Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Smitfraud-C

  1. #1
    Junior Member
    Join Date
    Jan 2006
    Posts
    7

    Default Smitfraud-C

    I am unable to fix Smitfraud-C. I read in another thread that this problem will be fixed in a subsequent update. However, I can't get rid of it. Has it been updated? Is this in fact a false positive?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,445

    Default

    Hello.
    We need a little more information before we can say if it is a f/p or not.

    We may ask for a Spybot-S&D log but first:

    Open Spybot>Help>About
    Let us know the version and latest detection update.

    Also what is your Operating System and which other security programs do you have installed.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Jan 2006
    Posts
    7

    Default

    i have spybot 1.4, last updated 01-06-06.

    i have windows 2000. the other security programs i have are adaware, hijackthis, ewido, and spysweeper 3.0.

    please let me know if you need anything else.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,445

    Default

    Thank you. No anti virus program?

    HJT is a tool btw, not a security program so please do not use it without expert guidance.

    <snip>

    Edit: we posted at the same time.

    Please post the full log and I will ask Lonny to take a look.
    Open SpyBot, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

    Uncheck[ ] do not report disabled or known legitimate Items.
    uncheck[ ] Include a list of services in report.
    Uncheck[ ] Include uninstall list in report.

    Now select (near the top) view report.
    Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Jan 2006
    Posts
    7

    Default

    --- Search result list ---
    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2006-01-12 unins000.exe (51.41.0.0)
    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-01-06 Includes\Cookies.sbi (*)
    2006-01-06 Includes\Dialer.sbi (*)
    2006-01-06 Includes\Hijackers.sbi (*)
    2006-01-06 Includes\Keyloggers.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2006-01-06 Includes\Malware.sbi (*)
    2006-01-06 Includes\PUPS.sbi (*)
    2006-01-06 Includes\Revision.sbi (*)
    2006-01-06 Includes\Security.sbi (*)
    2006-01-06 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-01-06 Includes\Trojans.sbi (*)



    --- System information ---
    Windows 2000 (Build: 2195) Service Pack 4
    / DataAccess: Microsoft Data Access Components KB870669
    / DataAccess: Security Update for Microsoft Data Access Components
    / Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB896688
    / Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB896727
    / Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB905495
    / Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB905915
    / Outlook Express 6 / SP1: Windows 2000 Hotfix - KB897715
    / Windows 2000 / SP4: Windows 2000 Service Pack 4
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB823182
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB823559
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB824105
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB826232
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB828035
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB828741
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB828749
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB835732
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB837001
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB839643
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB839645
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB840987
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB841356
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB841533
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB841872
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB841873
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB842526
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB842773
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB871250
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB873333
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB873339
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB885250
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB885835
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB885836
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB888113
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB890046
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB890859
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB891781
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB893066
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB893086
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB893756
    / Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB894320
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB896358
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB896422
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB896423
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB896424
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB899587
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB899588
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB899589
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB900725
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB901017
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB901214
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB902400
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB904706
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB905414
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB905749
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB908519
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB908523
    / Windows 2000 / SP5: Windows 2000 Hotfix - KB912919
    / Windows 2000 / SP5: Update Rollup 1 for Windows 2000 SP4
    / Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
    / Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
    / Windows Media Player: Windows Media Update 817787


    --- Startup entries list ---
    Located: HK_LM:Run, BJCFD
    command: C:\Program Files\BroadJump\Client Foundation\CFD.exe
    file: C:\Program Files\BroadJump\Client Foundation\CFD.exe
    size: 368706
    MD5: ba9af06103549a96f77036861fde357b

    Located: HK_LM:Run, CMPDPSRV
    command: C:\WINNT\system32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    file: C:\WINNT\system32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    size: 40960
    MD5: 5ea609093dc1dfa8ae828b1c7c8a3024

    Located: HK_LM:Run, CPQEASYACC
    command: C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    file: C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    size: 409600
    MD5: 8f96b6cfce326d0dde5a8d68d5352d68

    Located: HK_LM:Run, EACLEAN
    command: C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    file: C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    size: 122880
    MD5: bf3f57aa9b052a93750ade09a1c4e4b4

    Located: HK_LM:Run, IPInSightMonitor 02
    command: "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    file: C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    size: 122880
    MD5: 7187b64d933c478227e6ccc04c0b68f7

    Located: HK_LM:Run, nmapp
    command: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
    file: C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    size: 487424
    MD5: c8287b18285db7710aa3f52f3179b7b0

    Located: HK_LM:Run, Synchronization Manager
    command: mobsync.exe /logon
    file: C:\WINNT\system32\mobsync.exe
    size: 111376
    MD5: 9b2f5b9e745deaaa57fb78329ed03061

    Located: HK_LM:Run, SynTPEnh
    command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 249856
    MD5: 1ee09cdc2ff456cedf01f50a9884c976

    Located: HK_LM:Run, SynTPLpr
    command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 94208
    MD5: 32ba3932acd6dea5c670b918a792f503

    Located: HK_CU:Run, AIM
    command: C:\Program Files\AIM\aim.exe -cnetwait.odl
    file:

    Located: HK_CU:Run, msnmsgr
    command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
    size: 6856704
    MD5: 05acc06b81fda7e01f7fbeae9dfc5a3d

    Located: HK_CU:Run, SpybotSD TeaTimer
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1415824
    MD5: 70496eee0ddbe485f658693826f44d38

    Located: Startup (common), Adobe Gamma Loader.lnk
    command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    size: 113664
    MD5: c2ff17734176cd15221c10044ef0ba1a

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: deb88aef013dd1eefb462d7cad642166

    Located: Startup (common), D-Link AirPlus Xtreme G Configuration Utility.lnk
    command: C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
    file: C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
    size: 512082
    MD5: d93e0fa172827c1d1e4db6745ae7c1f6

    Located: Startup (common), Microsoft Office.lnk
    command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
    file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
    size: 65588
    MD5: f09fdff42a95cf027d63743b8c1d420a

    Located: Startup (common), WinZip Quick Pick.lnk
    command: C:\Program Files\WinZip\WZQKPICK.EXE
    file: C:\Program Files\WinZip\WZQKPICK.EXE
    size: 118784
    MD5: 67b2e7b6ae3b400d832f0456068ea83d

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: System.ini, wzcnotif
    command: wzcdlg.dll
    file: wzcdlg.dll

  6. #6
    Junior Member
    Join Date
    Jan 2006
    Posts
    7

    Default

    --- Browser helper object list ---
    {53707962-6F74-2D53-2644-206D7942484F} ()
    BHO name:
    CLSID name:
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name: SDHELPER.DLL
    Date (created): 1/12/2006 7:55:52 PM
    Date (last access): 1/12/2006
    Date (last write): 5/31/2005 1:04:00 AM
    Filesize: 853672
    Attributes: archive
    MD5: 250D787A5712D7768DDC133B3E477759
    CRC32: D4589A41
    Version: 1.4.0.0

    {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} ()
    BHO name:
    CLSID name:

    {c0a51265-0105-4e1e-a79c-50286d8043ec} ()
    BHO name:
    CLSID name:



    --- ActiveX list ---
    DirectAnimation Java Classes (DirectAnimation Java Classes)
    DPF name: DirectAnimation Java Classes
    CLSID name:
    Installer:
    Codebase: file://C:\WINNT\Java\classes\dajava.cab
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\dajava.cab
    info link:
    info source: Patrick M. Kolla

    Microsoft XML Parser for Java (Microsoft XML Parser for Java)
    DPF name: Microsoft XML Parser for Java
    CLSID name:
    Installer:
    Codebase: file://C:\WINNT\Java\classes\xmldso.cab
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
    info link:
    info source: Patrick M. Kolla

    {0000000A-9980-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINNT\Downloaded Program Files\wmsp9dmo.inf
    Codebase: http://download.microsoft.com/downlo...2/wmsp9dmo.cab
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase:
    description: Yahoo! Installation helper
    classification: Legitimate
    known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
    info link:
    info source: Patrick M. Kolla

    {31564D57-0000-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINNT\Downloaded Program Files\wmvax.inf
    Codebase: http://codecs.microsoft.com/codecs/i386/wmvax.cab
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {32564D57-0000-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINNT\Downloaded Program Files\wmv8ax.inf
    Codebase: http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {33564D57-0000-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINNT\Downloaded Program Files\WMV9VCM.inf
    Codebase: http://download.microsoft.com/downlo...22/wmv9VCM.CAB
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {49232000-16E4-426C-A231-62846947304B} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase:
    description:
    classification: Open for discussion
    known filename: SysInfo.dll
    info link:
    info source: Safer Networking Ltd.

    {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    DPF name:
    CLSID name: WUWebControl Class
    Installer: C:\WINNT\Downloaded Program Files\wuweb.inf
    Codebase: http://update.microsoft.com/microsof...?1124237829784
    description:
    classification: Legitimate
    known filename: wuweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINNT\system32\
    Long name: wuweb.dll
    Short name:
    Date (created): 5/26/2005 4:19:32 AM
    Date (last access): 1/5/2006
    Date (last write): 5/26/2005 4:19:32 AM
    Filesize: 173536
    Attributes: archive
    MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
    CRC32: EEF66B50
    Version: 5.8.0.2469

    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    DPF name:
    CLSID name: MUWebControl Class
    Installer: C:\WINNT\Downloaded Program Files\muweb.inf
    Codebase: http://update.microsoft.com/microsof...?1124237814061
    description:
    classification: Legitimate
    known filename: muweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINNT\system32\
    Long name: muweb.dll
    Short name:
    Date (created): 5/26/2005 4:19:32 AM
    Date (last access): 1/5/2006
    Date (last write): 5/26/2005 4:19:32 AM
    Filesize: 178408
    Attributes: archive
    MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
    CRC32: F5494B06
    Version: 5.8.0.2469

    {74D05D43-3236-11D4-BDCD-00C04F9A3B61} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase:
    description: Trend Micro Antivirus online scanner
    classification: Legitimate
    known filename: XSCAN53.OCX
    info link:
    info source: Patrick M. Kolla

    {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0)
    DPF name:
    CLSID name: XML DOM Document 4.0
    Installer: C:\WINNT\Downloaded Program Files\msxml4.inf
    Codebase: http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.
    Path: %SystemRoot%\System32\
    Long name: msxml4.dll

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\WINNT\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
    DPF name:
    CLSID name: ActiveScan Installer Class
    Installer: C:\WINNT\Downloaded Program Files\asinst.inf
    Codebase: http://acs.pandasoftware.com/actives...ree/asinst.cab
    description:
    classification: Open for discussion
    known filename: ASINST.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINNT\Downloaded Program Files\
    Long name: asinst.dll
    Short name:
    Date (created): 12/19/2005 1:35:32 PM
    Date (last access): 1/12/2006
    Date (last write): 12/19/2005 1:35:32 PM
    Filesize: 135168
    Attributes: archive
    MD5: 20C07B231040B49AFCE82397BFC35F9C
    CRC32: 9301377D
    Version: 58.4.0.0

    {9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
    DPF name:
    CLSID name:
    Installer: C:\WINNT\Downloaded Program Files\iuctl.inf
    Codebase: http://v4.windowsupdate.microsoft.co...492.9377314815
    description: Windows Update
    classification: Legitimate
    known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
    info link:
    info source: Patrick M. Kolla

    {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
    DPF name:
    CLSID name: YahooYMailTo Class
    Installer: C:\Program Files\Yahoo!\Common\ymmapi.inf
    Codebase: http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    description:
    classification: Legitimate
    known filename: ymmapi.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Yahoo!\Common\
    Long name: ymmapi.dll
    Short name:
    Date (created): 5/20/2005 7:17:38 PM
    Date (last access): 1/11/2006
    Date (last write): 7/12/2003 3:54:56 PM
    Filesize: 145120
    Attributes: archive
    MD5: 938E7F8E1F9116BAFC241C521037B265
    CRC32: 34B4B129
    Version: 2003.7.12.1

    {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
    DPF name:
    CLSID name: MsnMessengerSetupDownloadControl Class
    Installer: C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.inf
    Codebase: http://messenger.msn.com/download/Ms...Downloader.cab
    description:
    classification: Legitimate
    known filename: MsnMessengerSetupDownloader.ocx
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINNT\Downloaded Program Files\
    Long name: MsnMessengerSetupDownloader.ocx
    Short name: MSNMES~1.OCX
    Date (created): 3/17/2005 2:48:34 PM
    Date (last access): 1/11/2006
    Date (last write): 3/17/2005 2:48:34 PM
    Filesize: 113152
    Attributes: archive
    MD5: 92D24B6643919005213F60D5B537196A
    CRC32: 31684779
    Version: 1.0.0.2

    {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class)
    DPF name:
    CLSID name: YAddBook Class
    Installer: C:\Program Files\Yahoo!\Common\yab_af.inf
    Codebase: http://download.yahoo.com/dl/installs/yab_af.cab
    description: Yahoo! Address book
    classification: Legitimate
    known filename: %ProgramFiles%\Yahoo!\Common\yaddbook.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\Yahoo!\Common\
    Long name: yaddbook.dll
    Short name:
    Date (created): 5/20/2005 7:17:42 PM
    Date (last access): 1/11/2006
    Date (last write): 7/14/2003 2:34:22 PM
    Filesize: 208896
    Attributes: archive
    MD5: 62F761A0DD956C1939D3892A7D2E78AF
    CRC32: 88082425
    Version: 2003.7.14.1

    {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class)
    DPF name:
    CLSID name: PhotosCtrl Class
    Installer:
    Codebase:
    description:
    classification: Legitimate
    known filename: YPhotos.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Yahoo!\Common\
    Long name: YPhotos.dll
    Short name: YPHOTOS.DLL
    Date (created): 5/20/2005 7:17:42 PM
    Date (last access): 1/5/2006
    Date (last write): 6/9/2003 4:52:08 PM
    Filesize: 468128
    Attributes: archive
    MD5: B367D4316F0C8EFF50FEEABD9F01E5E5
    CRC32: B99476A1
    Version: 2003.6.9.1

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINNT\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload.macromedia.com/get...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINNT\system32\macromed\flash\
    Long name: Flash.ocx
    Short name: FLASH.OCX
    Date (created): 6/9/2004 3:59:26 PM
    Date (last access): 1/12/2006
    Date (last write): 6/9/2004 3:59:26 PM
    Filesize: 939224
    Attributes: archive
    MD5: FC3E17E12C2E31FAC34B416B3DAB829F
    CRC32: D1CF3A57
    Version: 7.0.19.0

  7. #7
    Junior Member
    Join Date
    Jan 2006
    Posts
    7

    Default

    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 136 ( 8) \SystemRoot\System32\smss.exe
    PID: 160 ( 136) \??\C:\WINNT\system32\csrss.exe
    PID: 180 ( 136) \??\C:\WINNT\system32\winlogon.exe
    PID: 208 ( 180) C:\WINNT\system32\services.exe
    size: 92944
    MD5: B861B4E6E9637EB76A40C10C552E0229
    PID: 220 ( 180) C:\WINNT\system32\lsass.exe
    size: 33552
    MD5: F19D0A319AB4BF5496F08807CB9B8651
    PID: 404 ( 208) C:\WINNT\system32\svchost.exe
    size: 7952
    MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
    PID: 436 ( 208) C:\WINNT\system32\spoolsv.exe
    size: 47376
    MD5: FACFB75ECC070103619FA044E0B210D3
    PID: 468 ( 208) C:\WINNT\System32\ati2evxx.exe
    size: 57344
    MD5: 5BFB89A40C843708E94A871BA292AC96
    PID: 484 ( 208) C:\WINNT\System32\svchost.exe
    size: 7952
    MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
    PID: 500 ( 208) C:\Program Files\ewido anti-malware\ewidoctrl.exe
    size: 13888
    MD5: 26830B750372AB1BF29C95DEEBEB802F
    PID: 556 ( 208) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    size: 161344
    MD5: 54DE679A0911E2E5C6BA0D07BC27D907
    PID: 644 ( 208) C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
    size: 99904
    MD5: ADE71361B6A70D3418080494C262B341
    PID: 688 ( 208) C:\WINNT\system32\MSTask.exe
    size: 122128
    MD5: B00529EAE5D0CE97010B69CC677128C8
    PID: 724 ( 208) C:\WINNT\system32\stisvc.exe
    size: 61712
    MD5: B75235626B950FF821146555C612F814
    PID: 192 ( 208) C:\WINNT\System32\WBEM\WinMgmt.exe
    size: 196706
    MD5: 05B2001E1BC653FD6091E741B46F71B4
    PID: 916 ( 912) C:\WINNT\Explorer.EXE
    size: 243472
    MD5: 59CF2B7DCED9111F48F51B4B570E672D
    PID: 928 ( 208) C:\WINNT\system32\mspmspsv.exe
    size: 53248
    MD5: AF619B3908BB1C9336FB6981609018FE
    PID: 944 ( 208) C:\WINNT\system32\svchost.exe
    size: 7952
    MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
    PID: 1056 ( 916) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 94208
    MD5: 32BA3932ACD6DEA5C670B918A792F503
    PID: 1064 ( 916) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 249856
    MD5: 1EE09CDC2FF456CEDF01F50A9884C976
    PID: 1072 ( 916) C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    size: 122880
    MD5: 7187B64D933C478227E6CCC04C0B68F7
    PID: 1088 ( 916) C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    size: 409600
    MD5: 8F96B6CFCE326D0DDE5A8D68D5352D68
    PID: 1100 ( 916) C:\Program Files\BroadJump\Client Foundation\CFD.exe
    size: 368706
    MD5: BA9AF06103549A96F77036861FDE357B
    PID: 1116 ( 916) C:\WINNT\system32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    size: 40960
    MD5: 5EA609093DC1DFA8AE828B1C7C8A3024
    PID: 1124 ( 916) C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    size: 487424
    MD5: C8287B18285DB7710AA3F52F3179B7B0
    PID: 1156 ( 916) C:\Program Files\MSN Messenger\MsnMsgr.Exe
    size: 6856704
    MD5: 05ACC06B81FDA7E01F7FBEAE9DFC5A3D
    PID: 1192 ( 916) C:\Program Files\AIM\aim.exe
    size: 67160
    MD5: D160472D7A8DBADD35DFE34D525F1CBC
    PID: 1216 ( 404) C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    size: 106496
    MD5: DA31CF72A49CD4C78487987CEB588D33
    PID: 1224 ( 916) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1415824
    MD5: 70496EEE0DDBE485F658693826F44D38
    PID: 1256 ( 916) C:\Program Files\WinZip\WZQKPICK.EXE
    size: 118784
    MD5: 67B2E7B6AE3B400D832F0456068EA83D
    PID: 1268 (1216) C:\PROGRA~1\Compaq\EASYAC~1\EAUSBKBD.EXE
    size: 73728
    MD5: 5C8A22395AB0383F3011B25B4F002B81
    PID: 1296 ( 916) C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
    size: 512082
    MD5: D93E0FA172827C1D1E4DB6745AE7C1F6
    PID: 1172 ( 916) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 1080 ( 916) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 6637156
    MD5: CA35469F8987EBD2FB779DD915499462
    PID: 8 ( 0) System
    PID: 1160 ( 916) C:\WINNT\system32\NOTEPAD.EXE
    size: 50960
    MD5: CF8C98E8B3979F15DF77A7DE2E51BCC1
    PID: 612 ( 916) C:\WINNT\system32\NOTEPAD.EXE
    size: 50960
    MD5: CF8C98E8B3979F15DF77A7DE2E51BCC1


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 1/12/2006 9:41:23 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
    http://www.google.com
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINNT\SYSTEM32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://search.msn.com/spbasic.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://home.microsoft.com/access/autosearch.asp?p=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINNT\SYSTEM32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD nwlnkipx [IPX]
    GUID: {11058240-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkipx *

    Protocol 6: MSAFD nwlnkspx [SPX]
    GUID: {11058241-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkspx *

    Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
    GUID: {11058241-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkspx *

    Protocol 8: MSAFD nwlnkspx [SPX II]
    GUID: {11058241-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkspx *

    Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
    GUID: {11058241-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkspx *

    Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{64E22B80-9613-4A2E-A8D4-804243760D96}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{64E22B80-9613-4A2E-A8D4-804243760D96}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{63A90920-8FB6-42DF-A383-7A0F9F72284D}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{63A90920-8FB6-42DF-A383-7A0F9F72284D}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6AC9D252-AD4A-4596-BCE1-262B4BF8CE53}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6AC9D252-AD4A-4596-BCE1-262B4BF8CE53}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{902D940F-8554-4A61-BD33-14B991634643}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{902D940F-8554-4A61-BD33-14B991634643}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D95955D-CBA2-4D71-9E1A-8A83BB078BF8}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D95955D-CBA2-4D71-9E1A-8A83BB078BF8}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F50BD617-023D-4246-95B0-B7A6F490552C}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F50BD617-023D-4246-95B0-B7A6F490552C}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\msafd.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\rnr20.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
    GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\nwprovau.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
    DB filename: %SystemRoot%\system32\nwprovau.dll
    DB protocol: NWLink IPX/SPX/NetBIOS*

  8. #8
    Junior Member
    Join Date
    Jan 2006
    Posts
    7

    Default

    sorry, it was too big to attach or post all at once. had to post it in 3 parts. if you want it a different way, please let me know.

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi frustrated11

    Try this please
    Download this file to your desktop
    http://www.mvps.org/winhelp2002/DelDomains.inf
    Close all browsers, right-click and select: Install
    It realy doesnt install, just clears all sites in the domains and Ranges keys.
    Afterward's you will need to immunize again in SpyBot and re-protect again with SpywareBlaster or re-install iespyadds if its installed, then the file itself can be deleted (DelDomains.inf)

  10. #10
    Junior Member
    Join Date
    Jan 2006
    Posts
    7

    Thumbs up

    THANK YOU! it's all gone!

    after doing everything up to and including spwareblaster, i ran a spybot scan and no threats were found. (for my own edification, could you tell me what iespyadds are?)

    also, can you recommend a good, free antivirus program?

    thanks again to the both of you. i really appreciate it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •