View Full Version : fakemsn8beta
I am having problems with my daughter's lap top, run spybot, get fakemsn8beta, delete but keeps coming back...followed a couple suggestions, not working...home page has changed..attached is my report
Please help...
Could not post my report, too big...please help, not sure what to do to remove this...my daughter got a msn message that said, is this you and she clicked on it but nothing happened...if you know how to fix this, please let me know...thanks
--- Search result list ---
FakeMSN8Beta: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-3894468607-1231869141-18746736-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows\run=...C:\WINDOWS\system32\*\csrss.exe...
FakeMSN8Beta: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-3894468607-1231869141-18746736-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows\load=...C:\WINDOWS\system32\*\csrss.exe...
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-08-17 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-01 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-12-01 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-01 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-01 Includes\KeyloggersC.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-12-01 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-01 Includes\PUPSC.sbi (*)
2006-12-01 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-12-01 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-01 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-01 Includes\Trojans.sbi (*)
2006-12-01 Includes\TrojansC.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB884018
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885855
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB889673
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB893056
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Hotfix for Windows XP (KB893357)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB894871)
/ Windows XP / SP3: Hotfix for Windows XP (KB896256)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Update for Windows XP (KB912945)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88203
MD5: f2b869d0b4b765f573bb7b7f80b09dc3
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8b4cbba1ea526830c7f97e7822e2493a
Located: HK_LM:Run, CFSServ.exe
command: CFSServ.exe -NoClient
file:
Located: HK_LM:Run, DLA
command: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
file: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: e3a9c76ad9192c82f80326ecdda21c34
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 926a397334fe426a6c7657096fe681db
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: e822ba2db5811e6c8491e24c710d3455
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 2738657127e7c3d08399d3943d0c5c0e
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 98304
MD5: 58d794455a6cea851d13274224e42730
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 602182
MD5: d4830448b45cdd45f4285dc6e152764f
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 667718
MD5: 5a6acff04d39d4c16f1ff52682c3b1b0
Located: HK_LM:Run, LogitechVideoRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 458752
MD5: 3d9d5aa7b8a3d9f447274599d3efb578
Located: HK_LM:Run, LogitechVideoTray
command: C:\Program Files\Logitech\Video\LogiTray.exe
file: C:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: ee2a9192a73d51e7f4d9099fc35c32d0
Located: HK_LM:Run, LtMoh
command: C:\Program Files\ltmoh\Ltmoh.exe
file: C:\Program Files\ltmoh\Ltmoh.exe
size: 184320
MD5: 33fba26946fb3bf16294561c97b35e76
Located: HK_LM:Run, LVCOMSX
command: C:\WINDOWS\system32\LVCOMSX.EXE
file: C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: bcd419d4ea19087e91601c1c2914323a
Located: HK_LM:Run, NDSTray.exe
command: NDSTray.exe
file:
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 15691264
MD5: dea4ac5b44f5a7e4e3da071d0cdb0740
Located: HK_LM:Run, SmoothView
command: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
file: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
size: 122880
MD5: 021e0887ae43636f583e649afeb3c767
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761948
MD5: 6668b0e0b95e75ce3f3c8f737830f320
Located: HK_LM:Run, TDispVol
command: TDispVol.exe
file: C:\WINDOWS\system32\TDispVol.exe
size: 73728
MD5: fc554c13105ad3fa35ab49943df021b2
Located: HK_LM:Run, TFncKy
command: TFncKy.exe
file:
Located: HK_LM:Run, THotkey
command: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
file: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
size: 352256
MD5: 2c0970fbc5a9fb5633b8d80671b3b5c9
Located: HK_LM:Run, TPSMain
command: TPSMain.exe
file: C:\WINDOWS\system32\TPSMain.exe
size: 282624
MD5: 1812d1bb1fad95017c613f927eac8147
Located: HK_LM:Run, Tvs
command: C:\Program Files\Toshiba\Tvs\TvsTray.exe
file: C:\Program Files\Toshiba\Tvs\TvsTray.exe
size: 73728
MD5: 74387d88985987acdf294cca1622640e
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 777424
MD5: 3207bba7a51043ff2c5d64df4c3b6310
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, E07ADXRC_1319812
command: "C:\Program Files\Microsoft Encarta\Encarta Premium 2007\EDICT.EXE" -m
file: C:\Program Files\Microsoft Encarta\Encarta Premium 2007\EDICT.EXE
size: 351000
MD5: 554bdeb0453e42c5cac7e7181e74e246
Located: HK_CU:Run, LogitechSoftwareUpdate
command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
file: C:\Program Files\Logitech\Video\ManifestEngine.exe
size: 196608
MD5: c1913a21cb3a7bf314641acf0a8f81c9
Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5354792
MD5: c1ee2387ede907599ee3a6de9493f672
Located: HK_CU:Run, TOSCDSPD
command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: d8cf04e65081018cf3379b0fc02ffcbb
Located: HK_CU:Run, updateMgr
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
file:
Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 288472
MD5: 4543367e50bd35e7d1269d42841b156e
Located: Startup (common), Picture Package Menu.lnk
command: C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
file: C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
size: 151552
MD5: f15fcbb20fe82674f48a60a37e5ba45a
Located: Startup (common), Picture Package VCD Maker.lnk
command: C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
file: C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
size: 106496
MD5: cd7db8bf7f82f78e89e0ac0f58dcb3b0
Located: Startup (common), RAMASST.lnk
command: C:\WINDOWS\system32\RAMASST.exe
file: C:\WINDOWS\system32\RAMASST.exe
size: 155648
MD5: 5648152ad2ccab0265eab9711755f484
Located: Startup (user), csrss.lnk
command:
file:
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, igfxcui
command: igfxdev.dll
file: igfxdev.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 9/23/2005 11:12:08 PM
Date (last access): 12/3/2006 8:18:32 PM
Date (last write): 9/23/2005 11:12:08 PM
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 7.0.5.172
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 8/17/2006 8:27:04 PM
Date (last access): 12/3/2006 9:34:02 PM
Date (last write): 5/31/2005 12:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\System32\DLA\
Long name: DLASHX_W.DLL
Short name:
Date (created): 2/21/2006 10:31:56 AM
Date (last access): 12/3/2006 9:33:22 PM
Date (last write): 10/6/2005 8:20:00 AM
Filesize: 110652
Attributes: archive
MD5: 94D61FA6DF58A22F139121B945D22083
CRC32: 1184FD8B
Version: 5.20.9.0
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 7/7/2006 11:29:52 AM
Date (last access): 12/3/2006 8:18:32 PM
Date (last write): 7/7/2006 11:29:52 AM
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 4.0.249.1
{955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Helper Object)
BHO name: Encarta Web Companion Helper Object
CLSID name: Encarta Web Companion Helper Object
Path: C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\
Long name: ENCWCBAR.DLL
Short name:
Date (created): 6/10/2006 4:11:28 AM
Date (last access): 12/3/2006 9:32:42 PM
Date (last write): 6/10/2006 4:11:28 AM
Filesize: 256792
Attributes: archive
MD5: 6C5BEBC36A199B438B593E9A4DCD21F4
CRC32: DB2A973A
Version: 16.0.4023.606
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 7/7/2006 4:27:44 PM
Date (last access): 12/3/2006 8:18:32 PM
Date (last write): 10/10/2006 11:26:40 PM
Filesize: 544032
Attributes: archive
MD5: D638AFC241FCC42D15886CD26A3F1461
CRC32: EC0AD183
Version: 3.1.0.72
--- ActiveX list ---
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name: m
Date (created): 11/17/2005 10:12:26 PM
Date (last access): 12/3/2006 8:44:40 PM
Date (last write): 11/17/2005 10:12:26 PM
Filesize: 533504
Attributes: archive
MD5: 24F3058766D5FC3FD0F37F6D6EE6FE9B
CRC32: F1FAEDE3
Version: 12.0.3208.1014
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf
Codebase: http://lilprincess1621liv.spaces.live.com//PhotoUpload/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 6/20/2006 2:44:04 PM
Date (last access): 12/3/2006 8:43:18 PM
Date (last write): 6/20/2006 2:44:04 PM
Filesize: 379704
Attributes: archive
MD5: D2FB109C3F0DAAAA4A73E5921656DB3E
CRC32: A13093E8
Version: 10.0.913.0
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155279985609
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 2/21/2006 5:33:42 AM
Date (last access): 11/29/2006 9:04:54 PM
Date (last write): 5/26/2005 3:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155280052390
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 3:19:32 AM
Date (last access): 11/29/2006 9:05:56 PM
Date (last write): 5/26/2005 3:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9.ocx
Short name:
Date (created): 6/22/2006 12:44:22 PM
Date (last access): 12/3/2006 7:50:12 PM
Date (last write): 6/22/2006 12:44:22 PM
Filesize: 2201224
Attributes: readonly archive
MD5: 99F80CA1EBE95677668F54CAC6F4AD6D
CRC32: B7385E3B
Version: 9.0.16.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 768 ( 4) \SystemRoot\System32\smss.exe
PID: 820 ( 768) \??\C:\WINDOWS\system32\csrss.exe
PID: 844 ( 768) \??\C:\WINDOWS\system32\winlogon.exe
PID: 888 ( 844) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 900 ( 844) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1076 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1164 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1212 ( 888) C:\Program Files\Windows Defender\MsMpEng.exe
size: 14032
MD5: E7E81C6BCD697F5921DF6D6781D2673D
PID: 1268 ( 888) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1348 ( 888) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 114753
MD5: 56DED3ADE453272E6A0AD582D945D1A4
PID: 1404 ( 888) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 540745
MD5: 6C5155CC0E805C7BE6028BFF7AC14524
PID: 1520 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1588 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1904 ( 888) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 116 ( 888) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 281088
MD5: 07C595396C6F4631E88F9792E1BECD7E
PID: 152 ( 888) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
size: 40960
MD5: 3CB0CC8879956C187E87E18634EE5164
PID: 220 ( 888) C:\WINDOWS\system32\DVDRAMSV.exe
size: 110592
MD5: C9FFBD6B8EDC46CD3D13E3C6DB914FB7
PID: 268 ( 888) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 332 ( 888) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 217164
MD5: 1B2857EF12D79A9F9ADBA14B0637CBF8
PID: 360 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 512 ( 888) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
size: 35328
MD5: 90861642FD6D8FAFB1408EE26FA93CB4
PID: 656 ( 888) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 240 ( 472) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1492 ( 240) C:\WINDOWS\system32\iulzolacd\csrss.exe
size: 75776
MD5: 989888211F2D09A853DDB5C6BE1F174D
PID: 1556 ( 240) C:\WINDOWS\AGRSMMSG.exe
size: 88203
MD5: F2B869D0B4B765F573BB7B7F80B09DC3
PID: 1576 ( 240) C:\WINDOWS\RTHDCPL.EXE
size: 15691264
MD5: DEA4AC5B44F5A7E4E3DA071D0CDB0740
PID: 2024 ( 240) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 978944
MD5: F1596B4720E67B478357C21682D8163A
PID: 160 ( 240) C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: E3A9C76AD9192C82F80326ECDDA21C34
PID: 140 ( 240) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
size: 122880
MD5: 021E0887AE43636F583E649AFEB3C767
PID: 1436 ( 240) C:\Program Files\Toshiba\Tvs\TvsTray.exe
size: 73728
MD5: 74387D88985987ACDF294CCA1622640E
PID: 1432 ( 240) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
size: 352256
MD5: 2C0970FBC5A9FB5633B8D80671B3B5C9
PID: 1536 ( 240) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
size: 188416
MD5: DE7ADBA97297AB81C6E11652AFFFD674
PID: 1772 ( 240) C:\WINDOWS\system32\TDispVol.exe
size: 73728
MD5: FC554C13105AD3FA35AB49943DF021B2
PID: 2060 ( 240) C:\Program Files\ltmoh\Ltmoh.exe
size: 184320
MD5: 33FBA26946FB3BF16294561C97B35E76
PID: 2068 (1076) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 2080 ( 240) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761948
MD5: 6668B0E0B95E75CE3F3C8F737830F320
PID: 2104 ( 240) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 667718
MD5: 5A6ACFF04D39D4C16F1FF52682C3B1B0
PID: 2148 ( 240) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 602182
MD5: D4830448B45CDD45F4285DC6E152764F
PID: 2196 (2080) C:\Program Files\Synaptics\SynTP\Toshiba.exe
size: 151552
MD5: 5B935E585843F667561A794BA59978D0
PID: 2208 ( 888) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2244 (1076) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5354792
MD5: C1EE2387EDE907599EE3A6DE9493F672
PID: 2256 ( 240) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: E822BA2DB5811E6C8491E24C710D3455
PID: 2472 ( 240) C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 2738657127E7C3D08399D3943D0C5C0E
PID: 2616 ( 240) C:\WINDOWS\system32\TPSMain.exe
size: 282624
MD5: 1812D1BB1FAD95017C613F927EAC8147
PID: 2656 ( 240) C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
size: 798720
MD5: B6887A8315C81D429E266725C04EC9AE
PID: 2680 ( 240) C:\Program Files\Windows Defender\MSASCui.exe
size: 777424
MD5: 3207BBA7A51043FF2C5D64DF4C3B6310
PID: 2764 ( 240) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 926A397334FE426A6C7657096FE681DB
PID: 2796 ( 240) C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: BCD419D4EA19087E91601C1C2914323A
PID: 3396 ( 240) C:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: EE2A9192A73D51E7F4D9099FC35C32D0
PID: 3424 (1076) C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
size: 397381
MD5: 0335FD5493864EAC41785FA92C3D5E1D
PID: 3500 ( 240) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
PID: 3796 (2616) C:\WINDOWS\system32\TPSBattM.exe
size: 45056
MD5: 1822A66A82433F83195B170592F8A7D8
PID: 3844 ( 240) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 4036 ( 240) C:\Program Files\Microsoft Encarta\Encarta Premium 2007\EDICT.EXE
size: 351000
MD5: 554BDEB0453E42C5CAC7E7181E74E246
PID: 3556 ( 240) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 288472
MD5: 4543367E50BD35E7D1269D42841B156E
PID: 3584 ( 240) C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
size: 151552
MD5: F15FCBB20FE82674F48A60A37E5BA45A
PID: 3620 ( 240) C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
size: 106496
MD5: CD7DB8BF7F82F78E89E0AC0F58DCB3B0
PID: 3740 ( 240) C:\WINDOWS\system32\RAMASST.exe
size: 155648
MD5: 5648152AD2CCAB0265EAB9711755F484
PID: 2972 (1076) C:\Program Files\Logitech\Video\FxSvr2.exe
size: 192512
MD5: F0D7CFBE4ED807D5801950556FD418A1
PID: 3724 (3556) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
size: 239320
MD5: 88029974B1C9995CFA3BD9560BBA2EEF
PID: 3872 ( 888) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3820 (1076) C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
size: 117528
MD5: 4235E14D817F38E4F07C1858C223C7A8
PID: 1116 ( 240) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3960 ( 240) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3184 ( 888) C:\WINDOWS\system32\HPZipm12.exe
size: 69632
MD5: 45E333C6B7197ED61C70736472F3703B
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/3/2006 9:36:48 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.virushelpzone.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D7A75C5-DB98-4131-BCFF-5A0212A19861}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D7A75C5-DB98-4131-BCFF-5A0212A19861}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3583395C-24C3-48EE-9308-2AEDF7AA1E1C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3583395C-24C3-48EE-9308-2AEDF7AA1E1C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8B5A62EB-4427-474A-9A9A-8F6A4356970A}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8B5A62EB-4427-474A-9A9A-8F6A4356970A}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D945821-2C84-46C4-A83C-744C45DBEB43}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D945821-2C84-46C4-A83C-744C45DBEB43}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{41F8C6E6-AFC8-40FB-AB9E-4B2D61990A8B}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{41F8C6E6-AFC8-40FB-AB9E-4B2D61990A8B}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{423D6FB0-BB8E-42E8-88D7-9457250BC555}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{423D6FB0-BB8E-42E8-88D7-9457250BC555}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
LonnyRJones
2006-12-09, 20:08
Hi slc001
Please go here and follow instructions.
http://forums.spybot.info/showthread.php?t=288
Post A Hijackthis log and an online scan report here in this thread.
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.