Results 1 to 2 of 2

Thread: Another Virtumonde

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jul 2008
    Posts
    8

    Default Another Virtumonde

    Had a problem with Virtumonde trojan, McAfee can't get rid of it and neither can spybot although it does see it every time.

    Here's the log.
    Thanks for any help in advance.
    Running Windows XP Professional.



    Virtumonde: [SBI $42352499] User settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1614895754-583907252-725345543-1003\Software\Microsoft\rdfa

    Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws

    Virtumonde.dll: [SBI $4FA20335] Library (File, fixed)
    C:\WINDOWS\system32\xxyxVMdA.dll

    Virtumonde.dll: [SBI $171716F8] Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyxVMdA

    Virtumonde.dll: [SBI $B24FE18F] Browser helper object (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D}

    Virtumonde.dll: [SBI $B24FE18F] Class ID (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D}

    Virtumonde.sci: [SBI $B5CD5E2A] Class ID (Registry key, fixed)
    HKEY_CLASSES_ROOT\CLSID\{1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D}

    Virtumonde.sci: [SBI $081ECDC1] Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D}

    Virtumonde.sci: [SBI $0C6BDAA0] Class ID (Registry value, fixed)
    HKEY_CLASSES_ROOT\CLSID\{1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D}\InprocServer32\=...C:\WINDOWS\system32\xxyxVMdA.dll...


