version of vista.
I am a bit nervous of just using the instructions provided as I know sometimes you need to be very specific. Are the instructions given OK for everyone to use or do you need to see the spybot report?
Many thanks.
:thanks:
Derek
In case the spybot report is needed, here it is.
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---
2008-08-14 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-08-26 unins000.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi (*)
2009-08-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-25 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-25 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi (*)
2009-08-26 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, Ad-Watch
command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441
Located: HK_LM:Run, CCUTRAYICON
command: "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
file: C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
size: 215256
MD5: D3E15273940EB78870146BF7592666D3
Located: HK_LM:Run, DellSupportCenter
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA
Located: HK_LM:Run, dscactivate
command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
file: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
size: 16384
MD5: 267B3A856E9F4DB1CABD4E6DB71E07D2
Located: HK_LM:Run, ECenter
command: C:\Dell\E-Center\EULALauncher.exe
file: C:\Dell\E-Center\EULALauncher.exe
size: 17920
MD5: D6B7814AA0D1412F0EA77845C0AF7B51
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: FF3BF05021BFECC92DB81B8257EEB026
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
Located: HK_LM:Run, NMSSupport
command: "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
file: C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
size: 439512
MD5: FEC7A0C94B73E46AFEEEEDF53548AAEA
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 8429568
MD5: D4A6BC45D9085120056C22A32B93B95A
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 81920
MD5: 4AFB2A44374C53E5ECBB3CFC44661FBE
Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\nvsvc.dll
size: 86016
MD5: A172FE2A532FE2145247BDB8EE3EBC8E
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
file: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 221184
MD5: 1AAD451CCBECE62987591B35AE8037A8
Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4452352
MD5: 8C7DDBBF366869A61218AB7A6802C3E9
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
Located: HK_LM:Run, TalkTalk
command: "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
file: C:\Program Files\TalkTalk\bin\sprtcmd.exe
size: 202016
MD5: 7685012305BC2C395139BAA9A1D7462E
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_LM:Run, WPCUMI
command: C:\Windows\system32\WpcUmi.exe
file: C:\Windows\system32\WpcUmi.exe
size: 176128
MD5: C456658AF90F42BE3CDF1048F9CDB5CA
Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13
Located: HK_CU:Run, DellSupport
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
Located: HK_CU:Run, DellSupportCenter
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA
Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
Located: HK_CU:Run, Messenger (Yahoo!)
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4351216
MD5: B2A71BBFFB31A196DE001CF94EB8D3B4
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, swg
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: HK_CU:Run, TomTomHOME.exe
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
file: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
size: 247144
MD5: EA0B99460FE002E8588808F297160548
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name:
Date (created): 27/02/2009 13:07:26
Date (last access): 14/03/2009 19:15:02
Date (last write): 27/02/2009 13:07:26
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name:
Date (created): 25/11/2007 23:23:02
Date (last access): 24/04/2009 20:40:36
Date (last write): 24/04/2009 20:40:36
Filesize: 312928
Attributes: archive
MD5: F0F67D3349B5CA1D162A2F29C647F842
CRC32: B48F6120
Version: 1.0.1.200
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 10/09/2008 19:55:32
Date (last access): 18/07/2009 20:32:56
