virtumonde.dll again ..

[Derek_the_Wolves_Fan]

Hi all,
As did 'this is a username', I did a scan with spybot today and also found 1 instance of virtumonde.dll. I'm not getting pop ups or anything, but also my internet is running slower.

The registry key that spybot says is infected is the same ie: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

I happen to be using the same version of vista.

I am a bit nervous of just using the instructions provided as I know sometimes you need to be very specific. Are the instructions given OK for everyone to use or do you need to see the spybot report?

Many thanks.

Derek

In case the spybot report is needed, here it is.

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-08-14 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-08-26 unins000.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi (*)
2009-08-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-25 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-25 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi (*)
2009-08-26 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, Ad-Watch
command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441

Located: HK_LM:Run, CCUTRAYICON
command: "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
file: C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
size: 215256
MD5: D3E15273940EB78870146BF7592666D3

Located: HK_LM:Run, DellSupportCenter
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA

Located: HK_LM:Run, dscactivate
command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
file: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
size: 16384
MD5: 267B3A856E9F4DB1CABD4E6DB71E07D2

Located: HK_LM:Run, ECenter
command: C:\Dell\E-Center\EULALauncher.exe
file: C:\Dell\E-Center\EULALauncher.exe
size: 17920
MD5: D6B7814AA0D1412F0EA77845C0AF7B51

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: FF3BF05021BFECC92DB81B8257EEB026

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68

Located: HK_LM:Run, NMSSupport
command: "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
file: C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
size: 439512
MD5: FEC7A0C94B73E46AFEEEEDF53548AAEA

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 8429568
MD5: D4A6BC45D9085120056C22A32B93B95A

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 81920
MD5: 4AFB2A44374C53E5ECBB3CFC44661FBE

Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\nvsvc.dll
size: 86016
MD5: A172FE2A532FE2145247BDB8EE3EBC8E

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF

Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
file: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 221184
MD5: 1AAD451CCBECE62987591B35AE8037A8

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4452352
MD5: 8C7DDBBF366869A61218AB7A6802C3E9

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3

Located: HK_LM:Run, TalkTalk
command: "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
file: C:\Program Files\TalkTalk\bin\sprtcmd.exe
size: 202016
MD5: 7685012305BC2C395139BAA9A1D7462E

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:Run, WPCUMI
command: C:\Windows\system32\WpcUmi.exe
file: C:\Windows\system32\WpcUmi.exe
size: 176128
MD5: C456658AF90F42BE3CDF1048F9CDB5CA

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13

Located: HK_CU:Run, DellSupport
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534

Located: HK_CU:Run, DellSupportCenter
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, Messenger (Yahoo!)
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4351216
MD5: B2A71BBFFB31A196DE001CF94EB8D3B4

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, swg
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, TomTomHOME.exe
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
file: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
size: 247144
MD5: EA0B99460FE002E8588808F297160548

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-2283168741-1253311618-3198397633-1001...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D

Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name:
Date (created): 27/02/2009 13:07:26
Date (last access): 14/03/2009 19:15:02
Date (last write): 27/02/2009 13:07:26
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name:
Date (created): 25/11/2007 23:23:02
Date (last access): 24/04/2009 20:40:36
Date (last write): 24/04/2009 20:40:36
Filesize: 312928
Attributes: archive
MD5: F0F67D3349B5CA1D162A2F29C647F842
CRC32: B48F6120
Version: 1.0.1.200

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 10/09/2008 19:55:32
Date (last access): 18/07/2009 20:32:56
Date (last write): 18/07/2009 20:32:56
Filesize: 1111320
Attributes: archive
MD5: A8F964A2FB9400B81E1483AA5A8B39F5
CRC32: E3F2A2F4
Version: 8.5.0.392

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 06/02/2008 22:36:20
Date (last access): 02/10/2008 21:04:46
Date (last write): 15/09/2008 14:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name:
Date (created): 30/03/2009 16:31:54
Date (last access): 29/06/2009 19:50:52
Date (last write): 30/03/2009 16:31:54
Filesize: 403824
Attributes: archive
MD5: 9144D1A2D7AC4CE489C863E11FC5E478
CRC32: 55343708
Version: 6.500.3146.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar.dll
Short name:
Date (created): 12/01/2009 20:16:14
Date (last access): 12/01/2009 20:16:14
Date (last write): 16/06/2009 12:47:48
Filesize: 259696
Attributes: archive
MD5: B2A3EE0D6570BAE9BD90892E0009A6AB
CRC32: 230192E8
Version: 6.1.1715.1442

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\
Long name: swg.dll
Short name:
Date (created): 30/06/2009 10:59:06
Date (last access): 30/06/2009 10:59:06
Date (last write): 30/06/2009 10:59:06
Filesize: 669168
Attributes: archive
MD5: 7C987CAB519BC858FD4DBB6B40EE4BD2
CRC32: 2CC83660
Version: 5.1.1309.15642

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Dictionary Compression sdch
CLSID name: Google Dictionary Compression sdch
Path: C:\Program Files\Google\Google Toolbar\Component\
Long name: fastsearch_A8904FB862BD9564.dll
Short name:
Date (created): 03/05/2009 09:56:00
Date (last access): 03/05/2009 09:56:00
Date (last write): 03/05/2009 09:56:00
Filesize: 470512
Attributes: archive
MD5: E35BCCB1D1D96F8E5B09C72AF70EC3F6
CRC32: 73C702FE
Version: 1.0.610.27482

{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Browser Address Error Redirector)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Browser Address Error Redirector
CLSID name: CBrowserHelperObject Object
Path: C:\Program Files\Dell\BAE\
Long name: BAE.dll
Short name:
Date (created): 09/11/2006 10:56:48
Date (last access): 20/11/2007 16:33:50
Date (last write): 09/11/2006 10:56:48
Filesize: 98304
Attributes: archive
MD5: 1A4F60EF6DA38621F1091B0CB0FA2C09
CRC32: 54D81822
Version: 1.2.0.3

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3



--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/s...irector/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 21/07/2009 09:18:18
Date (last access): 09/10/2008 11:18:50
Date (last write): 21/07/2009 09:18:18
Filesize: 206264
Attributes: archive
MD5: 349F6A65776365ACBC8EB12A0509AF6A
CRC32: A801793B
Version: 11.5.1.601

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/s...irector/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 21/07/2009 09:18:18
Date (last access): 09/10/2008 11:18:50
Date (last write): 21/07/2009 09:18:18
Filesize: 206264
Attributes: archive
MD5: 349F6A65776365ACBC8EB12A0509AF6A
CRC32: A801793B
Version: 11.5.1.601

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 25/11/2007 17:40:14
Date (last access): 25/11/2007 17:40:14
Date (last write): 30/07/2006 14:25:34
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control)
DPF name:
CLSID name: Windows Live OneCare safety scanner control
Installer: C:\Windows\Downloaded Program Files\wlscCtrl2.inf
Codebase: http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
Path: %ProgramFiles%\Windows Live Safety Center\
Long name: wlscCtrl2.dll

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\Windows\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsu...?1222159915213
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: wuweb.dll
Short name:
Date (created): 18/07/2008 22:08:04
Date (last access): 18/07/2008 22:08:04
Date (last write): 18/07/2008 22:08:04
Filesize: 205000
Attributes: archive
MD5: B39BAFEA128BDD104C2857733F21DE2F
CRC32: F53B9409
Version: 7.2.6001.784

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\Windows\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsof...?1222117933488
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: muweb.dll
Short name:
Date (created): 18/07/2008 22:07:54
Date (last access): 18/07/2008 22:07:54
Date (last write): 18/07/2008 22:07:54
Filesize: 210976
Attributes: archive
MD5: 5D5DE96F10C6ACDFBEF06125D0EC5890
CRC32: 8B6B8748
Version: 7.2.6001.784

{77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control)
DPF name:
CLSID name: Groove Control
Installer:
Codebase: http://atv.disney.go.com/global/down.../OTOYAX29b.cab
description:
classification: Open for discussion
known filename: GROOVEAX.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: OTOYAX.dll
Short name:
Date (created): 21/10/2005 16:38:02
Date (last access): 21/10/2005 16:38:02
Date (last write): 21/10/2005 16:38:02
Filesize: 510136
Attributes: archive
MD5: BE3D9B33F73C8A26274AA8CE6DBB43FE
CRC32: E84AE30A
Version: 1.0.29.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3

{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 07/03/2009 13:24:14
Date (last access): 09/03/2073 06:20:00
Date (last write): 09/03/2009 06:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name:
Date (created): 09/03/2009 03:53:24
Date (last access): 09/03/2073 06:20:10
Date (last write): 09/03/2009 06:19:10
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3



--- Process list ---
PID: 3700 (1204) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 3832 (2240) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 2528 (1228) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 4552 (3832) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 4596 (3832) C:\Windows\RtHDVCpl.exe
size: 4452352
MD5: 8C7DDBBF366869A61218AB7A6802C3E9
PID: 4608 (3832) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: FF3BF05021BFECC92DB81B8257EEB026
PID: 4620 (3832) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 221184
MD5: 1AAD451CCBECE62987591B35AE8037A8
PID: 4720 (3832) C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
size: 439512
MD5: FEC7A0C94B73E46AFEEEEDF53548AAEA
PID: 4752 (3832) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
size: 215256
MD5: D3E15273940EB78870146BF7592666D3
PID: 4760 (3832) C:\Windows\System32\wpcumi.exe
size: 176128
MD5: C456658AF90F42BE3CDF1048F9CDB5CA
PID: 4768 (3832) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA
PID: 4792 (3832) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 4800 (3832) C:\Program Files\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441
PID: 4828 (3832) C:\Program Files\TalkTalk\bin\sprtcmd.exe
size: 202016
MD5: 7685012305BC2C395139BAA9A1D7462E
PID: 4848 (3832) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
PID: 4856 (3832) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13
PID: 4864 (3832) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
PID: 4872 (3832) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2
PID: 4888 (3832) C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
PID: 4952 (3832) C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
PID: 4976 (4776) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 4992 (3832) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 5036 (3832) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 5096 (3832) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 5124 ( 968) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 3500 ( 968) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
size: 293080
MD5: 0F7DC49086CC3644B45DC58B5998609D
PID: 1280 (4620) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
size: 10752
MD5: C551D15D5D0F875D7BF0BC4FBB6EB2D9
PID: 4100 (3832) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908280
MD5: 0AF842F82CB567E79D065C12E029560C
PID: 1576 (3832) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 488 ( 4) smss.exe
size: 64000
PID: 564 ( 552) csrss.exe
size: 6144
PID: 616 ( 552) wininit.exe
size: 96768
PID: 628 ( 608) csrss.exe
size: 6144
PID: 676 ( 616) services.exe
size: 279552
PID: 740 ( 608) winlogon.exe
size: 314368
PID: 748 ( 616) lsass.exe
size: 9728
PID: 772 ( 616) lsm.exe
size: 229888
PID: 968 ( 676) svchost.exe
size: 21504
PID: 1032 ( 676) svchost.exe
size: 21504
PID: 1072 ( 676) svchost.exe
size: 21504
PID: 1172 ( 676) svchost.exe
size: 21504
PID: 1204 ( 676) svchost.exe
size: 21504
PID: 1228 ( 676) svchost.exe
size: 21504
PID: 1348 (1172) audiodg.exe
size: 88576
PID: 1368 ( 676) svchost.exe
size: 21504
PID: 1384 ( 676) SLsvc.exe
size: 3408896
PID: 1408 ( 676) svchost.exe
size: 21504
PID: 1580 ( 676) svchost.exe
size: 21504
PID: 1600 ( 676) vsmon.exe
PID: 1848 ( 676) AAWService.exe
PID: 1960 ( 676) spoolsv.exe
size: 127488
PID: 1988 ( 676) svchost.exe
size: 21504
PID: 572 (1228) taskeng.exe
size: 169984
PID: 1252 ( 676) a2service.exe
PID: 1520 ( 676) AlertService.exe
PID: 1652 ( 676) AppleMobileDeviceService.exe
PID: 1828 ( 676) avgwdsvc.exe
PID: 2036 ( 676) mDNSResponder.exe
PID: 340 ( 676) CDAC11BA.EXE
PID: 432 ( 676) DQLWinService.exe
PID: 908 ( 676) KService.exe
PID: 2116 (2072) GoogleCrashHandler.exe
PID: 2168 (1828) avgrsx.exe
PID: 2392 ( 676) NMSCore.exe
PID: 2432 ( 676) svchost.exe
size: 21504
PID: 2464 ( 676) QualityManager.exe
PID: 2504 ( 676) RoxWatch9.exe
PID: 2584 ( 676) sprtsvc.exe
PID: 2640 ( 676) sprtsvc.exe
PID: 2672 ( 676) svchost.exe
size: 21504
PID: 2724 ( 676) tgsrvc.exe
PID: 2740 ( 676) TomTomHOMEService.exe
PID: 2804 ( 676) svchost.exe
size: 21504
PID: 2820 ( 676) WLIDSVC.EXE
PID: 2952 ( 676) SearchIndexer.exe
size: 441344
PID: 3024 ( 676) YahooAUService.exe
PID: 3156 ( 676) issm.exe
PID: 3192 ( 676) MCLServiceATL.exe
PID: 3368 ( 676) SDWinSec.exe
size: 809296
MD5: C4CB6FA165448681EE81B00819114704
PID: 3852 (2820) WLIDSVCM.EXE
PID: 3880 ( 676) Remote UI Service.exe
PID: 3924 ( 676) mediaserver.exe
PID: 3760 (1228) taskeng.exe
size: 169984
PID: 3120 (3760) AWC.exe
PID: 4196 ( 676) RoxMediaDB9.exe
PID: 4244 ( 968) unsecapp.exe
PID: 4392 ( 968) WmiPrvSE.exe
PID: 5480 ( 676) wmpnetwk.exe
PID: 3080 ( 676) iPodService.exe
PID: 5972 (5412) notepad.exe
size: 151040
PID: 1164 ( 676) TrustedInstaller.exe
PID: 5568 ( 676) svchost.exe
size: 21504
PID: 3576 ( 480) MpCmdRun.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 31/08/2009 20:29:18

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/...ch/search.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://login.yahoo.com/config/mail?...mail.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/...ch/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com


--- Winsock Layered Service Provider list ---
Protocol 0: Parental Controls LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {2D292C25-7584-489B-B15A-289EE2ABE01B}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 1: Parental Controls LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {1E52807A-CE33-4042-A02E-810820B3B698}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 2: Parental Controls LSP over [MSAFD Tcpip [TCP/IPv6]]
GUID: {4A00445D-7D88-4A61-BDE2-FB3B784487BD}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 3: Parental Controls LSP over [MSAFD Tcpip [UDP/IPv6]]
GUID: {1B3B790C-E804-451D-A6D8-800F06116104}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 4: Parental Controls LSP over [RSVP TCPv6 Service Provider]
GUID: {A9655C03-5200-49F8-B270-779F62EF6E02}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 5: Parental Controls LSP over [RSVP TCP Service Provider]
GUID: {680ED6D1-2975-4CEF-86A7-FBEBC30097F0}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 6: Parental Controls LSP over [RSVP UDPv6 Service Provider]
GUID: {33C1ECF6-BF82-48E3-BB56-FA1A6A2216DC}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 7: Parental Controls LSP over [RSVP UDP Service Provider]
GUID: {C8A53BB3-8372-4757-B16A-5069CD2E676B}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 8: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 9: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 10: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 11: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 12: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 13: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 14: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 15: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 16: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 17: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 18: Parental Controls LSP
GUID: {572F18CF-62F6-4456-BE0E-AF2D8FDBCE0B}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{475AAFD1-557C-4618-B1E6-32ADDB7E7CB4}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{475AAFD1-557C-4618-B1E6-32ADDB7E7CB4}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF443C2D-D7D3-4A15-BC7B-95CEC09BDBAA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

Namespace Provider 5: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 6: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

[tashi]

HelloDerek_the_Wolves_Fan

I am a bit nervous of just using the instructions provided as I know sometimes you need to be very specific. Are the instructions given OK for everyone to use or do you need to see the spybot report?

Please see this forum's FAQ, "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Please note that all instructions given are customized for that member's computer only, the tools used may cause damage if run on a computer with different infections. Your symptoms may only appear to be similar. Regardless, please do not take fixes given to another user and apply to your own machine.

The log from the Spybot-S&D scan is missing the header showing what it found, so please start a new topic providing the HJT log with a link back to this thread. ( http://forums.spybot.info/showthread.php?t=51364 )

Then I will close here as helpers look for threads without a response.

Cheers.

[Derek_the_Wolves_Fan]

Thanks Tashi - but I just found the solution in another thread ie I needed to download 1.62, as the earlier version indicated a problem that didn't exist.
So I wont create a new thread.
Many thanks for your help.

Derek

[tashi]

Thank you for letting us know!