    --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

    2008-07-07 blindman.exe (1.0.0.8)
    2008-07-07 SDFiles.exe (1.6.0.4)
    2008-07-07 SDMain.exe (1.0.0.6)
    2008-07-07 SDUpdate.exe (1.6.0.8)
    2008-07-07 SDWinSec.exe (1.0.0.12)
    2008-07-07 SpybotSD.exe (1.6.0.30)
    2008-07-07 TeaTimer.exe (1.6.0.20)
    2008-07-20 unins000.exe (51.49.0.0)
    2008-07-07 Update.exe (1.6.0.7)
    2008-07-07 advcheck.dll (1.6.1.12)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-07-07 SDHelper.dll (1.6.0.12)
    2008-06-19 sqlite3.dll
    2008-07-07 Tools.dll (2.1.5.7)
    2008-07-15 Includes\Adware.sbi (*)
    2008-07-15 Includes\AdwareC.sbi (*)
    2008-06-03 Includes\Cookies.sbi (*)
    2008-06-03 Includes\Dialer.sbi (*)
    2008-07-07 Includes\DialerC.sbi (*)
    2008-07-11 Includes\HeavyDuty.sbi (*)
    2008-07-10 Includes\Hijackers.sbi (*)
    2008-07-08 Includes\HijackersC.sbi (*)
    2008-07-15 Includes\Keyloggers.sbi (*)
    2008-07-15 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2008-07-16 Includes\Malware.sbi (*)
    2008-07-16 Includes\MalwareC.sbi (*)
    2008-07-15 Includes\PUPS.sbi (*)
    2008-07-15 Includes\PUPSC.sbi (*)
    2007-11-07 Includes\Revision.sbi (*)
    2008-06-18 Includes\Security.sbi (*)
    2008-07-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2008-07-11 Includes\Spyware.sbi (*)
    2008-07-15 Includes\SpywareC.sbi (*)
    2008-06-03 Includes\Tracks.uti
    2008-07-15 Includes\Trojans.sbi (*)
    2008-07-15 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
    / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
    / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
    / Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
    / Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP2: Windows XP Service Pack 2
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887472
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Security Update for Windows XP (KB890046)
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Security Update for Windows XP (KB893756)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Update for Windows XP (KB894391)
    / Windows XP / SP3: Security Update for Windows XP (KB896358)
    / Windows XP / SP3: Security Update for Windows XP (KB896423)
    / Windows XP / SP3: Security Update for Windows XP (KB896428)
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP3: Security Update for Windows XP (KB899587)
    / Windows XP / SP3: Security Update for Windows XP (KB899591)
    / Windows XP / SP3: Update for Windows XP (KB900485)
    / Windows XP / SP3: Security Update for Windows XP (KB900725)
    / Windows XP / SP3: Security Update for Windows XP (KB901017)
    / Windows XP / SP3: Security Update for Windows XP (KB901214)
    / Windows XP / SP3: Security Update for Windows XP (KB902400)
    / Windows XP / SP3: Update for Windows XP (KB904942)
    / Windows XP / SP3: Security Update for Windows XP (KB905414)
    / Windows XP / SP3: Security Update for Windows XP (KB905749)
    / Windows XP / SP3: Security Update for Windows XP (KB908519)
    / Windows XP / SP3: Update for Windows XP (KB908531)
    / Windows XP / SP3: Update for Windows XP (KB910437)
    / Windows XP / SP3: Update for Windows XP (KB911280)
    / Windows XP / SP3: Security Update for Windows XP (KB911562)
    / Windows XP / SP3: Security Update for Windows XP (KB911927)
    / Windows XP / SP3: Security Update for Windows XP (KB913580)
    / Windows XP / SP3: Security Update for Windows XP (KB914388)
    / Windows XP / SP3: Security Update for Windows XP (KB914389)
    / Windows XP / SP3: Hotfix for Windows XP (KB914440)
    / Windows XP / SP3: Hotfix for Windows XP (KB915865)
    / Windows XP / SP3: Update for Windows XP (KB916595)
    / Windows XP / SP3: Security Update for Windows XP (KB918118)
    / Windows XP / SP3: Security Update for Windows XP (KB918439)
    / Windows XP / SP3: Security Update for Windows XP (KB919007)
    / Windows XP / SP3: Security Update for Windows XP (KB920213)
    / Windows XP / SP3: Security Update for Windows XP (KB920670)
    / Windows XP / SP3: Security Update for Windows XP (KB920683)
    / Windows XP / SP3: Security Update for Windows XP (KB920685)
    / Windows XP / SP3: Update for Windows XP (KB920872)
    / Windows XP / SP3: Update for Windows XP (KB922582)
    / Windows XP / SP3: Security Update for Windows XP (KB922819)
    / Windows XP / SP3: Security Update for Windows XP (KB923191)
    / Windows XP / SP3: Security Update for Windows XP (KB923414)
    / Windows XP / SP3: Security Update for Windows XP (KB923980)
    / Windows XP / SP3: Security Update for Windows XP (KB924270)
    / Windows XP / SP3: Security Update for Windows XP (KB924667)
    / Windows XP / SP3: Security Update for Windows XP (KB925902)
    / Windows XP / SP3: Hotfix for Windows XP (KB926239)
    / Windows XP / SP3: Security Update for Windows XP (KB926255)
    / Windows XP / SP3: Security Update for Windows XP (KB926436)
    / Windows XP / SP3: Security Update for Windows XP (KB927779)
    / Windows XP / SP3: Security Update for Windows XP (KB927802)
    / Windows XP / SP3: Update for Windows XP (KB927891)
    / Windows XP / SP3: Security Update for Windows XP (KB928255)
    / Windows XP / SP3: Security Update for Windows XP (KB928843)
    / Windows XP / SP3: Security Update for Windows XP (KB929123)
    / Windows XP / SP3: Security Update for Windows XP (KB930178)
    / Windows XP / SP3: Update for Windows XP (KB930916)
    / Windows XP / SP3: Security Update for Windows XP (KB931261)
    / Windows XP / SP3: Security Update for Windows XP (KB931784)
    / Windows XP / SP3: Security Update for Windows XP (KB932168)
    / Windows XP / SP3: Update for Windows XP (KB932823-v3)
    / Windows XP / SP3: Security Update for Windows XP (KB933729)
    / Windows XP / SP3: Security Update for Windows XP (KB935839)
    / Windows XP / SP3: Security Update for Windows XP (KB935840)
    / Windows XP / SP3: Security Update for Windows XP (KB936021)
    / Windows XP / SP3: Security Update for Windows XP (KB937894)
    / Windows XP / SP3: Update for Windows XP (KB938828)
    / Windows XP / SP3: Security Update for Windows XP (KB938829)
    / Windows XP / SP3: Security Update for Windows XP (KB941202)
    / Windows XP / SP3: Security Update for Windows XP (KB941568)
    / Windows XP / SP3: Security Update for Windows XP (KB941644)
    / Windows XP / SP3: Security Update for Windows XP (KB941693)
    / Windows XP / SP3: Update for Windows XP (KB942763)
    / Windows XP / SP3: Security Update for Windows XP (KB943055)
    / Windows XP / SP3: Security Update for Windows XP (KB943460)
    / Windows XP / SP3: Security Update for Windows XP (KB943485)
    / Windows XP / SP3: Security Update for Windows XP (KB944653)
    / Windows XP / SP3: Security Update for Windows XP (KB945553)
    / Windows XP / SP3: Security Update for Windows XP (KB946026)
    / Windows XP / SP3: Security Update for Windows XP (KB948590)
    / Windows XP / SP3: Security Update for Windows XP (KB948881)
    / Windows XP / SP3: Security Update for Windows XP (KB950749)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB951376)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951698)


    --- Startup entries list ---
    Located: HK_LM:Run,
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, Acrobat Assistant 8.0
    command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    size: 623992
    MD5: 5369A26E89C68E9420AE9B9CC6305834

    Located: HK_LM:Run, AnyDVD
    command: C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    file: C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    size: 458240
    MD5: 99307F020740CD63FAE87A9A467AE78F

    Located: HK_LM:Run, AppleSyncNotifier
    command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    size: 116040
    MD5: 27E0EB81AE55788C8FBE6D489F862168

    Located: HK_LM:Run, b45e0bca
    command: rundll32.exe "C:\WINDOWS\system32\eijjuvxn.dll",b
    file: C:\WINDOWS\system32\eijjuvxn.dll
    size: 78848
    MD5: 7E0687C7E1F6081C00CC1E3C6AC95E7B

    Located: HK_LM:Run, BMb76d3856
    command: Rundll32.exe "C:\WINDOWS\system32\kpuvacih.dll",s
    file: C:\WINDOWS\system32\kpuvacih.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, DPAgnt
    command: C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    file: C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    size: 913408
    MD5: 0E0682008B919585991FF11AF5078A32

    Located: HK_LM:Run, IntelliPoint
    command: "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    file: C:\Program Files\Microsoft IntelliPoint\point32.exe
    size: 204800
    MD5: D6C9858536249E31A5E9A1A4F3A08113

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 289064
    MD5: 12577ED7558A642C53C959E72FF2455F

    Located: HK_LM:Run, LVCOMSX
    command: C:\WINDOWS\system32\LVCOMSX.EXE
    file: C:\WINDOWS\system32\LVCOMSX.EXE
    size: 221184
    MD5: 5BA8A7DA5D0573F7923E02B260AAD2F1

    Located: HK_LM:Run, mcagent_exe
    command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    file: C:\Program Files\McAfee.com\Agent\mcagent.exe
    size: 582992
    MD5: 9405B452064BFA6A0F78E2F177A988A4

    Located: HK_LM:Run, NeroFilterCheck
    command: C:\WINDOWS\system32\NeroCheck.exe
    file: C:\WINDOWS\system32\NeroCheck.exe
    size: 155648
    MD5: 3E4C03CEFAD8DE135263236B61A49C90

    Located: HK_LM:Run, NWEReboot
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, PivotSoftware
    command: "C:\Program Files\WinPortrait\wpctrl.exe"
    file: C:\Program Files\WinPortrait\wpctrl.exe
    size: 694008
    MD5: B75B12AE79C3EA44F2380FDFF83A1517

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 413696
    MD5: F34EB5D4F145ED5FE50033CA3A41ED24

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    file: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    size: 144784
    MD5: 6AB4C021FBD36DC6764924C312428D97

    Located: HK_LM:Run, type32
    command: "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    file: C:\Program Files\Microsoft IntelliType Pro\type32.exe
    size: 172032
    MD5: 05E10C2C3736E52FE33D16D2F9C73C04

    Located: HK_LM:Run, XpDis0Conf
    command: C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
    file: C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
    size: 32768
    MD5: 5C5E0CF03AB362E5D04FF48A2FEB584F

    Located: HK_LM:RunOnce, Spybot - Search & Destroy
    command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4891472
    MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855

