Possible Trojan Problem - Please Help

**TreeHead** · 2008-05-25, 17:19

Will anyone please advise?

1- While reviewing Start-Up programs listed in Spybot's Tools, I came across one program that has no business being there and for which all of several descriptions indicate "not required - virus, spyware, malware or other resource hog". It won't toggle off by using Spybot nor by using msconfig.
KEY = System.ini (C:\Windows\System.ini)
VALUE = Shell
Command Line = Explorer.exe
2- While scanning for problems I received the following: WARNING! There were problems in the include file C:\Program Files\Spybot-Search_Destroy\Includes\TrojansC.sbi
3- Computer is so slow, for example, it takes 20 minutes just to open Spybot program.
Thanks for any help or advise offered.
ADDITIONAL INFO.
Spybot program version is 1.5.1.15
Computer uses Windows ME
Last update 5/21/08

**Terminator** · 2008-05-25, 17:48

You are using an out of date version of Spybot, please upgrade to version 1.5.2

**md usa spybot fan** · 2008-05-25, 18:01

TreeHead:

That is a legitimate entry. Leave it alone. See:
- system startup wont delete one of the entries
  http://forums.spybot.info/showthread.php?t=24511
Upgrade to Spybot 1.5.2.20. See:
- ‘Include errors.log’
  http://forums.spybot.info/showthread.php?t=28328
Also read my suggestion in post #5 of this thread for upgrading:
- Install Issue...
  http://forums.spybot.info/showthread.php?t=24601
Try the new version and see if it loads faster.

**TreeHead** · 2008-05-25, 21:38

Terminator,

New version opens quickly & hopefully will remain that way. I did a full scan. Only a few cookies displayed as problems and there was no advisory (WARNING!) about the includes\TrojansC.sbi file.

Thanks for your advice. It's appreciated.

**TreeHead** · 2008-05-25, 22:04

Spybot Fan,

I do now understand that "possibilities" are displayed in the sidebar (more info.) of Tools / Start-Up for related entries; however for this particular entry the possibility of legitimacy is nowhere to be found. It certainly leaves one with the impression that there's a serious problem, causes worry and concern.

IF you hadn't advised to leave it alone, I'de be doing all kinds of research and looking into specialized software, etc. I had already tried to remove it by MSCONFIG; but it wouldn't allow me to do so. Fortunately, I chickened out when I opened the boot section of MSCONFIG's System.ini and found explorer.exe.

So, a big Thanks to you for saving me lots of time, probably some money too.

**computer_user** · 2008-05-26, 05:20

I didn't get any replies on my thread wrt problems I'm having with my computer. Earlier this evening I was running spybot and got an error message about some trojan. The prompt told me to read the report or file, but I don't know how to do that. I did generate a report which is below:

--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2008-01-28 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-04-16 Includes\Adware.sbi (*)
2008-05-21 Includes\AdwareC.sbi (*)
2008-05-21 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-21 Includes\DialerC.sbi (*)
2008-05-21 Includes\HeavyDuty.sbi (*)
2008-04-30 Includes\Hijackers.sbi (*)
2008-05-21 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-21 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-05-21 Includes\Malware.sbi (*)
2008-05-21 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-21 Includes\PUPSC.sbi (*)
2008-05-21 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-21 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-21 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-21 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-05-21 Includes\Trojans.sbi (*)
2008-05-21 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918439
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918899
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB925486
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB911567
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 828026
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP2: Windows XP Hotfix - KB820291
/ Windows XP / SP2: Windows XP Hotfix - KB821253
/ Windows XP / SP2: Windows XP Hotfix - KB821557
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB823980
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q322011
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q328310
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329170
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329441
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810565
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810577
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810833
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811493
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814033
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814995
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q815021
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817287
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817606
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB939653)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Security Update for Windows XP (KB942615)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Update for Windows XP (KB942840)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944338)
/ Windows XP / SP3: Security Update for Windows XP (KB944533)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Update for Windows XP (KB946627)
/ Windows XP / SP3: Security Update for Windows XP (KB947864)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)

--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: E28D00EC675F5F5A5A0555E7A4523A6E

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 579584
MD5: 25A49E5BFF4E6424FA5E27C81269041D

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: E558CDE2913DAA077D4E25732D1AA176

Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D

Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
size: 112216
MD5: B02178866C19F73310FD70B789135240

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC

Located: HK_CU:Run, AVG7_Run
where: .DEFAULT...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, AVG7_Run
where: S-1-5-19...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, AVG7_Run
where: S-1-5-20...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1482476501-606747145-725345543-1003...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1482476501-606747145-725345543-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-1482476501-606747145-725345543-1003...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F

Located: HK_CU:Run, AVG7_Run
where: S-1-5-18...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: Startup (common), Google Updater.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 125624
MD5: 785478C1E612CDC7D2117A14C2304EBF

Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 258048
MD5: C519CEC624CF9BCBA3059F32266C8FFF

Located: Startup (common), HP Image Zone Fast Start.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
size: 53248
MD5: 8C53463A3E28454D74F48BF87A9CF7BA

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 9/5/2007 4:48:58 PM
Date (last access): 5/25/2008 3:55:44 PM
Date (last write): 9/5/2007 4:48:58 PM
Filesize: 816400
Attributes: archive
MD5: C1B2B3EF8AC5C8C32670D4EC7D524964
CRC32: AB11046B
Version: 2007.9.5.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/23/2006 12:08:42 AM
Date (last access): 5/25/2008 8:36:42 PM
Date (last write): 10/23/2006 12:08:42 AM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 1/28/2008 2:06:20 PM
Date (last access): 5/25/2008 9:37:08 PM
Date (last write): 8/31/2007 5:46:14 PM
Filesize: 1122128
Attributes: archive
MD5: B8958471DAA4481E93B03DF8F991DD6E
CRC32: 35E35F14
Version: 1.5.0.8

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 10/31/2006 3:33:52 PM
Date (last access): 5/25/2008 8:31:22 PM
Date (last write): 10/31/2006 3:33:52 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: ssv.dll
Short name:
Date (created): 3/24/2008 10:11:40 AM
Date (last access): 5/25/2008 8:49:16 PM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 509328
Attributes: archive
MD5: 5B42CB6A121256465B251840FDB1B2FE
CRC32: 6EF0BCE9
Version: 6.0.50.13

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\VirusScan Enterprise\
Long name: scriptcl.dll
Short name:
Date (created): 11/30/2006 9:50:00 AM
Date (last access): 5/25/2008 8:36:42 PM
Date (last write): 11/30/2006 9:50:00 AM
Filesize: 67136
Attributes: archive
MD5: 100ADCB3C368F15B83DA81278101D53B
CRC32: 70466014
Version: 13.3.1.100

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll googletoolbar*.dll (* = number) googletoolbar_en_*.**-big.dll Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 2/28/2008 7:29:54 PM
Date (last access): 5/25/2008 3:56:10 PM
Date (last write): 2/28/2008 7:29:52 PM
Filesize: 2554944
Attributes: readonly archive
MD5: C898A8FC22C86857A58147351A534D5C
CRC32: 45F483F8
Version: 4.0.1602.1060

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\
Long name: swg.dll
Short name:
Date (created): 2/28/2008 7:29:20 PM
Date (last access): 5/25/2008 8:49:16 PM
Date (last write): 2/28/2008 7:29:20 PM
Filesize: 654320
Attributes: archive
MD5: 72D6804DC43CC0CF4F10E699D7738138
CRC32: ABF4BA3E
Version: 2.1.1119.1736

--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://download.macromedia.com/pub/s...irector/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: swdir.dll
Short name:
Date (created): 11/11/2007 9:33:42 PM
Date (last access): 5/25/2008 10:03:14 AM
Date (last write): 8/7/2007 6:20:44 PM
Filesize: 182248
Attributes: archive
MD5: 6C90714399BD3F1E7C0503A38EADBAC7
CRC32: D1E8C81D
Version: 10.2.0.23

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 4/10/2007 3:02:50 PM
Date (last access): 5/25/2008 8:37:38 PM
Date (last write): 10/11/2007 3:12:48 PM
Filesize: 1468968
Attributes: archive
MD5: FC6680B6D4812D017109518AC07DED0E
CRC32: 4DC7C79C
Version: 1.7.59.1

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer:
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: YInstHelper.dll
Short name: YINSTH~1.DLL
Date (created): 3/15/2007 9:13:06 PM
Date (last access): 5/25/2008 9:02:18 AM
Date (last write): 3/15/2007 9:13:06 PM
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1

{48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control)
DPF name:
CLSID name: MySpace Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\MySpaceUploader.inf
Codebase: http://lads.myspace.com/upload/MySpaceUploader1006.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MySpaceUploader.ocx
Short name: MYSPAC~1.OCX
Date (created): 2/1/2008 3:17:04 AM
Date (last access): 5/25/2008 5:47:54 PM
Date (last write): 2/1/2008 3:17:04 AM
Filesize: 2637440
Attributes: archive
MD5: 2245B3CAE09AF148D983F88F62153628
CRC32: A47295FA
Version: 1.0.0.6

{7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control)
DPF name:
CLSID name: Windows Live Photo Upload Control
Installer: C:\WINDOWS\Downloaded Program Files\MSNPUpld.inf
Codebase: http://cid-66bc51101b02e482.spaces.l...d/MsnPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 8/2/2007 11:31:32 AM
Date (last access): 5/25/2008 7:35:58 PM
Date (last write): 8/2/2007 11:31:32 AM
Filesize: 360320
Attributes: archive
MD5: C670858E2347EAB5C9507A91A142210F
CRC32: B1C9923E
Version: 10.0.916.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-6u5.inf
Codebase: http://javadl.sun.com/webapps/downlo...BundleId=19588
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 2:33:32 AM
Date (last access): 5/25/2008 12:39:16 PM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 2:33:32 AM
Date (last access): 5/25/2008 10:04:22 PM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 2:33:32 AM
Date (last access): 5/25/2008 10:04:22 PM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: https://download.macromedia.com/pub/...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash9d.ocx
Short name:
Date (created): 6/11/2007 2:04:32 PM
Date (last access): 5/25/2008 5:49:58 PM
Date (last write): 6/11/2007 2:04:32 PM
Filesize: 2267368
Attributes: readonly archive
MD5: B01E2A41389FBA42B7B5A026EA88C9B7
CRC32: 8980B6EC
Version: 9.0.47.0

--- Process list ---
PID: 0 ( 0) [System]
PID: 432 ( 0) \SystemRoot\System32\smss.exe
size: 50688
PID: 500 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 524 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 568 ( 0) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 580 ( 0) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 732 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 776 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 840 ( 0) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 884 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 932 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 964 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1288 ( 0) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1408 ( 0) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1544 ( 0) C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
size: 112216
MD5: B02178866C19F73310FD70B789135240
PID: 1556 ( 0) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D
PID: 1564 ( 0) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: E558CDE2913DAA077D4E25732D1AA176
PID: 1572 ( 0) C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 1616 ( 0) C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 579584
MD5: 25A49E5BFF4E6424FA5E27C81269041D
PID: 1632 ( 0) C:\Program Files\McAfee\Common Framework\McTray.exe
size: 86016
MD5: F01DE4E2D6DF141628BAB697B7B43057
PID: 1636 ( 0) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C
PID: 1664 ( 0) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 1680 ( 0) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F
PID: 1688 ( 0) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
PID: 1768 ( 0) C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 125624
MD5: 785478C1E612CDC7D2117A14C2304EBF
PID: 1816 ( 0) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 418816
MD5: 3C7B93F947355E374A49564D0D017B7B
PID: 1828 ( 0) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 258048
MD5: C519CEC624CF9BCBA3059F32266C8FFF
PID: 1904 ( 0) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 1948 ( 0) C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
size: 406528
MD5: FC0B2AE890BB0DC8C2306DABEDC8A4BA
PID: 2020 ( 0) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
size: 138680
MD5: D213C2B1CE0FAEAB59EC0C55B4493F94
PID: 168 ( 0) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
size: 104000
MD5: 1BC1A6B644D4CC1964CD851E92B604F4
PID: 252 ( 0) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
size: 54872
MD5: DD61B815E2CBA6CCA6B7ED607F466652
PID: 700 ( 0) C:\WINDOWS\System32\HPZipm12.exe
size: 69632
MD5: 9D84376931440F3679BEEF2A414FA493
PID: 120 ( 0) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
size: 136768
MD5: EFB1E30EA77C70704F1417E20CC4BF53
PID: 916 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2588 ( 0) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
size: 425984
MD5: 6B2B9B46D7DA5C67397412DEA6CF9A14
PID: 3272 ( 0) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3712 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3856 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9
PID: 3356 ( 0) C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
size: 144960
MD5: 12BEF73E0281AC793865BE1A331C67FC
PID: 3824 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3576 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3208 ( 0) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
size: 341616
MD5: 80660C611B596FFE8AF4074B31AA6FB7

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/25/2008 10:04:22 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01A40B94-389B-40EA-9CEC-46DE9116BC05}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01A40B94-389B-40EA-9CEC-46DE9116BC05}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2DB81DC6-9F09-4DDC-B5CB-37D82BC1BEAC}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2DB81DC6-9F09-4DDC-B5CB-37D82BC1BEAC}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC1787FB-CBD7-4D3D-AEC7-33C185F902DE}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC1787FB-CBD7-4D3D-AEC7-33C185F902DE}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FCACD1A-5759-4343-A45B-5EE499175529}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FCACD1A-5759-4343-A45B-5EE499175529}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

That error prompt came up twice while spybot was running. I have noticed increasing problems with my computer since I first posted about my situation earlier this week. Again and again I have a browser open which appears white and when I move the cursor over it, the cursor becomes an hour glass. If I attempt to close the window it is unresponsive. When I attempt to open a new browser from "start", nothing happens. Restart does not always work either. Sometimes I hit crtl alt del which may or may not work. At other times I must manually turn my computer off then back on again. And sometimes that does not work ie being able to manually turn it off. Sometimes I am able to restart from "Start" or using ctrl alt del. I do not understand what is going on. I do not know much about computers but I do know something is wrong. Can someone please advise?

**md usa spybot fan** · 2008-05-26, 05:38

computer_user:

Originally Posted by computer_user

--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

The latest verson of Spybot is:

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

Go into Spybot > Help > About. You will see you are not running running Spybot - Search & Destroy 1.5.2.20.

Upgrade to Spybot 1.5.2.20. See:
- ‘Include errors.log’
  http://forums.spybot.info/showthread.php?t=28328
Also read my suggestion in post #5 of this thread for upgrading:
- Install Issue...
  http://forums.spybot.info/showthread.php?t=24601

**computer_user** · 2008-05-26, 06:05

I'm getting an error while spybot is trying to replace the existing files. The message is C:\ProgramFiles\Spybot-Search&Destroy\SpybotSD.exe

The DeleteFile Failed; code 5

**spybotsandra** · 2008-05-26, 13:58

Hello,

At first please uninstall your Spybot version and make a fresh installation.
http://www.safer-networking.org/en/howto/uninstall.html
During the installation wizard please do not choose search for updates.
This should help to get Spybot running.

Best regards
Sandra
Team Spybot

**computer_user** · 2008-05-26, 19:16

Originally Posted by spybotsandra

Hello,

At first please uninstall your Spybot version and make a fresh installation.
http://www.safer-networking.org/en/howto/uninstall.html
During the installation wizard please do not choose search for updates.
This should help to get Spybot running.

Best regards
Sandra
Team Spybot

It worked. Thank you very much.

Thread: Possible Trojan Problem - Please Help

Thread Tools

Display

Possible Trojan Problem - Please Help

Posting Permissions