Date (last write): 18/07/2009 20:32:56
Filesize: 1111320
Attributes: archive
MD5: A8F964A2FB9400B81E1483AA5A8B39F5
CRC32: E3F2A2F4
Version: 8.5.0.392
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 06/02/2008 22:36:20
Date (last access): 02/10/2008 21:04:46
Date (last write): 15/09/2008 14:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name:
Date (created): 30/03/2009 16:31:54
Date (last access): 29/06/2009 19:50:52
Date (last write): 30/03/2009 16:31:54
Filesize: 403824
Attributes: archive
MD5: 9144D1A2D7AC4CE489C863E11FC5E478
CRC32: 55343708
Version: 6.500.3146.0
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar.dll
Short name:
Date (created): 12/01/2009 20:16:14
Date (last access): 12/01/2009 20:16:14
Date (last write): 16/06/2009 12:47:48
Filesize: 259696
Attributes: archive
MD5: B2A3EE0D6570BAE9BD90892E0009A6AB
CRC32: 230192E8
Version: 6.1.1715.1442
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\
Long name: swg.dll
Short name:
Date (created): 30/06/2009 10:59:06
Date (last access): 30/06/2009 10:59:06
Date (last write): 30/06/2009 10:59:06
Filesize: 669168
Attributes: archive
MD5: 7C987CAB519BC858FD4DBB6B40EE4BD2
CRC32: 2CC83660
Version: 5.1.1309.15642
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Dictionary Compression sdch
CLSID name: Google Dictionary Compression sdch
Path: C:\Program Files\Google\Google Toolbar\Component\
Long name: fastsearch_A8904FB862BD9564.dll
Short name:
Date (created): 03/05/2009 09:56:00
Date (last access): 03/05/2009 09:56:00
Date (last write): 03/05/2009 09:56:00
Filesize: 470512
Attributes: archive
MD5: E35BCCB1D1D96F8E5B09C72AF70EC3F6
CRC32: 73C702FE
Version: 1.0.610.27482
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Browser Address Error Redirector)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Browser Address Error Redirector
CLSID name: CBrowserHelperObject Object
Path: C:\Program Files\Dell\BAE\
Long name: BAE.dll
Short name:
Date (created): 09/11/2006 10:56:48
Date (last access): 20/11/2007 16:33:50
Date (last write): 09/11/2006 10:56:48
Filesize: 98304
Attributes: archive
MD5: 1A4F60EF6DA38621F1091B0CB0FA2C09
CRC32: 54D81822
Version: 1.2.0.3
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3
--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 21/07/2009 09:18:18
Date (last access): 09/10/2008 11:18:50
Date (last write): 21/07/2009 09:18:18
Filesize: 206264
Attributes: archive
MD5: 349F6A65776365ACBC8EB12A0509AF6A
CRC32: A801793B
Version: 11.5.1.601
{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 21/07/2009 09:18:18
Date (last access): 09/10/2008 11:18:50
Date (last write): 21/07/2009 09:18:18
Filesize: 206264
Attributes: archive
MD5: 349F6A65776365ACBC8EB12A0509AF6A
CRC32: A801793B
Version: 11.5.1.601
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 25/11/2007 17:40:14
Date (last access): 25/11/2007 17:40:14
Date (last write): 30/07/2006 14:25:34
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2
{3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control)
DPF name:
CLSID name: Windows Live OneCare safety scanner control
Installer: C:\Windows\Downloaded Program Files\wlscCtrl2.inf
Codebase: http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
Path: %ProgramFiles%\Windows Live Safety Center\
Long name: wlscCtrl2.dll
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\Windows\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222159915213
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: wuweb.dll
Short name:
Date (created): 18/07/2008 22:08:04
Date (last access): 18/07/2008 22:08:04
Date (last write): 18/07/2008 22:08:04
Filesize: 205000
Attributes: archive
MD5: B39BAFEA128BDD104C2857733F21DE2F
CRC32: F53B9409
Version: 7.2.6001.784
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\Windows\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222117933488
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: muweb.dll
Short name:
Date (created): 18/07/2008 22:07:54
Date (last access): 18/07/2008 22:07:54
Date (last write): 18/07/2008 22:07:54
Filesize: 210976
Attributes: archive
MD5: 5D5DE96F10C6ACDFBEF06125D0EC5890
CRC32: 8B6B8748
Version: 7.2.6001.784
{77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control)
DPF name:
CLSID name: Groove Control
Installer:
Codebase: http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
description:
classification: Open for discussion
known filename: GROOVEAX.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: OTOYAX.dll
Short name:
Date (created): 21/10/2005 16:38:02
Date (last access): 21/10/2005 16:38:02
Date (last write): 21/10/2005 16:38:02
Filesize: 510136
Attributes: archive
MD5: BE3D9B33F73C8A26274AA8CE6DBB43FE
CRC32: E84AE30A
Version: 1.0.29.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name:
Date (created): 09/03/2009 03:53:24
Date (last access): 09/03/2073 06:20:10
Date (last write): 09/03/2009 06:19:10
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3
--- Process list ---
PID: 3700 (1204) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 3832 (2240) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 2528 (1228) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 4552 (3832) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 4596 (3832) C:\Windows\RtHDVCpl.exe
size: 4452352
MD5: 8C7DDBBF366869A61218AB7A6802C3E9
PID: 4608 (3832) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: FF3BF05021BFECC92DB81B8257EEB026
PID: 4620 (3832) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 221184
MD5: 1AAD451CCBECE62987591B35AE8037A8
PID: 4720 (3832) C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
size: 439512
MD5: FEC7A0C94B73E46AFEEEEDF53548AAEA
PID: 4752 (3832) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
size: 215256
MD5: D3E15273940EB78870146BF7592666D3
PID: 4760 (3832) C:\Windows\System32\wpcumi.exe
size: 176128
MD5: C456658AF90F42BE3CDF1048F9CDB5CA
PID: 4768 (3832) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA
PID: 4792 (3832) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 4800 (3832) C:\Program Files\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441
PID: 4828 (3832) C:\Program Files\TalkTalk\bin\sprtcmd.exe
size: 202016
MD5: 7685012305BC2C395139BAA9A1D7462E
PID: 4848 (3832) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
PID: 4856 (3832) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13
PID: 4864 (3832) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
PID: 4872 (3832) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2
PID: 4888 (3832) C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
PID: 4952 (3832) C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
PID: 4976 (4776) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 4992 (3832) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 5036 (3832) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 5096 (3832) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 5124 ( 968) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 3500 ( 968) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
size: 293080
MD5: 0F7DC49086CC3644B45DC58B5998609D
PID: 1280 (4620) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
size: 10752
MD5: C551D15D5D0F875D7BF0BC4FBB6EB2D9
PID: 4100 (3832) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908280
MD5: 0AF842F82CB567E79D065C12E029560C
PID: 1576 (3832) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 488 ( 4) smss.exe
size: 64000
PID: 564 ( 552) csrss.exe
size: 6144
PID: 616 ( 552) wininit.exe
size: 96768
PID: 628 ( 608) csrss.exe
size: 6144
PID: 676 ( 616) services.exe
size: 279552
PID: 740 ( 608) winlogon.exe
size: 314368
PID: 748 ( 616) lsass.exe
size: 9728
PID: 772 ( 616) lsm.exe
size: 229888
PID: 968 ( 676) svchost.exe
size: 21504
PID: 1032 ( 676) svchost.exe
size: 21504
PID: 1072 ( 676) svchost.exe
size: 21504
PID: 1172 ( 676) svchost.exe
size: 21504
PID: 1204 ( 676) svchost.exe
size: 21504
PID: 1228 ( 676) svchost.exe
size: 21504
PID: 1348 (1172) audiodg.exe
size: 88576
PID: 1368 ( 676) svchost.exe
size: 21504
PID: 1384 ( 676) SLsvc.exe
size: 3408896
PID: 1408 ( 676) svchost.exe
size: 21504
PID: 1580 ( 676) svchost.exe
size: 21504
PID: 1600 ( 676) vsmon.exe
PID: 1848 ( 676) AAWService.exe
PID: 1960 ( 676) spoolsv.exe
size: 127488
PID: 1988 ( 676) svchost.exe
size: 21504
PID: 572 (1228) taskeng.exe
size: 169984
PID: 1252 ( 676) a2service.exe
PID: 1520 ( 676) AlertService.exe
PID: 1652 ( 676) AppleMobileDeviceService.exe
PID: 1828 ( 676) avgwdsvc.exe
PID: 2036 ( 676) mDNSResponder.exe
PID: 340 ( 676) CDAC11BA.EXE
PID: 432 ( 676) DQLWinService.exe
PID: 908 ( 676) KService.exe
PID: 2116 (2072) GoogleCrashHandler.exe
PID: 2168 (1828) avgrsx.exe
PID: 2392 ( 676) NMSCore.exe
PID: 2432 ( 676) svchost.exe
size: 21504
PID: 2464 ( 676) QualityManager.exe
PID: 2504 ( 676) RoxWatch9.exe
PID: 2584 ( 676) sprtsvc.exe
PID: 2640 ( 676) sprtsvc.exe
PID: 2672 ( 676) svchost.exe
size: 21504
PID: 2724 ( 676) tgsrvc.exe
PID: 2740 ( 676) TomTomHOMEService.exe
PID: 2804 ( 676) svchost.exe
size: 21504
PID: 2820 ( 676) WLIDSVC.EXE
PID: 2952 ( 676) SearchIndexer.exe
size: 441344
PID: 3024 ( 676) YahooAUService.exe
PID: 3156 ( 676) issm.exe
PID: 3192 ( 676) MCLServiceATL.exe
PID: 3368 ( 676) SDWinSec.exe
size: 809296
MD5: C4CB6FA165448681EE81B00819114704
PID: 3852 (2820) WLIDSVCM.EXE
PID: 3880 ( 676) Remote UI Service.exe
PID: 3924 ( 676) mediaserver.exe
PID: 3760 (1228) taskeng.exe
size: 169984
PID: 3120 (3760) AWC.exe
PID: 4196 ( 676) RoxMediaDB9.exe
PID: 4244 ( 968) unsecapp.exe
PID: 4392 ( 968) WmiPrvSE.exe
PID: 5480 ( 676) wmpnetwk.exe
PID: 3080 ( 676) iPodService.exe
PID: 5972 (5412) notepad.exe
size: 151040
PID: 1164 ( 676) TrustedInstaller.exe
PID: 5568 ( 676) svchost.exe
size: 21504
PID: 3576 ( 480) MpCmdRun.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 31/08/2009 20:29:18
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://login.yahoo.com/config/mail?.intl=uk&.src=ym&.done=http://uk.mail.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
--- Winsock Layered Service Provider list ---
Protocol 0: Parental Controls LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {2D292C25-7584-489B-B15A-289EE2ABE01B}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 1: Parental Controls LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {1E52807A-CE33-4042-A02E-810820B3B698}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 2: Parental Controls LSP over [MSAFD Tcpip [TCP/IPv6]]
GUID: {4A00445D-7D88-4A61-BDE2-FB3B784487BD}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 3: Parental Controls LSP over [MSAFD Tcpip [UDP/IPv6]]
GUID: {1B3B790C-E804-451D-A6D8-800F06116104}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 4: Parental Controls LSP over [RSVP TCPv6 Service Provider]
GUID: {A9655C03-5200-49F8-B270-779F62EF6E02}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 5: Parental Controls LSP over [RSVP TCP Service Provider]
GUID: {680ED6D1-2975-4CEF-86A7-FBEBC30097F0}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 6: Parental Controls LSP over [RSVP UDPv6 Service Provider]
GUID: {33C1ECF6-BF82-48E3-BB56-FA1A6A2216DC}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 7: Parental Controls LSP over [RSVP UDP Service Provider]
GUID: {C8A53BB3-8372-4757-B16A-5069CD2E676B}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 8: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 9: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 10: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 11: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 12: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 13: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 14: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 15: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 16: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 17: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 18: Parental Controls LSP
GUID: {572F18CF-62F6-4456-BE0E-AF2D8FDBCE0B}
Filename: C:\Windows\system32\wpclsp.dll
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{475AAFD1-557C-4618-B1E6-32ADDB7E7CB4}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{475AAFD1-557C-4618-B1E6-32ADDB7E7CB4}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Namespace Provider 5: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 6: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS