TechSpot

[Not curable - Ramnit] My XP Laptop is infected with the win32/zbot.g

By 51mog
Aug 15, 2011
  1. My XP Laptop is infected with the win32/zbot.g & vbs generic virus.

    Windows and Office (and other apps) are becoming unusable. I cannot run Windows Live Mail, Messenger or download the GMER and Office keeps trying to reinstall.

    This is what I managed so far ......

    Step 1: Already have AVG 2011 installed and running. Autodetect and AV Scan has identified about 1,500 infected files which it has healed or vaulted, but is still finding them.

    Step 2: Downloaded and ran Malwarebytes' Anti-Malware. See log below:-

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7469

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    15/08/2011 14:24:22
    mbam-log-2011-08-15 (14-24-21).txt

    Scan type: Quick scan
    Objects scanned: 224577
    Time elapsed: 43 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Step 3:

    Cannot display web page to download and install GMER. Thinks there is a Firewall issue but never had this problem before.

    Step 4:

    DDS not started.

    Step 5:

    Logs as I ahve been able to get.

    Step 6:

    Here you go - hope you can help or do you think I would be better off re-formatting and reloading all the software from scratch? Would it be safe to copy data files from the infected laptop on to another machine or would I just be infecting another machine?

    Thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  3. 51mog

    51mog TS Rookie Topic Starter

    Can't download ESET

    Hi Broni

    I can't download (connect to) ESET although I can get to other web sites including TechSpot.

    What should I do next?

    Here is the log file from the connectivity diagnostics.

    Last diagnostic run time: 08/15/11 23:08:09 HTTP, HTTPS, FTP Diagnostic
    HTTP, HTTPS, FTP connectivity

    warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
    warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
    warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
    warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
    warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
    info HTTP: Successfully connected to www.hotmail.com.
    error Could not make an HTTPS connection.
    error Could not make an FTP connection.
    info Redirecting user to support call



    DNS Client Diagnostic
    DNS - Not a home user scenario

    info Using Web Proxy: no
    info Resolving name ok for (www.microsoft.com): yes
    No DNS servers

    DNS failure




    Gateway Diagnostic
    Gateway

    info The following proxy configuration is being used by IE: Automatically Detect Settings:Enabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
    info Could not get proxy settings via the Automatic Proxy Configuration mechanism
    info This computer has the following default gateway entry(ies): 192.168.1.1
    info This computer has the following IP address(es): 192.168.1.9
    info The default gateway is in the same subnet as this computer
    info The default gateway entry is a valid unicast address
    info The default gateway address was resolved via ARP in 1 try(ies)
    info The default gateway was reached via ICMP Ping in 1 try(ies)
    info TCP port 80 on host 127.0.0.1 was successfully reached
    info The Internet host www.microsoft.com was successfully reached
    info The default gateway is OK



    IP Layer Diagnostic
    Corrupted IP routing table

    info The default route is valid
    info The loopback route is valid
    info The local host route is valid
    info The local subnet route is valid
    Invalid ARP cache entries

    action The ARP cache has been flushed



    IP Configuration Diagnostic
    Invalid IP address

    info Valid IP address detected: 192.168.1.9



    Wireless Diagnostic
    Wireless - Service disabled

    Wireless - User SSID

    action User input required: Specify network name or SSID
    Wireless - First time setup

    info The Wireless Network name (SSID) to which the user would like to connect = Conservatory2.
    Wireless - Radio off

    info Valid IP address detected: 192.168.1.9
    Wireless - Out of range

    Wireless - Hardware issue

    Wireless - Novice user

    Wireless - Ad-hoc network

    Wireless - Less preferred

    Wireless - 802.1x enabled

    Wireless - Configuration mismatch

    Wireless - Low SNR




    WinSock Diagnostic
    WinSock status

    info IrDA protocol is not found in Winsock catalog.
    info All base service provider entries are present in the Winsock catalog.
    info The Winsock Service provider chains are valid.
    info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
    info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
    info Provider entry RSVP UDP Service Provider passed the loopback communication test.
    info Provider entry RSVP TCP Service Provider passed the loopback communication test.
    info Connectivity is valid for all Winsock service providers.



    Network Adapter Diagnostic
    Network location detection

    info Using home Internet connection
    Network adapter identification

    info Network connection: Name=Local Area Connection, Device=SiS 900-Based PCI Fast Ethernet Adapter, MediaType=LAN, SubMediaType=LAN
    info Network connection: Name=Wireless Network Connection, Device=PRISM 802.11g Adapter (3886), MediaType=LAN, SubMediaType=WIRELESS
    info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
    info Both Ethernet and Wireless connections available, prompting user for selection
    action User input required: Select network connection
    info Wireless connection selected
    Network adapter status

    info Network connection status: Connected



    HTTP, HTTPS, FTP Diagnostic
    HTTP, HTTPS, FTP connectivity

    warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
    warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
    warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
    warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
    info HTTP: Successfully connected to www.hotmail.com.
    warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
    error Could not make an HTTPS connection.
    error Could not make an FTP connection.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Use working computer to download following tool and move it to "bad" computer using USB flash drive...

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope leave pre-checked items as they're and also checkmark My Computer
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
     
  5. 51mog

    51mog TS Rookie Topic Starter

    Kaspersky Virus Removal Tool

    Hi Broni

    Followed your instructions but Kaspersky wanted to do a removal and restart before completion so I did a log/report prior to removal (File 1) and one after restart (File 2).

    I then reran Kaspersky which completed sucessfully and did another log/report (File 3) which is 35Mb. These are too big to include in TechSpot OpenBoards replies due to 50,000 character limit. Is there another way I can send these to you?

    What next?

    Thanks.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,015   +255

  7. 51mog

    51mog TS Rookie Topic Starter

    Kaspersky Files

    Broni

    Here you go.

    <a href=http://www.filedropper.com/kaspersky1><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >file storage online</a></div>

    <a href=http://www.filedropper.com/kaspersky2><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >share files free</a></div>

    <a href=http://www.filedropper.com/kaspersky3><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >online backup storage</a></div>

    Thanks
     
  8. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    I'm afraid I have very bad news.

    You're infected with Ramnit file infector virus.

    Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

    -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    Backdoors and What They Mean to You

    This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

    Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
     
  9. 51mog

    51mog TS Rookie Topic Starter

    Has it infected my 'good' computer?

    Hi Broni

    Thanks for the news - although bad.

    Funny AVG is not now reporting any malicious files on the laptop. What is the best way to reformat and reload from scratch?

    My concern now is, as I've been transfering info for this clean up exercise on a USB stick between the laptop and my 'good' PC, - does that mean the PC is now infected? Nothing has been picked up - can I check? I have Skybot on my PC so I will do a Search and let you know the outcome.
     
  10. 51mog

    51mog TS Rookie Topic Starter

    Spybot Report

    Broni

    Here is Spybot report from my 'good' PC - it looks OK.

    I havn't corrected the 8 issues listed below because they are non-threatening.


    1. MyWay.MyWebSearch: [SBI $9185AE0B] Class ID (Registry key, nothing done)
    2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    3. MyWay.MyWebSearch: [SBI $798DEFC6] Class ID (Registry key, nothing done)
    4. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}
    5. MyWay.MyWebSearch: [SBI $17EB816E] Class ID (Registry key, nothing done)
    6. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    7. MyWay.MyWebSearch: [SBI $E6CF97BD] Class ID (Registry key, nothing done)
    8. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
    9. MyWay.MyWebSearch: [SBI $84A88F8E] Class ID (Registry key, nothing done)
    10. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
    11. MyWay.MyWebSearch: [SBI $2E0CB34B] Class ID (Registry key, nothing done)
    12. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    13. Right Media: Tracking cookie (Internet Explorer: Frank) (Cookie, nothing done)

    14. DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-08-29 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-07-28 advcheck.dll (1.6.3.17)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-06-28 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-05-16 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-04-05 Includes\Malware.sbi (*)
    2011-08-16 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-05-24 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-05-03 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-06-14 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-06-20 Includes\Trojans.sbi (*)
    2011-08-01 Includes\TrojansC-02.sbi (*)
    2011-08-09 Includes\TrojansC-03.sbi (*)
    2011-08-15 Includes\TrojansC-04.sbi (*)
    2011-08-16 Includes\TrojansC-05.sbi (*)
    2011-08-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


    --- Startup entries list ---
    Located: HK_LM:Run,
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, Adobe ARM
    command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    size: 937920
    MD5: 47C1DE0A890613FFCFF1D67648EEDF90

    Located: HK_LM:Run, ApnUpdater
    command: "C:\Program Files\Ask.com\Updater\Updater.exe"
    file: C:\Program Files\Ask.com\Updater\Updater.exe
    size: 399312
    MD5: BB6F29A0F374D0BFC5DE0B5C633AA439

    Located: HK_LM:Run, AVG_TRAY
    command: C:\Program Files\AVG\AVG10\avgtray.exe
    file: C:\Program Files\AVG\AVG10\avgtray.exe
    size: 2334560
    MD5: 140F771CADA8724200434C39918F2EA0

    Located: HK_LM:Run, DivX Download Manager
    command: "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
    file: C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    size: 63360
    MD5: 57D8C4ED26DFD7EF0E2CB196FB8BFB54

    Located: HK_LM:Run, DivXUpdate
    command: "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    file: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    size: 1230704
    MD5: CB7CA3DC268CA9D3FC1349A60EA48211

    Located: HK_LM:Run, GrooveMonitor
    command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    size: 31072
    MD5: 644795F6985C740F5E36E9336B837D0B

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 421736
    MD5: FDE6DA67628FB7B763336B6952CF6C3C

    Located: HK_LM:Run, MDS_Menu
    command: "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
    file: C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe
    size: 220336
    MD5: 891ABF0AB508C4C746D97F2331569E53

    Located: HK_LM:Run, Olympus ib
    command: "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
    file: C:\Program Files\Olympus\ib\olycamdetect.exe
    size: 93360
    MD5: BF0595533F66EBAAF4ED2DB0E3201FE9

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 421888
    MD5: 0AEE5668EB59912F32FF245BFA72465F

    Located: HK_LM:Run, RtHDVCpl
    command: RtHDVCpl.exe
    file: C:\Windows\RtHDVCpl.exe
    size: 6139904
    MD5: E6CB83FF2C098C6FFCF2D43A4AAC9B54

    Located: HK_LM:Run, Skytel
    command: Skytel.exe
    file: C:\Windows\Skytel.exe
    size: 1826816
    MD5: C8612E58FB7FCFA5EEA4E39F7B8CBC17

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
    size: 249064
    MD5: 2E5212A0BFB98FE0167C92C76C87AFE3

    Located: HK_LM:Run, Windows Defender
    command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    file: C:\Program Files\Windows Defender\MSASCui.exe
    size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

    Located: HK_LM:Run, Windows Mobile-based device management
    command: %windir%\WindowsMobile\wmdcBase.exe
    file: C:\Windows\WindowsMobile\wmdcBase.exe
    size: 648072
    MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B

    Located: HK_LM:Run, Wireless Manager
    command: "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
    file: C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    size: 585728
    MD5: 1D1D81A45ECAD70BADA52DE8FB332961

    Located: HK_CU:Run, Sidebar
    where: S-1-5-19...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1233920
    MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

    Located: HK_CU:Run, WindowsWelcomeCenter
    where: S-1-5-19...
    command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
    file: C:\Windows\system32\oobefldr.dll
    size: 2153472
    MD5: 16FC5B430123238E522B18E63C257AF8

    Located: HK_CU:Run, Sidebar
    where: S-1-5-20...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1233920
    MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

    Located: HK_CU:Run, WindowsWelcomeCenter
    where: S-1-5-20...
    command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
    file: C:\Windows\system32\oobefldr.dll
    size: 2153472
    MD5: 16FC5B430123238E522B18E63C257AF8

    Located: HK_CU:Run, ehTray.exe
    where: S-1-5-21-1078631305-1000495755-1001525788-1006...
    command: C:\Windows\ehome\ehTray.exe
    file: C:\Windows\ehome\ehTray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C

    Located: HK_CU:Run, msnmsgr
    where: S-1-5-21-1078631305-1000495755-1001525788-1006...
    command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 4240760
    MD5: 6F0DAB13529BCB7C0F8A3082A8B1CDE9

    Located: HK_CU:Run, Olympus ib
    where: S-1-5-21-1078631305-1000495755-1001525788-1006...
    command: "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
    file: C:\Program Files\Olympus\ib\olycamdetect.exe
    size: 93360
    MD5: BF0595533F66EBAAF4ED2DB0E3201FE9

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-1078631305-1000495755-1001525788-1006...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887

    Located: HK_CU:Run, swg
    where: S-1-5-21-1078631305-1000495755-1001525788-1006...
    command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 39408
    MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD

    Located: HK_CU:Run, TomTomHOME.exe
    where: S-1-5-21-1078631305-1000495755-1001525788-1006...
    command: "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
    file: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    size: 247728
    MD5: 9AF1C70202FB6A84F177D497D75BC5FC

    Located: HK_CU:Run, Sidebar
    where: S-1-5-21-1078631305-1000495755-1001525788-1007...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1233920
    MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

    Located: HK_CU:Run, WindowsWelcomeCenter
    where: S-1-5-21-1078631305-1000495755-1001525788-1007...
    command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
    file: C:\Windows\system32\oobefldr.dll
    size: 2153472
    MD5: 16FC5B430123238E522B18E63C257AF8

    Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
    where: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    size: 97680
    MD5: 32C26797AB646074A2BB562F9D10ADB5



    --- Browser helper object list ---
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: AcroIEHelperStub
    CLSID name: Adobe PDF Link Helper
    Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelperShim.dll
    Short name: ACROIE~2.DLL
    Date (created): 06/06/2011 12:55:30
    Date (last access): 25/06/2011 23:57:34
    Date (last write): 06/06/2011 12:55:30
    Filesize: 63912
    Attributes: archive
    MD5: D2ADA8AF0EE98F3F76536015D74EE4BF
    CRC32: DB9EE21C
    Version: 10.1.0.534

    {326E768D-4182-46FD-9C16-1449A49795F4} (Increase performance and video formats for your HTML5 <video>)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Increase performance and video formats for your HTML5 <video>
    CLSID name: DivX Plus Web Player HTML5 <video>
    Path: C:\Program Files\DivX\DivX Plus Web Player\
    Long name: npdivx32.dll
    Short name:
    Date (created): 08/12/2010 22:15:44
    Date (last access): 30/01/2011 15:03:18
    Date (last write): 08/12/2010 22:15:44
    Filesize: 3123072
    Attributes: archive
    MD5: ABB7A668B5D11BFF77DD00CC2B6C8DB0
    CRC32: E10E3B63
    Version: 2.1.0.900

    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: WormRadar.com IESiteBlocker.NavFilter
    CLSID name: AVG Safe Search
    Path: C:\Program Files\AVG\AVG10\
    Long name: avgssie.dll
    Short name:
    Date (created): 05/08/2011 13:20:30
    Date (last access): 09/08/2011 17:22:10
    Date (last write): 05/08/2011 13:20:30
    Filesize: 2274144
    Attributes: archive
    MD5: 4109B81AEDEED60102542554F4E69F10
    CRC32: 0E9B870A
    Version: 10.0.0.1392

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDHelper.dll
    info link: http://www.safer-networking.org/
    info source: Safer-Networking Ltd.
    Path: C:\Program Files\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 29/08/2009 13:45:30
    Date (last access): 29/08/2009 13:45:30
    Date (last write): 26/01/2009 15:31:02
    Filesize: 1879896
    Attributes: archive
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {593DDEC6-7468-4cdd-90E1-42DADAA222E9} (Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites
    CLSID name: DivX HiQ
    Path: C:\Program Files\DivX\DivX Plus Web Player\
    Long name: npdivx32.dll
    Short name:
    Date (created): 08/12/2010 22:15:44
    Date (last access): 30/01/2011 15:03:18
    Date (last write): 08/12/2010 22:15:44
    Filesize: 3123072
    Attributes: archive
    MD5: ABB7A668B5D11BFF77DD00CC2B6C8DB0
    CRC32: E10E3B63
    Version: 2.1.0.900

    {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Search Helper
    CLSID name: Search Helper
    Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
    Long name: SEPsearchhelperie.dll
    Short name: SEPSEA~1.DLL
    Date (created): 22/09/2010 13:03:38
    Date (last access): 18/02/2011 08:15:58
    Date (last write): 22/09/2010 13:03:38
    Filesize: 191792
    Attributes: archive
    MD5: A4AD1AA4C57409480C1D84BBCA6BECF0
    CRC32: 3A7EBABF
    Version: 3.0.133.0

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Groove GFS Browser Helper
    Path: C:\Program Files\Microsoft Office\Office12\
    Long name: GrooveShellExtensions.dll
    Short name: GRA8E1~1.DLL
    Date (created): 12/02/2009 15:19:32
    Date (last access): 31/05/2009 21:44:48
    Date (last write): 12/02/2009 15:19:32
    Filesize: 2217848
    Attributes: archive
    MD5: A6B5A41C0ED007AB6C43CAD899E533D8
    CRC32: BA078F79
    Version: 12.0.6421.1000

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live ID Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 21/09/2010 15:08:38
    Date (last access): 18/02/2011 08:16:52
    Date (last write): 21/09/2010 15:08:38
    Filesize: 439168
    Attributes: archive
    MD5: 6BF01E200063D7274F3AF06D226671F5
    CRC32: C8953126
    Version: 7.250.4225.0

    {A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: AVG Security Toolbar BHO
    Path: C:\Program Files\AVG\AVG10\Toolbar\
    Long name: IEToolbar.dll
    Short name: IETOOL~1.DLL
    Date (created): 02/05/2011 11:04:22
    Date (last access): 02/05/2011 11:04:22
    Date (last write): 18/03/2011 08:11:00
    Filesize: 2471240
    Attributes: archive
    MD5: 312D3F5C306752E88A069D0B73E40A6E
    CRC32: 597DB5BA
    Version: 6.103.18.1

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll
    info link: http://toolbar.google.com/
    info source: TonyKlein
    Path: C:\Program Files\Google\Google Toolbar\
    Long name: GoogleToolbar_32.dll
    Short name: GOOGLE~1.DLL
    Date (created): 13/02/2011 16:55:08
    Date (last access): 13/02/2011 16:55:08
    Date (last write): 18/08/2011 11:08:18
    Filesize: 305328
    Attributes: archive
    MD5: C097DF5CD7DCB95E0D95644A993AC7EC
    CRC32: 314C3B1A
    Version: 7.1.2003.1856

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Notifier BHO
    Path: C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\
    Long name: swg.dll
    Short name:
    Date (created): 21/04/2011 16:50:02
    Date (last access): 21/04/2011 16:50:02
    Date (last write): 21/04/2011 16:50:02
    Filesize: 1007160
    Attributes: archive
    MD5: A953E104137DF406B70477D60BC29008
    CRC32: AEE12701
    Version: 5.7.6406.1642

    {D4027C7F-154A-4066-A1AD-4243D8127440} (Ask Toolbar BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Ask Toolbar BHO
    CLSID name: Ask Toolbar
    Path: C:\Program Files\Ask.com\
    Long name: GenericAskToolbar.dll
    Short name: GENERI~1.DLL
    Date (created): 07/07/2011 17:53:52
    Date (last access): 09/08/2011 22:32:04
    Date (last write): 07/07/2011 17:53:52
    Filesize: 1491920
    Attributes: archive
    MD5: 9344E83E306D4B6947D69D4A6EC99021
    CRC32: E54DA9DB
    Version: 5.12.3.17451

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 04/08/2011 22:44:16
    Date (last access): 09/08/2011 22:30:24
    Date (last write): 04/08/2011 22:44:16
    Filesize: 42272
    Attributes: archive
    MD5: E7D55E121FF1951CB86C7E0DC6A33877
    CRC32: 0EA0302A
    Version: 6.0.260.3



    --- ActiveX list ---
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Office Genuine Advantage Validation Tool
    Installer: C:\Windows\Downloaded Program Files\OGAControl.inf
    Codebase: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    Path: C:\Windows\system32\
    Long name: OGACheckControl.dll
    Short name: OGACHE~1.DLL
    Date (created): 03/08/2009 15:07:42
    Date (last access): 30/08/2009 22:36:16
    Date (last write): 03/08/2009 15:07:42
    Filesize: 403816
    Attributes: archive
    MD5: 10C03F5479E6BD73C9CB3DFDE9FA4C2E
    CRC32: C60BD332
    Version: 2.0.48.0

    {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control)
    DPF name:
    CLSID name: Microsoft Data Collection Control
    Installer:
    Codebase: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: MSDcode.dll
    Short name:
    Date (created): 21/09/2007 16:58:48
    Date (last access): 21/09/2007 16:58:48
    Date (last write): 21/09/2007 16:58:48
    Filesize: 394320
    Attributes: archive
    MD5: 88FFA5217EDA703394E51C14A0BD5506
    CRC32: A6B74A27
    Version: 2.6.1.19

    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\system32\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 20/03/2008 19:06:36
    Date (last access): 20/03/2008 19:06:36
    Date (last write): 20/03/2008 19:06:36
    Filesize: 1480232
    Attributes: archive
    MD5: E058C4821D48E0A67F6069CB50818D44
    CRC32: 3513AE02
    Version: 1.7.69.2

    {3BB1D69B-A780-4BE1-876E-F3D488877135} (SentinelProxy Class)
    DPF name:
    CLSID name: SentinelProxy Class
    Installer: C:\Windows\Downloaded Program Files\VE3DInstall.inf
    Codebase: http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
    Path: C:\Program Files\Virtual Earth 3D\
    Long name: SentinelVirtualEarth3DProxy.dll
    Short name: SENTIN~2.DLL
    Date (created): 29/08/2008 16:03:40
    Date (last access): 27/09/2008 09:03:56
    Date (last write): 29/08/2008 16:03:40
    Filesize: 97288
    Attributes: archive
    MD5: 9F376B1D921CDD5FFAA47A98BD152C31
    CRC32: A3AE3D98
    Version: 3.0.0.0

    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
    DPF name:
    CLSID name: MSN Photo Upload Tool
    Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
    Codebase: http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
    description:
    classification: Legitimate
    known filename: MsnPUpld.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\Downloaded Program Files\
    Long name: MsnPUpld.dll
    Short name:
    Date (created): 20/11/2006 12:04:16
    Date (last access): 20/11/2006 12:04:16
    Date (last write): 20/11/2006 12:04:16
    Filesize: 543544
    Attributes: archive
    MD5: A0F541D9D2CACEEC7A4A378CD0C31626
    CRC32: 035C591F
    Version: 10.0.914.0

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_26
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 05/03/2009 19:14:52
    Date (last access): 04/05/2011 05:54:22
    Date (last write): 04/05/2011 04:52:24
    Filesize: 112416
    Attributes: archive
    MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
    CRC32: 18200451
    Version: 6.0.260.3

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class)
    DPF name:
    CLSID name: EPUImageControl Class
    Installer: C:\Windows\Downloaded Program Files\EPUWALcontrol.inf
    Codebase: http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: EPUWALcontrol.dll
    Short name: EPUWAL~1.DLL
    Date (created): 04/02/2010 12:55:38
    Date (last access): 04/02/2010 12:55:38
    Date (last write): 04/02/2010 12:55:38
    Filesize: 3171608
    Attributes: archive
    MD5: C7103946ED86FAC01E23C457EDD7F719
    CRC32: 65FF7081
    Version: 1.0.31.0

    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_07
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 05/03/2009 19:14:52
    Date (last access): 04/05/2011 05:54:22
    Date (last write): 04/05/2011 04:52:24
    Filesize: 112416
    Attributes: archive
    MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
    CRC32: 18200451
    Version: 6.0.260.3

    {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_26
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 05/03/2009 19:14:52
    Date (last access): 04/05/2011 05:54:22
    Date (last write): 04/05/2011 04:52:24
    Filesize: 112416
    Attributes: archive
    MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
    CRC32: 18200451
    Version: 6.0.260.3

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_26
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_26.dll
    Short name: NPJPI1~1.DLL
    Date (created): 04/05/2011 02:25:52
    Date (last access): 04/05/2011 05:54:32
    Date (last write): 04/05/2011 04:52:30
    Filesize: 141088
    Attributes: archive
    MD5: 9210B3BC2BC4FF4F4281F7D7C294233A
    CRC32: B23F2824
    Version: 6.0.260.3

    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\gp.inf
    Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab



    --- Process list ---
    PID: 3624 (1448) C:\Windows\system32\Dwm.exe
    size: 81920
    MD5: 01DD1004181FD46ECDC3628228EB269D
    PID: 3720 (3596) C:\Windows\Explorer.EXE
    size: 2926592
    MD5: D07D4C3038F3578FFCE1C0237F2A1253
    PID: 3780 (1460) C:\Windows\system32\taskeng.exe
    size: 171520
    MD5: 3D50C4B10352367D5CB20ED1F50F8DA2
    PID: 3632 (3720) C:\Windows\RtHDVCpl.exe
    size: 6139904
    MD5: E6CB83FF2C098C6FFCF2D43A4AAC9B54
    PID: 3856 (3720) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    size: 31072
    MD5: 644795F6985C740F5E36E9336B837D0B
    PID: 3920 (3720) C:\Windows\WindowsMobile\wmdcBase.exe
    size: 648072
    MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B
    PID: 3932 (2016) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    size: 373864
    MD5: 04DB1E60FBFB9A77AF16238A209C2CDD
    PID: 3988 (3720) C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    size: 585728
    MD5: 1D1D81A45ECAD70BADA52DE8FB332961
    PID: 3252 (3720) C:\Program Files\Olympus\ib\olycamdetect.exe
    size: 93360
    MD5: BF0595533F66EBAAF4ED2DB0E3201FE9
    PID: 1420 (3720) C:\Program Files\AVG\AVG10\avgtray.exe
    size: 2334560
    MD5: 140F771CADA8724200434C39918F2EA0
    PID: 3692 (3720) C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    size: 1230704
    MD5: CB7CA3DC268CA9D3FC1349A60EA48211
    PID: 1856 (3720) C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    size: 63360
    MD5: 57D8C4ED26DFD7EF0E2CB196FB8BFB54
    PID: 1372 (3720) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    size: 249064
    MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
    PID: 3832 (3720) C:\Program Files\iTunes\iTunesHelper.exe
    size: 421736
    MD5: FDE6DA67628FB7B763336B6952CF6C3C
    PID: 4012 (3720) C:\Program Files\Ask.com\Updater\Updater.exe
    size: 399312
    MD5: BB6F29A0F374D0BFC5DE0B5C633AA439
    PID: 4000 (3720) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 4240760
    MD5: 6F0DAB13529BCB7C0F8A3082A8B1CDE9
    PID: 3696 (3720) C:\Windows\ehome\ehtray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C
    PID: 4056 (3720) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    size: 247728
    MD5: 9AF1C70202FB6A84F177D497D75BC5FC
    PID: 3612 (3720) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 39408
    MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
    PID: 4164 (1208) C:\Windows\ehome\ehmsas.exe
    size: 37376
    MD5: 0F4195B9B348DE5CF9B822F81704B20E
    PID: 4496 (1208) C:\Windows\system32\wbem\unsecapp.exe
    size: 37888
    MD5: 8274C87726D4561EE8750D883764ACC1
    PID: 5800 (1420) C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    size: 1148256
    MD5: 350A0C2CC411A6B0982604C8893C3E93
    PID: 6048 (1208) C:\Program Files\Windows Live\Contacts\wlcomm.exe
    size: 25456
    MD5: E9450C5EDC1168557F4E0971C94E98A2
    PID: 27432 (20236) C:\Program Files\Windows Media Player\wmplayer.exe
    size: 168960
    MD5: 2D821AFA5A1A9CA7F9F997A1AAD09E72
    PID: 24184 (23524) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887
    PID: 12648 (28568) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 468 ( 4) smss.exe
    size: 64000
    PID: 500 ( 492) avgchsvx.exe
    PID: 736 ( 724) csrss.exe
    size: 6144
    PID: 804 ( 796) csrss.exe
    size: 6144
    PID: 812 ( 724) wininit.exe
    size: 96768
    PID: 852 ( 812) services.exe
    size: 279552
    PID: 872 ( 812) lsass.exe
    size: 9728
    PID: 880 ( 812) lsm.exe
    size: 229888
    PID: 1052 ( 796) winlogon.exe
    size: 314368
    PID: 1208 ( 852) svchost.exe
    size: 21504
    PID: 1256 ( 852) nvvsvc.exe
    size: 615528
    PID: 1288 ( 852) svchost.exe
    size: 21504
    PID: 1424 ( 852) svchost.exe
    size: 21504
    PID: 1448 ( 852) svchost.exe
    size: 21504
    PID: 1460 ( 852) svchost.exe
    size: 21504
    PID: 1536 (1424) audiodg.exe
    size: 88576
    PID: 1560 ( 852) svchost.exe
    size: 21504
    PID: 1576 ( 852) SLsvc.exe
    size: 3408896
    PID: 1620 ( 852) svchost.exe
    size: 21504
    PID: 1736 ( 852) svchost.exe
    size: 21504
    PID: 2016 (1256) NvXDSync.exe
    PID: 2028 (1256) nvvsvc.exe
    size: 615528
    PID: 300 ( 852) spoolsv.exe
    size: 128000
    PID: 380 ( 852) svchost.exe
    size: 21504
    PID: 908 ( 852) armsvc.exe
    PID: 2000 ( 852) AffinegyService.exe
    PID: 1196 ( 852) AppleMobileDeviceService.exe
    PID: 976 ( 852) avgwdsvc.exe
    PID: 280 ( 852) mDNSResponder.exe
    PID: 324 ( 852) MsDepSvc.exe
    PID: 2220 ( 976) avgnsx.exe
    PID: 2412 ( 852) NBService.exe
    PID: 2452 ( 852) IoctlSvc.exe
    size: 81920
    PID: 2464 ( 852) svchost.exe
    size: 21504
    PID: 2476 ( 852) SeaPort.exe
    PID: 2544 ( 852) svchost.exe
    size: 21504
    PID: 2636 ( 852) TomTomHOMEService.exe
    PID: 2668 ( 852) svchost.exe
    size: 21504
    PID: 2712 ( 852) WLIDSVC.EXE
    PID: 2768 ( 852) SearchIndexer.exe
    size: 441344
    PID: 2848 ( 852) SDWinSec.exe
    size: 1153368
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 2924 (2712) WLIDSVCM.EXE
    PID: 3136 ( 852) AVGIDSAgent.exe
    PID: 3672 (1460) taskeng.exe
    size: 171520
    PID: 3808 ( 852) svchost.exe
    size: 21504
    PID: 4552 (1208) WmiPrvSE.exe
    PID: 5656 ( 852) iPodService.exe
    PID: 6128 ( 852) svchost.exe
    size: 21504
    PID: 4504 ( 852) daemonu.exe
    PID: 1976 ( 544) avgrsx.exe
    PID: 5156 (1976) avgcsrvx.exe
    PID: 20760 (1448) WUDFHost.exe
    size: 142336
    PID: 6908 (1460) C:\Windows\system32\taskeng.exe
    size: 171520
    MD5: 3D50C4B10352367D5CB20ED1F50F8DA2
    PID: 8072 (1208) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638232
    MD5: 04D1DC458C723B291179F8449ACC281D
    PID: 9236 (8072) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638232
    MD5: 04D1DC458C723B291179F8449ACC281D
    PID: 9072 (8072) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    size: 307376
    MD5: 745EE2C6FB0B43C9F00E017F5E5D7317
    PID: 6324 (1208) C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    size: 316208
    MD5: 99B6CE3840F5AD5C4B13B666249AA467
    PID: 7072 (2768) C:\Windows\system32\SearchProtocolHost.exe
    size: 185344
    MD5: B5EF1DA337DB9859709A387638AC5E07
    PID: 11524 (2768) C:\Windows\system32\SearchFilterHost.exe
    size: 87552
    MD5: C9EE7FF225EAC1CB9C78C413667CDB80
    PID: 24760 (1208) C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
    size: 243360
    MD5: 461A87D7A4304BDA228CF1DBB86D3CE9
    PID: 27960 (8072) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638232
    MD5: 04D1DC458C723B291179F8449ACC281D


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 19/08/2011 02:08:09

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://uk.msn.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://uk.msn.com/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\System32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C94CCD2-DB6E-4F0C-8C72-E19588AD5921}] SEQPACKET 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C94CCD2-DB6E-4F0C-8C72-E19588AD5921}] DATAGRAM 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3A614E2F-54E5-4782-94CD-AF56D92F7FE9}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3A614E2F-54E5-4782-94CD-AF56D92F7FE9}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E1593D2-3C1F-4CE6-AB3B-E6F50CF17F9E}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E1593D2-3C1F-4CE6-AB3B-E6F50CF17F9E}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F70DBDC8-EC6D-4885-B8B4-C85EA7C7AA45}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F70DBDC8-EC6D-4885-B8B4-C85EA7C7AA45}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CEF22028-4AE6-44A3-8F9C-C54093F42D6E}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CEF22028-4AE6-44A3-8F9C-C54093F42D6E}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7FB883A9-3DBE-486E-AEB2-94214FF70B45}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7FB883A9-3DBE-486E-AEB2-94214FF70B45}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5E1593D2-3C1F-4CE6-AB3B-E6F50CF17F9E}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5E1593D2-3C1F-4CE6-AB3B-E6F50CF17F9E}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4C38A2CD-B762-4ED9-A708-F5AD779566C1}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4C38A2CD-B762-4ED9-A708-F5AD779566C1}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BBEBA68A-F18B-4589-866F-7FCD54DA89E0}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BBEBA68A-F18B-4589-866F-7FCD54DA89E0}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CEF22028-4AE6-44A3-8F9C-C54093F42D6E}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CEF22028-4AE6-44A3-8F9C-C54093F42D6E}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 4: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 5: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 6: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP
     
  11. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    It will, sooner, or later. Those patched files will replicate.

    As for your other computer I suggest you start new topic about it.
    We better check.
     
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.