Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Win32.tiny.abk


  • Please log in to reply
6 replies to this topic

#1 robm68

robm68

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:09 PM

Posted 01 March 2008 - 02:24 AM

I was infected by win32.tiny.abk and have tried spybot and ad-aware to remove it. I did a google search and found this :
http://www.bleepingcomputer.com/forums/t/129475/cant-get-rid-of-win32tinyabk/
I have used the search on your site and can not find any other instructions on how to remove it. I dont want to just follow what I found blindly as it reads like it was just for that member.

Please Help !

Rob M.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,106 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:09 PM

Posted 01 March 2008 - 02:36 AM

Hello robm68 and welcome to BC :flowers:

You were very wise to realize that the disinfection directions in that thread are tailored for that specific user. That is the case with ALL threads in the HJT forum, and sometimes in this forum as well. You made a good decision not to follow those directions.

In order to assist you, we need more information.

What is your operating system: Windows XP, Vista, etc.?

What security programs, other than Spybot and AdAware, do you have installed?

Did Spybot and AdAware find anything?

Did you run the scans in Safe Mode?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 robm68

robm68
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:09 PM

Posted 02 March 2008 - 01:10 PM

I am Running Windows XP Pro (no service Packs) ver2002.
Symantec's Norton Anti- virus 2006 ( Live update runs all the time)
Spy-bot Search & destroy 1.5.2.20 ( I try to update it at least once a week)
Ad-aware 2007 Free
EMS Free-surfer

I first knew somthing was wrong when my pc started sending email out in the hundreds even thou Outlook was not running.(Norton scanning the out bound mail but did nothing.) I did get notice that the email server was stoping the emails. So I disconnected from the network and it stoped. I ran Spy-bot and ad-aware and found some things. I reconected to the net and updated spy-bot, Ad-aware, and Norton. Then the mail sending started again so I disconnected again. I ran them again and a few more things where gotten rid of. I rebooted and thought I was safe. I surfed for about an hour and the email started again. I disconnected from the network and called a friend. She said to run ad-aware in safe mode. I tried but it would not run, So I thought and tried spy-bot and it did. that is when I found win32.tiny.abk . I thought I got rid of it. After rebooting and such I tryed to go on with my surfing and it came back. 3 more times I ran spy-bot in safemode and thought I got rid of it but no luck.

So I am on my wifes PC which is clean. and using CDR-RWs to get updates from the net to my PC. Just for safety I changed all my bank, and other net passwords

Thanks for the help

Rob

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,106 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:09 PM

Posted 02 March 2008 - 01:40 PM

Hello robm68,

Good thinking to disconnect from the internet and use a clean computer.

Could you please post the logs from Spybot and AdAware? We need to know the file paths for what they found.

Why haven't you installed the service packs? The service packs closed and blocked a number of system vulnerabilities that malware authors take advantage of. NOTE: Do not install Service Pack 2 until the computer is disinfected. It won't install properly.

I would like you to run a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
You can get the latest updates for the program here: http://www.superantispyware.com/definitions.html Download them to your disk on your wife's computer, then install them on your computer.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#5 robm68

robm68
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:09 PM

Posted 03 March 2008 - 02:07 AM

I down loaded SUPERAntiSpyware and ran it in Safe Mode. I also found the log for Spy-bot , but There was no log for Ad-aware that I could find. As for Installing SP2 bad judgement thinking I did not need it. Some times you have to learn the hard way.

-------SUPERAntiSpyware log ---------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/03/2008 at 01:00 AM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 02:59:09

Memory items scanned : 161
Memory threats detected : 0
Registry items scanned : 5182
Registry threats detected : 20
File items scanned : 59819
File threats detected : 4

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}
HKCR\CLSID\{6607E676-1BDE-4CB3-9913-4DC5EBCAE35E}
HKCR\CLSID\{6607E676-1BDE-4CB3-9913-4DC5EBCAE35E}
HKCR\CLSID\{6607E676-1BDE-4CB3-9913-4DC5EBCAE35E}\InprocServer32
HKCR\CLSID\{6607E676-1BDE-4CB3-9913-4DC5EBCAE35E}\InprocServer32#ThreadingModel
HKCR\CLSID\{6607E676-1BDE-4CB3-9913-4DC5EBCAE35E}\ProgID
HKCR\CLSID\{6607E676-1BDE-4CB3-9913-4DC5EBCAE35E}\TypeLib
UNIFFF.DLL
HKLM\Software\Classes\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}\Bitmap
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}\InprocServer32
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}\MiscStatus
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}\ProgID
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}\Programmable
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}\Version
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}\Version#Windows
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}\VersionIndependentProgID
C:\WINNT\SYSTEM32\ADDUSER32.DLL
HKCR\CLSID\{C231CF11-134F-3552-44AC-E685D962C63C}

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount

Adware.Tracking Cookie
C:\Documents and Settings\malick\Cookies\malick@adbrite[2].txt
C:\Documents and Settings\malick\Cookies\malick@ads.adbrite[1].txt



-------Spy-Bot Log---------


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2004-04-27 unins000.exe (51.13.0.0)
2008-02-27 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2004-05-12 borlndmm.dll (7.0.4.453)
2004-05-12 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2004-05-12 UnzDll.dll (1.73.1.1)
2004-05-12 ZipDll.dll (1.73.2.0)
2008-02-27 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-02-27 Includes\DialerC.sbi
2008-02-27 Includes\HeavyDuty.sbi
2008-02-20 Includes\Hijackers.sbi
2008-02-27 Includes\HijackersC.sbi
2008-02-27 Includes\Keyloggers.sbi
2008-02-27 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-02-27 Includes\Malware.sbi
2008-02-27 Includes\MalwareC.sbi
2008-02-20 Includes\PUPS.sbi
2008-02-27 Includes\PUPSC.sbi
2008-02-27 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-02-27 Includes\SecurityC.sbi
2008-02-20 Includes\Spybots.sbi
2008-02-27 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2008-02-27 Includes\Trojans.sbi
2008-02-27 Includes\TrojansC.sbi
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) (5.1.2600)
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q307153 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q307271 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q309126 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q310527 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q310528 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q311442 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q311446 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q312369 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q312942 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q312943 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q314057 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Dynamic Update Package (SP1) Q314931 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q321064 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q321178 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q322069 [See the related Knowledge Base article for more information]
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)


--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C

Located: HK_LM:Run, freesurfer
command: C:\Program Files\EMS Free Surfer Companion\fs30.exe
file: C:\Program Files\EMS Free Surfer Companion\fs30.exe
size: 929792
MD5: 935EA795ECE7E36FB6737E48B6688D76

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 469824
MD5: 70C5A9C9CF9E65A9073A2A43DA822841

Located: HK_LM:Run, InCD
command: C:\Program Files\Ahead\InCD\InCD.exe
file: C:\Program Files\Ahead\InCD\InCD.exe
size: 1101824
MD5: 10123E660A81F92C7827D2474299F20A

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINNT\system32\dumprep.exe
size: 30208
MD5: 2904B939F139B2E72DA23F36F5038088

Located: HK_LM:Run, LoadQM
command: loadqm.exe
file: C:\WINNT\loadqm.exe
size: 7536
MD5: 69D7217F9D7F49D6706BAF90F52B472B

Located: HK_LM:Run, LXSUPMON
command: C:\WINNT\System32\LXSUPMON.EXE RUN
file: C:\WINNT\System32\LXSUPMON.EXE
size: 794112
MD5: 65A80DECC7DDFBF167F61F46693A6694

Located: HK_LM:Run, osCheck
command: "C:\Program Files\Norton AntiVirus\osCheck.exe"
file: C:\Program Files\Norton AntiVirus\osCheck.exe
size: 26248
MD5: 3602C14E8B2BF31E7B4F14C162178945

Located: HK_LM:Run, PrinTray
command: C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
file: C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
size: 36864
MD5: 5840C4638B165F694A67E92BC7488067

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: DEB2A99C1AD9B9190C78E895AE60A745

Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 135680
MD5: 86CB85E51B124108BA825E56C2B52185

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 74BC945EB2584E90619A56EF5028AB0F

Located: HK_CU:RunOnce, ^SetupICWDesktop
where: .DEFAULT...
command: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
file: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
size: 209408
MD5: 458342FF2C067E5577B2B784496AFD38

Located: HK_CU:RunOnce, tscuninstall
where: .DEFAULT...
command: %systemroot%\system32\tscupgrd.exe
file: C:\WINNT\system32\tscupgrd.exe
size: 40448
MD5: D42D3E980507A47CB61573A78D8C09A1

Located: HK_CU:RunOnce, ^SetupICWDesktop
where: S-1-5-19...
command: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
file: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
size: 209408
MD5: 458342FF2C067E5577B2B784496AFD38

Located: HK_CU:RunOnce, tscuninstall
where: S-1-5-19...
command: %systemroot%\system32\tscupgrd.exe
file: C:\WINNT\system32\tscupgrd.exe
size: 40448
MD5: D42D3E980507A47CB61573A78D8C09A1

Located: HK_CU:RunOnce, ^SetupICWDesktop
where: S-1-5-20...
command: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
file: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
size: 209408
MD5: 458342FF2C067E5577B2B784496AFD38

Located: HK_CU:RunOnce, tscuninstall
where: S-1-5-20...
command: %systemroot%\system32\tscupgrd.exe
file: C:\WINNT\system32\tscupgrd.exe
size: 40448
MD5: D42D3E980507A47CB61573A78D8C09A1

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1179005176-1093498434-1737835142-1002...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1179005176-1093498434-1737835142-1002...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1481968
MD5: 658A81BD5930FB5A67F874E6E6C31DF8

Located: HK_CU:RunOnce, ^SetupICWDesktop
where: S-1-5-18...
command: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
file: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
size: 209408
MD5: 458342FF2C067E5577B2B784496AFD38

Located: HK_CU:RunOnce, tscuninstall
where: S-1-5-18...
command: %systemroot%\system32\tscupgrd.exe
file: C:\WINNT\system32\tscupgrd.exe
size: 40448
MD5: D42D3E980507A47CB61573A78D8C09A1

Located: Startup (common), Adobe Reader Speed Launch.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: DEB88AEF013DD1EEFB462D7CAD642166

Located: Startup (common), HPAiODevice(hp psc 700 series) - 1.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
file: C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
size: 487484
MD5: 49630C7146867DDC4EE52DEF64260CAA

Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 0A4DCBB2D0B5E2A2AF13387F02E92B19

Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 12:56:50 AM
Date (last access): 3/2/2008 10:51:20 PM
Date (last write): 12/14/2004 12:56:50 AM
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 3/16/2003 12:02:00 AM
Date (last access): 3/3/2008 1:24:24 AM
Date (last write): 1/28/2008 11:43:28 AM
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 3/2/2006 12:53:00 PM
Date (last access): 3/2/2008 11:19:16 PM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{BDF3E430-B101-42AD-A544-FADC6B084872} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINNT\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINNT\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

Yahoo! Chat ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{00000075-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\voxmsdec.inf
Codebase: http://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
description: Microsoft Audio Codec
classification: Legitimate
known filename: VOXMSDEC.CAB
info link:
info source: JavaCool

{02BCC737-B171-4746-94C9-0D8A0B2C0089} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINNT\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 7/29/2003 1:22:04 AM
Date (last access): 3/2/2008 11:40:30 PM
Date (last write): 8/1/2006 3:28:38 PM
Filesize: 557056
Attributes: archive
MD5: 2DA25D5262D714BFA420D6DE849E67A1
CRC32: 0098926B
Version: 7.1.0.210

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINNT\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwa...director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINNT\System32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 7/19/2002 1:04:44 PM
Date (last access): 3/3/2008 12:07:34 AM
Date (last write): 2/8/2006 11:52:02 AM
Filesize: 54976
Attributes: archive
MD5: 40D5ED5BA7CF8F2FA59A18D3BFAB34DD
CRC32: 1CA89E71
Version: 10.1.1.16

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer:
Codebase:
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 6/27/2007 9:36:40 AM
Date (last access): 3/2/2008 11:50:22 PM
Date (last write): 7/30/2006 1:25:34 PM
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{31435657-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\wvc1dmo.inf
Codebase: http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab

{31564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\wmvax.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmvax.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{32564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\wmv8ax.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{56336BCB-3D8A-11D6-A00B-0050DA18DE71} ()
DPF name:
CLSID name:
Installer:
Codebase: http://207.188.7.150/22fda82fa044a161bc18/netzip/RdxIE2.cab
description: Netster
classification: Confirmed as malware
known filename:
info link:
info source:

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer: C:\WINNT\Downloaded Program Files\jinstall-1_5_0_06.inf
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 12:52:58 PM
Date (last access): 3/2/2008 11:19:16 PM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player)
DPF name:
CLSID name: InstallShield International Setup Player
Installer:
Codebase:
description:
classification: Open for discussion
known filename: isetup.dll
info link:
info source: Safer Networking Ltd.
Path: c:\winnt\DOWNLO~1\
Long name: isetup.dll

{917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class)
DPF name:
CLSID name: CamImage Class
Installer:
Codebase:
description:
classification: Legitimate
known filename: AxisCamControl.ocx
info link:
info source: Safer Networking Ltd.

{9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class)
DPF name:
CLSID name: Update Class
Installer:
Codebase:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
Path: C:\WINNT\System32\
Long name: iuctl.dll
Short name:
Date (created): 11/15/2002 12:21:54 PM
Date (last access): 3/3/2008 12:06:54 AM
Date (last write): 11/15/2002 12:21:54 PM
Filesize: 100984
Attributes: archive
MD5: 9B1A022B7C05A4634599BE146507C4D5
CRC32: 95AFB071
Version: 5.4.3630.2539

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 12:52:58 PM
Date (last access): 3/3/2008 1:24:28 AM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 12:52:58 PM
Date (last access): 3/3/2008 1:24:28 AM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{D18F962A-3722-4B59-B08D-28BB9EB2281E} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: YPhotos.dll
info link:
info source: Safer Networking Ltd.

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINNT\Downloaded Program Files\swflash.inf
Codebase: https://download.macromedia.com/pub/shockwa...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINNT\System32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 11/9/2006 2:46:28 PM
Date (last access): 3/3/2008 12:07:38 AM
Date (last write): 11/9/2006 2:46:28 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0

{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: POPCAPLOADER.DLL
info link:
info source: Safer Networking Ltd.

{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\setup.inf
Codebase: http://download.abacast.com/download/files/abasetup.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.



--- Process list ---
PID: 0 ( 0) [System]
PID: 396 ( 4) \SystemRoot\System32\smss.exe
size: 45568
PID: 452 ( 396) \??\C:\WINNT\system32\csrss.exe
size: 4096
PID: 476 ( 396) \??\C:\WINNT\system32\winlogon.exe
size: 430080
PID: 520 ( 476) C:\WINNT\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 532 ( 476) C:\WINNT\system32\lsass.exe
size: 11776
MD5: 8A590EA109B5E0C7629E022F8A6B17C5
PID: 812 ( 520) C:\WINNT\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 844 ( 520) C:\WINNT\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 948 ( 520) C:\WINNT\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 980 ( 972) C:\WINNT\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1016 ( 520) C:\WINNT\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1052 ( 520) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
size: 108648
MD5: FE69C498B922CE835E2E2123FBD0A272
PID: 1136 ( 520) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
size: 46736
MD5: CE045B180D34404FF3017C18D308E9C1
PID: 1196 ( 520) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 587096
MD5: 0629361FAC4576BA48AB39F4903DCE9E
PID: 1404 ( 520) C:\WINNT\system32\LEXBCES.EXE
size: 285184
MD5: 3F43CF6B2569D0B92B17FD72408CD9A7
PID: 1460 ( 520) C:\WINNT\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1496 (1404) C:\WINNT\system32\LEXPPS.EXE
size: 169984
MD5: E395DEF36BD1E9ED1502EE99C8F0BD04
PID: 1664 ( 520) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 198336
MD5: 0FCFBD0EDAA188B3D652DDCE6D16D866
PID: 1968 ( 520) C:\WINNT\System32\tcpsvcs.exe
size: 19456
MD5: 32933B07FC16D9F778BEE12545FA1B1A
PID: 1984 ( 520) C:\WINNT\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1360 (1960) C:\WINNT\Explorer.EXE
size: 1000960
MD5: 5A26FC6010886D25B3E412493DD95ED8
PID: 824 (1360) C:\WINNT\System32\LXSUPMON.EXE
size: 794112
MD5: 65A80DECC7DDFBF167F61F46693A6694
PID: 972 (1360) C:\Program Files\Ahead\InCD\InCD.exe
size: 1101824
MD5: 10123E660A81F92C7827D2474299F20A
PID: 448 (1360) C:\Program Files\EMS Free Surfer Companion\fs30.exe
size: 929792
MD5: 935EA795ECE7E36FB6737E48B6688D76
PID: 440 (1360) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C
PID: 1176 (1360) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 1188 (1360) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C
PID: 200 (1360) C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: DEB88AEF013DD1EEFB462D7CAD642166
PID: 1812 (1360) C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
size: 487484
MD5: 49630C7146867DDC4EE52DEF64260CAA
PID: 2092 ( 812) C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
size: 299008
MD5: FD8AE5274E43ECA24B8478562AB6E052
PID: 2872 (2092) C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
size: 290816
MD5: 1C3805765B281E12407F21D2598132DD
PID: 2880 ( 812) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 748352
MD5: 255CA546F8E187C41EBED2AABBEEE07C
PID: 3016 (1360) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1481968
MD5: 658A81BD5930FB5A67F874E6E6C31DF8
PID: 3272 (1360) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/3/2008 1:24:28 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
http://www.microsoft.com/isapi/redir.dll?p...cid={SUB_CLSID}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD85378B-ACF5-4719-B0B7-1CD150D2EBD9}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD85378B-ACF5-4719-B0B7-1CD150D2EBD9}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F376D17D-744A-4C17-A55C-29E2E1AFB960}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F376D17D-744A-4C17-A55C-29E2E1AFB960}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC495B8B-0AF6-4C98-A0FB-406DB9C6B275}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC495B8B-0AF6-4C98-A0FB-406DB9C6B275}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E01006A0-7E5A-44FF-80F6-7AFD4DFC2ECF}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E01006A0-7E5A-44FF-80F6-7AFD4DFC2ECF}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace


Thanks Again,

Rob

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,106 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:09 PM

Posted 03 March 2008 - 02:17 AM

Hello robm68,

Thanks for the logs. At this point I'm going to turn this thread over to someone with more experience than I in malware removal.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 PM

Posted 03 March 2008 - 08:52 AM

If you have the same infection as the OP in the link you provided, then your issue is going to need further investigation. It seems to be associated with various Trojans and malware files that need to be identified and then removed.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users