    Located: HK_LM:RunOnce, SpybotDeletingA7929
    command: command /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    file: command /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingA9741
    command: command /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    file: command /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingC2859
    command: cmd /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    file: cmd /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingC3512
    command: cmd /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    file: cmd /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, CTFMON.EXE
    where: .DEFAULT...
    command: C:\WINDOWS\System32\CTFMON.EXE
    file: C:\WINDOWS\System32\CTFMON.EXE
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, Nokia.PCSync
    where: .DEFAULT...
    command: "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    file: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    size: 1232896
    MD5: E10B85BCFEE1CA3B61D894CA162E21FC

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-19...
    command: C:\WINDOWS\System32\CTFMON.EXE
    file: C:\WINDOWS\System32\CTFMON.EXE
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-20...
    command: C:\WINDOWS\System32\CTFMON.EXE
    file: C:\WINDOWS\System32\CTFMON.EXE
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-1614895754-583907252-725345543-1003...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, Nokia.PCSync
    where: S-1-5-21-1614895754-583907252-725345543-1003...
    command: "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    file: C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    size: 1232896
    MD5: E10B85BCFEE1CA3B61D894CA162E21FC

    Located: HK_CU:Run, PC Suite Tray
    where: S-1-5-21-1614895754-583907252-725345543-1003...
    command: "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    file: C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    size: 1079296
    MD5: D575F09E1F7FB03EF1FF3EE680B6E714

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-1614895754-583907252-725345543-1003...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2156368
    MD5: 08FC1FAD357F053043016597B6559BDC

    Located: HK_CU:RunOnce, SpybotDeletingB7629
    where: S-1-5-21-1614895754-583907252-725345543-1003...
    command: command /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    file: command /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:RunOnce, SpybotDeletingD3222
    where: S-1-5-21-1614895754-583907252-725345543-1003...
    command: cmd /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    file: cmd /c del "C:\WINDOWS\system32\xxyxVMdA.dll"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-18...
    command: C:\WINDOWS\System32\CTFMON.EXE
    file: C:\WINDOWS\System32\CTFMON.EXE
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

    Located: HK_CU:Run, Nokia.PCSync
    where: S-1-5-18...
    command: "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    file: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    size: 1232896
    MD5: E10B85BCFEE1CA3B61D894CA162E21FC

    Located: Startup (common), NaturalColorLoad.lnk
    where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
    command: C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    file: C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    size: 155715
    MD5: C0C6C793F5B3B15647A80CAAFE0F123D

    Located: Startup (common), TabUserW.exe.lnk
    where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
    command: C:\WINDOWS\system32\WTablet\TabUserW.exe
    file: C:\WINDOWS\system32\WTablet\TabUserW.exe
    size: 77824
    MD5: E5A9BD6D1B1E9A7A4C3D000909A8DC47

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, DPWLN
    command: C:\WINDOWS\system32\DPWLEvHd.dll
    file: C:\WINDOWS\system32\DPWLEvHd.dll
    size: 102400
    MD5: 24FE7850536AABAEE6A25FA684525EEC

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, xxyxVMdA
    command: xxyxVMdA.dll
    file: xxyxVMdA.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {1DC01F38-2C8F-45EF-84A5-8C0D72FA3E3D} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: xxyxVMdA.dll
    Short name:
    Date (created): 04/07/2008 01:35:48
    Date (last access): 21/07/2008 12:50:10
    Date (last write): 04/07/2008 01:35:48
    Filesize: 24064
    Attributes:
    MD5: 77F07B91BAD644AB7BD7A9809B2E2C16
    CRC32: 0E3FC71A

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 20/07/2008 18:53:56
    Date (last access): 21/07/2008 12:47:38
    Date (last write): 07/07/2008 09:41:58
    Filesize: 1562448
    Attributes: archive
    MD5: 32981ADE44D01EC2A9EBC2E311291707
    CRC32: C2F522E6
    Version: 1.6.0.12

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: SSVHelper Class
    Path: C:\Program Files\Java\jre1.6.0_07\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 19/07/2008 00:46:34
    Date (last access): 21/07/2008 12:37:26
    Date (last write): 10/06/2008 04:27:02
    Filesize: 509328
    Attributes: archive
    MD5: F921D875A1CBD69A6A462BA2514BC831
    CRC32: 38AC9EE2
    Version: 6.0.70.6

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 20/09/2007 11:30:18
    Date (last access): 21/07/2008 12:29:44
    Date (last write): 20/09/2007 11:30:18
    Filesize: 328752
    Attributes: archive
    MD5: 59CF5BF6684AFCF906CADAD39B4214DE
    CRC32: C363813C
    Version: 4.200.520.1

    {c968adf3-103d-42ef-b58d-ddb68bae38ff} ({ff83eab8-6bdd-d85b-fe24-d3013fda869c})
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: {ff83eab8-6bdd-d85b-fe24-d3013fda869c}
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: ozqjxt.dll
    Short name:
    Date (created): 20/07/2008 18:50:34
    Date (last access): 21/07/2008 12:42:54
    Date (last write): 20/07/2008 18:50:32
    Filesize: 102912
    Attributes: archive
    MD5: EA6F6D8E25190484AD3A5F0449327B99
    CRC32: 63664B8E

    {CC4DF0C2-FF4B-48E5-9030-F5DC5D59D881} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: tuvTmKAS.dll



    --- ActiveX list ---
    {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    DPF name:
    CLSID name: WUWebControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
    Codebase: http://www.update.microsoft.com/wind...?1204140676114
    description:
    classification: Legitimate
    known filename: wuweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: wuweb.dll
    Short name:
    Date (created): 27/02/2008 19:57:42
    Date (last access): 21/07/2008 12:19:34
    Date (last write): 30/07/2007 20:19:46
    Filesize: 203096
    Attributes: archive
    MD5: FD984F9BFC9C62BD6546BD183CE5ADE7
    CRC32: 8092F837
    Version: 7.0.6000.381

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_07
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.6.0_07\bin\
    Long name: npjpi160_07.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10/06/2008 02:32:34
    Date (last access): 19/07/2008 00:47:18
    Date (last write): 10/06/2008 04:27:02
    Filesize: 132496
    Attributes: archive
    MD5: 7C83A2809E13950359189767AC9D5DB8
    CRC32: 925C2A88
    Version: 6.0.70.6

    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: npjpi160_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 25/09/2007 00:31:44
    Date (last access): 12/06/2008 02:21:04
    Date (last write): 25/09/2007 02:11:34
    Filesize: 132496
    Attributes: archive
    MD5: D6A4682A6FF41832A3F1A7AB9AE08199
    CRC32: 9080B537
    Version: 6.0.30.5

    {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_05
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_05\bin\
    Long name: npjpi160_05.dll
    Short name: NPJPI1~1.DLL
    Date (created): 22/02/2008 03:33:32
    Date (last access): 13/06/2008 00:12:38
    Date (last write): 22/02/2008 05:25:20
    Filesize: 132496
    Attributes: archive
    MD5: 4FDFB86D78994BD71CBB779A7809E9CD
    CRC32: 5A0EB880
    Version: 6.0.50.13

    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_07
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_07\bin\
    Long name: npjpi160_07.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10/06/2008 02:32:34
    Date (last access): 21/07/2008 12:50:30
    Date (last write): 10/06/2008 04:27:02
    Filesize: 132496
    Attributes: archive
    MD5: 7C83A2809E13950359189767AC9D5DB8
    CRC32: 925C2A88
    Version: 6.0.70.6

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_07
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.6.0_07\bin\
    Long name: npjpi160_07.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10/06/2008 02:32:34
    Date (last access): 21/07/2008 12:50:30
    Date (last write): 10/06/2008 04:27:02
    Filesize: 132496
    Attributes: archive
    MD5: 7C83A2809E13950359189767AC9D5DB8
    CRC32: 925C2A88
    Version: 6.0.70.6



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 408 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 476 ( 408) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 500 ( 408) \??\C:\WINDOWS\system32\winlogon.exe
    size: 502272
    PID: 544 ( 500) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 556 ( 500) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 708 ( 544) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 788 ( 544) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 828 ( 544) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 860 ( 544) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 920 ( 500) C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    size: 393216
    MD5: 577851AD1FD224F77273ADDA29FE55E9
    PID: 1000 ( 544) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1020 ( 544) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1104 ( 544) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
    PID: 1204 ( 544) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    size: 116040
    MD5: 68277BB887A67D992A81B01710AFF92A
    PID: 1220 ( 544) C:\Program Files\Bonjour\mDNSResponder.exe
    size: 229376
    MD5: CFD4C3352E29A8B729536648466E8DF5
    PID: 1248 ( 544) C:\Program Files\DigitalPersona\Bin\DpHost.exe
    size: 221184
    MD5: 9A9719F979A5C00A0AF0461B005C6860
    PID: 1328 ( 544) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    size: 767976
    MD5: CB3A8976DE2F65349322DA7627CEA223
    PID: 1392 ( 544) c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    size: 2458128
    MD5: C69E71E00B30B60556D3E096699BD423
    PID: 1408 ( 544) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    size: 359248
    MD5: 8CF3DA0BE6094C34D7C4A85493E60547
    PID: 1424 ( 544) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    size: 144704
    MD5: 33734ABFA52EC8D096A1254D645E9B4F
    PID: 1536 ( 544) C:\Program Files\McAfee\MPF\MPFSrv.exe
    size: 856864
    MD5: 346F30F1FF73553AA466F4AE7948DA00
    PID: 1660 ( 544) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1736 ( 544) C:\WINDOWS\system32\Tablet.exe
    size: 679936
    MD5: 3C2F56C17C00BBF76A249D97E43255C7
    PID: 1824 ( 544) C:\WINDOWS\System32\WLTRYSVC.EXE
    size: 45056
    MD5: 516158CE60A5EEB8669FD117CEC943A5
    PID: 1884 (1824) C:\WINDOWS\System32\bcmwltry.exe
    size: 610304
    MD5: 87E53E4C576C509A0D4869F49025EBDC
    PID: 1940 ( 544) C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    size: 163840
    MD5: D63CE9423E567589FDF070DBC0614372
    PID: 1144 ( 544) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 2392 (2320) C:\WINDOWS\Explorer.EXE
    size: 1033216
    MD5: 97BD6515465659FF8F3B7BE375B2EA87
    PID: 2476 ( 708) C:\Program Files\McAfee.com\Agent\mcagent.exe
    size: 582992
    MD5: 9405B452064BFA6A0F78E2F177A988A4
    PID: 2524 ( 828) C:\WINDOWS\system32\wscntfy.exe
    size: 13824
    MD5: 49911DD39E023BB6C45E4E436CFBD297
    PID: 2536 (2392) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4891472
    MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
    PID: 2820 ( 544) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    size: 695624
    MD5: FD47DF2BCC3544DF65B01AD6B6062430
    PID: 1280 (2536) C:\WINDOWS\hh.exe
    size: 10752
    MD5: AAE7C1FFADA35914272FBFA581C34B34
    PID: 1116 (1280) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 21/07/2008 12:50:31

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://google.co.uk/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01447A4E-AB61-4E35-83DC-01A45FCC1F6C}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01447A4E-AB61-4E35-83DC-01A45FCC1F6C}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{20B38698-58F0-410A-BAA0-2878D89D60C1}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{20B38698-58F0-410A-BAA0-2878D89D60C1}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5763F0CA-6A16-47AF-BDD1-90BEDBBED8D7}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5763F0CA-6A16-47AF-BDD1-90BEDBBED8D7}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1CD3835-B138-452C-AC29-FBF3216C9C7D}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1CD3835-B138-452C-AC29-FBF3216C9C7D}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C0486B9-FE57-431E-BBFD-CC5048E0F04B}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C0486B9-FE57-431E-BBFD-CC5048E0F04B}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{922E32A8-BBD6-4E66-AB04-B5E7AA2FA8EC}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{922E32A8-BBD6-4E66-AB04-B5E7AA2FA8EC}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 3: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello redbiker,

    In order for one of our volunteer helpers to advise you when available, please follow the procedure in this sticky:

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Start a new topic providing the HJT log, I will close this one as helpers look for threads without a response.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •