-
trojan.win32.dialer.hc
Hi,
I'm new here but maybe someone can help me. When I boot my pc I inevitably get a spysweeper alert that svchost.exe is trying to reset my security settings to allow a website called sgrunt.biz to be accessed. (This appears to be a malicious website)
Spysweeper shuts down the action and recommends a sweep of my system. Sweep does not reveal reveals anything. At roughly the same time my AOLspyware tells me it has found and blocked tojan.win32.dialer.hc and I go into the blocked items area of the program and remove it. (I do not actually believe it is removed)
I run spybot, lavasoft adaware, AOl spyware, Webroot Spysweeper, Macafee Antivirus, Macafee Firewall, and cwshredder. All applications find rogue crapola on my system regularily except Macafee. COOLWEBSEARCH seems to be prevalent and may be related to the trojan. Everytime I update definitions a new version of COOLWEBSEARCH is found. (again I suspect that CWS is not really removed by the anti spyware programs I have or has a way of restarting itself next boot up)
I also cannot use the right click of my mouse button in windows explorer anymore. If I rightclick an item in windows explorer, then explorer shuts down momentarily and Dr. Watson Postmotem debugger pops up sometimes; When it does it will not close properly. I go to the task manager. Two files called Drwatsn.exe are present and both must be closed to shut down the debugger program.
On a final note I have found a hidden folder called JITI in my AOL folder with the program Jiti_mm.exe. This program is unfamiliar to my and its creation date of May 2005 is suspicious although not neccessarily impossible. (AOL updates itself regualrily with new features)
Someone please help or provide advise
Thank You
Last edited by Arctic Wolf; 2005-11-07 at 17:41.
-
Member of Team Spybot
-
Trojan.win32.dialer.hc
Coincidentally while reading your reply tashi I got the SpySweeper and Aol Spyware messages again.
This is the shortened SpySweeper Security Message:
IE Security Shield found C:|Program Files\Common Files\AOL\AOLSERVICEHOST.EXE
The full message in the alert only lasts for a little while but basically says that aolservicehost.exe tried to reset the securities settings to allow for SGrunt.biz to be placed in my safe zone.
Again about 12 seconds after the spysweeper alert I get the Trojan alert from AOLspyware warning me that the trojan.win32.dialer.hc has been blocked.
I looked at the link you gave me and realized I had already found that info which did not seem to make any sense to me. Another link at Geeks to Go http://www.geekstogo.com/forum/index...T&f=37&t=76123
seems to indicate an identical problem to mine. I do not have the knowledge base to grasp the answer given but it seems to indicate a larger problem.
I will initiate the steps you suggest and post the results.
Should I perhaps be doing the scans in safe mode?
-
Trojan.win32.dialer.hc
Here is the log report requested:
--- Search result list ---
Congratulations!: No immediate threats were found. ()
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-11-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-11-04 Includes\Cookies.sbi (*)
2005-11-04 Includes\Dialer.sbi (*)
2005-11-04 Includes\Hijackers.sbi (*)
2005-11-04 Includes\Keyloggers.sbi (*)
2005-11-04 Includes\Malware.sbi (*)
2005-11-04 Includes\PUPS.sbi (*)
2005-11-04 Includes\Revision.sbi (*)
2005-11-04 Includes\Security.sbi (*)
2005-11-04 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-11-04 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
-
--- Startup entries list ---
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8b4cbba1ea526830c7f97e7822e2493a
Located: HK_LM:Run, AlcWzrd
command: ALCWZRD.EXE
file: C:\WINDOWS\ALCWZRD.EXE
size: 2807808
MD5: 057c8f39c09f60216c452eed19ad3cb2
Located: HK_LM:Run, AOL Spyware Protection
command: "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
file: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
size: 79448
MD5: 217697c43bff8d740cfbb9ad87621519
Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 34904
MD5: 25d2aa5a7ca01db369a39149a1ab2f30
Located: HK_LM:Run, CARPService
command: carpserv.exe
file: C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: 9aaf44fdf3a5517066b286b80c4a149f
Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: HDAudPropShortcut.exe
file: C:\WINDOWS\system32\HDAudPropShortcut.exe
size: 61952
MD5: 3e7a11c1c4ebd2c3c52197238df4e14b
Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1107544306\ee\AOLHostManager.exe
file: C:\Program Files\Common Files\AOL\1107544306\ee\AOLHostManager.exe
size: 159832
MD5: f272c718d0a1608f04e66cad9af43d46
Located: HK_LM:Run, Imonitor
command: "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
file: C:\Program Files\McAfee\QuickClean\Plguni.exe
size: 98304
MD5: 3c246a878620c3393d17e92baae05afd
Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 278528
MD5: c9a041d6e5211ca48aeba3ac1987d837
Located: HK_LM:Run, MCUpdateExe
command: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
file: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
size: 180224
MD5: c7d0c96ad30cfafc37f621c75fad6252
Located: HK_LM:Run, MPFExe
command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
file: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 1380352
MD5: 40ea79a23fce6aa3976d0e6cd0a009d9
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 60d44ef1cb5f41160e9d0a7e637cc8aa
Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file:
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 86016
MD5: e44cf0ab3dafb101971b6d7bc811bc51
Located: HK_LM:Run, SpySweeper
command: "C:\Program Files\Spyware\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
file: C:\Program Files\Spyware\Webroot\Spy Sweeper\SpySweeper.exe
size: 3296256
MD5: d56c4031c94f7dc9567b53d54d92d0d2
Located: HK_LM:Run, type32
command: "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
file: C:\Program Files\Microsoft IntelliType Pro\type32.exe
size: 172032
MD5: 05e10c2c3736e52fe33d16d2f9c73c04
Located: HK_LM:Run, VirusScan Online
command: "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
file: c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
size: 163840
MD5: 3fe1e841ed8483f7a75a1e86f6fc2216
Located: HK_LM:Run, VSOCheckTask
command: "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
file: c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
size: 122880
MD5: 1330323afadf53f9fd1fd428fbaf8e2b
Located: HK_CU:Run, AOL Fast Start
command: "C:\Program Files\AOL 9.0\AOL.EXE" -b
file: C:\Program Files\AOL 9.0\AOL.EXE
size: 50776
MD5: 79c12b112b75a8a4c337857c5e99a219
Located: HK_CU:Run, McAfee.InstantUpdate.Monitor
command: "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
file: C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
size: 122948
MD5: 4bfc3d39305984c6583a042628956d84
Located: HK_CU:Run, PopUpWasher
command: C:\Program Files\Spyware\Webroot\PopUpWasher\PopUpWasher.exe
file: C:\Program Files\Spyware\Webroot\PopUpWasher\PopUpWasher.exe
size: 396288
MD5: 9883bead2245253c1a8d76abffe0c134
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll
--- Browser helper object list ---
{4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} (Popup Killer)
BHO name:
CLSID name: Popup Killer
description: Pop-Up Washer, Pop-Up Washer
classification: Legitimate
known filename: PopUpWasher21.dll
info link: http://www.popup-killer.info/popup-washer/
info source: TonyKlein
Path: C:\WINDOWS\
Long name: PopUpWasher21.dll
Short name: POPUPW~1.DLL
Date (created): 21/10/2005 12:44:28 PM
Date (last access): 07/11/2005 5:22:00 PM
Date (last write): 08/09/2004 1:19:42 PM
Filesize: 126976
Attributes: archive
MD5: 9603AFC1041B5EDE8D88A016708B959F
CRC32: 1007037E
Version: 2.1.0.1
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 06/11/2005 2:00:00 PM
Date (last access): 07/11/2005 5:22:00 PM
Date (last write): 31/05/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
-
--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 12/07/2005 5:04:22 PM
Date (last access): 07/11/2005 8:46:00 AM
Date (last write): 29/08/2005 12:27:12 PM
Filesize: 520968
Attributes: archive
MD5: 679088DD42AFB105A6DA3F5E876D69B6
CRC32: 80D21320
Version: 1.3.272.0
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase: http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
description:
classification: Open for discussion
known filename: mcinsctl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: mcinsctl.dll
Short name:
Date (created): 11/09/2005 3:27:22 PM
Date (last access): 07/11/2005 5:20:40 PM
Date (last write): 09/06/2004 5:24:10 PM
Filesize: 341088
Attributes: archive
MD5: 51C1F2F0034A18C9CB562F12CD392A30
CRC32: 904D5FFB
Version: 4.0.0.83
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsof...?1129219796406
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 26/05/2005 3:19:32 AM
Date (last access): 07/11/2005 5:49:42 PM
Date (last write): 26/05/2005 3:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
DPF name:
CLSID name: DwnldGroupMgr Class
Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf
Codebase: http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
description:
classification: Open for discussion
known filename: McGDMgr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: McGDMgr.dll
Short name:
Date (created): 11/09/2005 3:27:22 PM
Date (last access): 07/11/2005 5:20:40 PM
Date (last write): 14/06/2004 4:02:08 PM
Filesize: 279640
Attributes: archive
MD5: E8074DB73A77854CD588B08398BE4FC2
CRC32: C5AFD416
Version: 1.0.0.20
-
--- Process list ---
PID: 0 ( 0) [System]
PID: 696 ( 4) \SystemRoot\System32\smss.exe
PID: 752 ( 696) \??\C:\WINDOWS\system32\csrss.exe
PID: 776 ( 696) \??\C:\WINDOWS\system32\winlogon.exe
PID: 820 ( 776) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 832 ( 776) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 976 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1036 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1076 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1160 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1176 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1396 ( 820) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1568 (1520) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1620 ( 820) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
size: 100016
MD5: 7FB54900AA9792AB6307C699EC1859D4
PID: 1724 (1620) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
size: 46768
MD5: CAF7C2FDDADF73A02AC84C6FB6030BBF
PID: 1732 ( 820) c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
size: 106496
MD5: B1E94B3ED8AF23AEBBC2CCFCCADBA104
PID: 1780 ( 820) C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
size: 503808
MD5: B4569B83EAC67EFF8CB136A7D756F0E4
PID: 1796 ( 820) C:\WINDOWS\system32\nvsvc32.exe
size: 131139
MD5: 0B24AB7CC5B7ED2AA7F438A4072459F4
PID: 1848 ( 820) C:\WINDOWS\System32\snmp.exe
size: 32768
MD5: D923BF27723E28E3C121B77F52DB4BCE
PID: 1964 ( 820) C:\Program Files\Spyware\Webroot\Spy Sweeper\WRSSSDK.exe
size: 2116096
MD5: 8DCB6BD13899E1629DA2FFDC054D396C
PID: 212 (1568) C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: 9AAF44FDF3A5517066B286B80C4A149F
PID: 224 (1568) C:\Program Files\Microsoft IntelliType Pro\type32.exe
size: 172032
MD5: 05E10C2C3736E52FE33D16D2F9C73C04
PID: 228 ( 820) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 240 (1568) C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF
PID: 408 ( 820) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: ADBF8F672C871B606E94730BE4217B14
PID: 436 (1568) C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
size: 163840
MD5: 3FE1E841ED8483F7A75A1E86F6FC2216
PID: 528 ( 436) c:\progra~1\mcafee.com\vso\mcvsescn.exe
size: 417849
MD5: C87CCFAC151DA6D88F50608F2E3C8DC2
PID: 532 ( 436) c:\program files\mcafee.com\agent\mcagent.exe
size: 278528
MD5: C9A041D6E5211CA48AEBA3AC1987D837
PID: 604 (1568) C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 1380352
MD5: 40EA79A23FCE6AA3976D0E6CD0A009D9
PID: 620 (1568) C:\WINDOWS\SOUNDMAN.EXE
size: 86016
MD5: E44CF0AB3DAFB101971B6D7BC811BC51
PID: 632 (1568) C:\WINDOWS\ALCWZRD.EXE
size: 2807808
MD5: 057C8F39C09F60216C452EED19AD3CB2
PID: 736 (1568) C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
size: 79448
MD5: 217697C43BFF8D740CFBB9AD87621519
PID: 796 (1568) C:\Program Files\Spyware\Webroot\Spy Sweeper\SpySweeper.exe
size: 3296256
MD5: D56C4031C94F7DC9567B53D54D92D0D2
PID: 880 (1568) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 1104 (1568) C:\Program Files\McAfee\QuickClean\Plguni.exe
size: 98304
MD5: 3C246A878620C3393D17E92BAAE05AFD
PID: 1120 (1568) C:\Program Files\Spyware\Webroot\PopUpWasher\PopUpWasher.exe
size: 396288
MD5: 9883BEAD2245253C1A8D76ABFFE0C134
PID: 1148 (1568) C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
size: 122948
MD5: 4BFC3D39305984C6583A042628956D84
PID: 1320 ( 976) C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
size: 569344
MD5: 308E0DC5A1849F4529D8B6AB5871841F
PID: 2068 ( 636) c:\program files\common files\aol\1107544306\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
size: 1536
MD5: F04DD4A47D7672E8E0F861BD3EE12EFD
PID: 2216 ( 976) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 2420 ( 820) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
size: 225375
MD5: 97ADDEE4DC70929A8B482A7AE7842920
PID: 2652 ( 820) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 1864 (1568) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3872 (1568) C:\Program Files\Windows NT\Accessories\wordpad.exe
size: 214528
MD5: F0543ACEEB5CD8821469958C9F3DD9A4
PID: 4072 (4004) C:\Program Files\Common Files\AOL\1107544306\ee\AOLHostManager.exe
size: 159832
MD5: F272C718D0A1608F04E66CAD9AF43D46
PID: 3892 (4072) C:\Program Files\Common Files\AOL\1107544306\ee\AOLServiceHost.exe
size: 151128
MD5: 44A2EDD53616FD034FFFB9CBC4193E8E
PID: 1112 (3892) C:\Program Files\Common Files\AOL\1107544306\ee\AOLServiceHost.exe
size: 151128
MD5: 44A2EDD53616FD034FFFB9CBC4193E8E
PID: 4 ( 0) System
-
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 07/11/2005 6:04:00 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://home.microsoft.com/search/search.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EEF30111-2845-498A-AC84-12C1F44E10F8}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EEF30111-2845-498A-AC84-12C1F44E10F8}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40497661-2C46-4977-A8CA-D7F75D69C269}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40497661-2C46-4977-A8CA-D7F75D69C269}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF30111-2845-498A-AC84-12C1F44E10F8}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF30111-2845-498A-AC84-12C1F44E10F8}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86126D7A-97F3-47E7-B660-B21FE109268D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86126D7A-97F3-47E7-B660-B21FE109268D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81AA565-27CA-4DB6-95D6-4762DE8F98D0}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81AA565-27CA-4DB6-95D6-4762DE8F98D0}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5819D3A-BC61-4B76-816B-FD82E46CF7DB}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5819D3A-BC61-4B76-816B-FD82E46CF7DB}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A93AAA4-D005-49E1-984C-A47A4AD950C0}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A93AAA4-D005-49E1-984C-A47A4AD950C0}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
-
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
--- Process list ---
PID: 0 ( 0) [System]
PID: 696 ( 4) \SystemRoot\System32\smss.exe
PID: 752 ( 696) \??\C:\WINDOWS\system32\csrss.exe
PID: 776 ( 696) \??\C:\WINDOWS\system32\winlogon.exe
PID: 820 ( 776) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 832 ( 776) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 976 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1036 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1076 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1160 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1176 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1396 ( 820) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1568 (1520) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1620 ( 820) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
size: 100016
MD5: 7FB54900AA9792AB6307C699EC1859D4
PID: 1724 (1620) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
size: 46768
MD5: CAF7C2FDDADF73A02AC84C6FB6030BBF
PID: 1732 ( 820) c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
size: 106496
MD5: B1E94B3ED8AF23AEBBC2CCFCCADBA104
PID: 1780 ( 820) C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
size: 503808
MD5: B4569B83EAC67EFF8CB136A7D756F0E4
PID: 1796 ( 820) C:\WINDOWS\system32\nvsvc32.exe
size: 131139
MD5: 0B24AB7CC5B7ED2AA7F438A4072459F4
PID: 1848 ( 820) C:\WINDOWS\System32\snmp.exe
size: 32768
MD5: D923BF27723E28E3C121B77F52DB4BCE
PID: 1964 ( 820) C:\Program Files\Spyware\Webroot\Spy Sweeper\WRSSSDK.exe
size: 2116096
MD5: 8DCB6BD13899E1629DA2FFDC054D396C
PID: 212 (1568) C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: 9AAF44FDF3A5517066B286B80C4A149F
PID: 224 (1568) C:\Program Files\Microsoft IntelliType Pro\type32.exe
size: 172032
MD5: 05E10C2C3736E52FE33D16D2F9C73C04
PID: 228 ( 820) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 240 (1568) C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF
PID: 408 ( 820) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: ADBF8F672C871B606E94730BE4217B14
PID: 436 (1568) C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
size: 163840
MD5: 3FE1E841ED8483F7A75A1E86F6FC2216
PID: 528 ( 436) c:\progra~1\mcafee.com\vso\mcvsescn.exe
size: 417849
MD5: C87CCFAC151DA6D88F50608F2E3C8DC2
PID: 532 ( 436) c:\program files\mcafee.com\agent\mcagent.exe
size: 278528
MD5: C9A041D6E5211CA48AEBA3AC1987D837
PID: 604 (1568) C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 1380352
MD5: 40EA79A23FCE6AA3976D0E6CD0A009D9
PID: 620 (1568) C:\WINDOWS\SOUNDMAN.EXE
size: 86016
MD5: E44CF0AB3DAFB101971B6D7BC811BC51
PID: 632 (1568) C:\WINDOWS\ALCWZRD.EXE
size: 2807808
MD5: 057C8F39C09F60216C452EED19AD3CB2
PID: 736 (1568) C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
size: 79448
MD5: 217697C43BFF8D740CFBB9AD87621519
PID: 796 (1568) C:\Program Files\Spyware\Webroot\Spy Sweeper\SpySweeper.exe
size: 3296256
MD5: D56C4031C94F7DC9567B53D54D92D0D2
PID: 880 (1568) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 1104 (1568) C:\Program Files\McAfee\QuickClean\Plguni.exe
size: 98304
MD5: 3C246A878620C3393D17E92BAAE05AFD
PID: 1120 (1568) C:\Program Files\Spyware\Webroot\PopUpWasher\PopUpWasher.exe
size: 396288
MD5: 9883BEAD2245253C1A8D76ABFFE0C134
PID: 1148 (1568) C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
size: 122948
MD5: 4BFC3D39305984C6583A042628956D84
PID: 1320 ( 976) C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
size: 569344
MD5: 308E0DC5A1849F4529D8B6AB5871841F
PID: 2068 ( 636) c:\program files\common files\aol\1107544306\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
size: 1536
MD5: F04DD4A47D7672E8E0F861BD3EE12EFD
PID: 2216 ( 976) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 2420 ( 820) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
size: 225375
MD5: 97ADDEE4DC70929A8B482A7AE7842920
PID: 2652 ( 820) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 1864 (1568) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3872 (1568) C:\Program Files\Windows NT\Accessories\wordpad.exe
size: 214528
MD5: F0543ACEEB5CD8821469958C9F3DD9A4
PID: 4072 (4004) C:\Program Files\Common Files\AOL\1107544306\ee\AOLHostManager.exe
size: 159832
MD5: F272C718D0A1608F04E66CAD9AF43D46
PID: 3892 (4072) C:\Program Files\Common Files\AOL\1107544306\ee\AOLServiceHost.exe
size: 151128
MD5: 44A2EDD53616FD034FFFB9CBC4193E8E
PID: 1112 (3892) C:\Program Files\Common Files\AOL\1107544306\ee\AOLServiceHost.exe
size: 151128
MD5: 44A2EDD53616FD034FFFB9CBC4193E8E
PID: 4 ( 0) System
-
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 07/11/2005 6:04:00 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://home.microsoft.com/search/search.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EEF30111-2845-498A-AC84-12C1F44E10F8}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EEF30111-2845-498A-AC84-12C1F44E10F8}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40497661-2C46-4977-A8CA-D7F75D69C269}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40497661-2C46-4977-A8CA-D7F75D69C269}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF30111-2845-498A-AC84-12C1F44E10F8}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF30111-2845-498A-AC84-12C1F44E10F8}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86126D7A-97F3-47E7-B660-B21FE109268D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86126D7A-97F3-47E7-B660-B21FE109268D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81AA565-27CA-4DB6-95D6-4762DE8F98D0}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81AA565-27CA-4DB6-95D6-4762DE8F98D0}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5819D3A-BC61-4B76-816B-FD82E46CF7DB}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5819D3A-BC61-4B76-816B-FD82E46CF7DB}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A93AAA4-D005-49E1-984C-A47A4AD950C0}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A93AAA4-D005-49E1-984C-A47A4AD950C0}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules