Explorer malfunctions

Status
Not open for further replies.
Official Techie

Official Techie

In the zone
I have got a pIV 512 ram 40 gb hard disks
I have got spybot search and destroy & zone alarm in it

from few days when i click on the internet explorer button two websites open one extra with site naming www.filosoft.com\banner .exe
what should i do to remove the same

And many times my explorer shuts down unexpectedly

checking the event viewer it gives this What should i do
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 04/23/2005
Time: 10:19:15 AM
User: N/A
Computer: DM
Description:
Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x20d04fe0.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 38 e 6.0.28
0028: 30 30 2e 31 31 30 36 20 00.1106
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 32 30 64 fset 20d
0050: 30 34 66 65 30 0d 0a 04fe0..
 
swatkat

swatkat

Technomancer
Open Internet Explorer, go to Tools Menu and click Reset Web Settings. If you can not find it there, go to Internet Options and click Programs tab, here click Reset Web Settings.

Next, open SpyBot SnD and go to Mode menu, and there click Advanced. Then click the button Tools in the left pane. There click View Report, here ther will be another button called View Report in the main window, click it. Afterwards, click Export and save it.
Open the saved file in NotePad and copy-paste it's content here.
 
OP
Official Techie

Official Techie

In the zone
Internet Explorer

The report says

--- Search result list ---

--- Spybot - Search && Destroy version: 1.3 ---
2005-03-03 Includes\Cookies.sbi
2005-04-07 Includes\Dialer.sbi
2005-04-07 Includes\Hijackers.sbi
2005-03-22 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-04-07 Includes\Malware.sbi
2005-03-17 Includes\PUPS.sbi
2005-03-17 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-04-07 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-04-07 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ Windows XP / SP1: Windows XP Service Pack 1a


--- Startup entries list ---
Located: HK_LM:Run, CARPService
command: carpserv.exe
file: C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: 9aaf44fdf3a5517066b286b80c4a149f

Located: HK_LM:Run, IntelliType
command: "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
file: C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: b5eca5948d7f8eaa00333231f33ea31a

Located: HK_LM:Run, NAV Agent
command: C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
file: C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
size: 75384
MD5: 89edb06c1ea1a7f4a513ff1dbecbf73b

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 9b4c1812595c389ab9ccf1ff3b315248

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 46592
MD5: 2234718c65055e2b23336b993f3df977

Located: HK_LM:Run, SSC_UserPrompt
command: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
file: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: b96c81be7b8d11710496787e5859d768

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0\bin\jusched.exe
size: 36972
MD5: dd2179a47c6de3744a7a3f0ad3bd1212

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 95960
MD5: abba14e4513a3eb53194c472d94943d7

Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 902432
MD5: 5accd5a8cb0b40c4516d7a8a5ea0424e

Located: HK_LM:Run, NeroFilterCheck (DISABLED)
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 414de7cf9d3f19c3ea902f1bb38ec116

Located: HK_CU:Run, EPSON Stylus COLOR 480
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 480" /O5 "LPT1:" /M "Stylus COLOR 480"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
size: 220672
MD5: d01648497b18d1ca722cd6bc952661ae

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d

Located: HK_CU:Run, MSMSGS (DISABLED)
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1670144
MD5: d494a82a823d155a182b1955aa71ad08

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
BHO name:
CLSID name: Yahoo! Companion BHO
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: ycomp5_6_0_0.dll
Short name: YCOMP5~1.DLL
Date (created): 04/23/2005 01:42:14 PM
Date (last access): 04/25/2005 10:57:20 AM
Date (last write): 03/04/2005 07:34:42 PM
Filesize: 327246
Attributes: archive
MD5: 374305B47A9DE61B271D9BB293C06F51
CRC32: B8A96384
Version: 7.213.0.3

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx
AcroIEhelper.dll
info link: *www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/03/2003 02:17:44 PM
Date (last access): 04/25/2005 10:57:20 AM
Date (last write): 11/03/2003 02:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 0.6.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: *spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 05/12/2004 01:03:00 AM
Date (last access): 04/25/2005 10:53:06 AM
Date (last write): 05/12/2004 01:03:00 AM
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 12/24/2004 01:00:56 AM
Date (last access): 04/25/2005 10:53:06 AM
Date (last write): 04/19/2005 09:10:58 PM
Filesize: 720896
Attributes: readonly archive
MD5: D4E9B7B696E8C40A0E5CB76621A03EE4
CRC32: 019AF69C
Version: 0.2.0.0

{BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
BHO name:
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: *www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton SystemWorks\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 12/23/2004 06:31:10 PM
Date (last access): 04/25/2005 10:53:06 AM
Date (last write): 02/27/2002 11:07:30 AM
Filesize: 102400
Attributes: archive
MD5: 3AB9B9A20D4D8B6A1632910AB6C56FD9
CRC32: FBF10F3A
Version: 0.8.0.0



--- ActiveX list ---
{11111111-1111-1111-1111-111191113457} ()
DPF name:
CLSID name:

{11111111-1111-1111-1111-511111193457} ()
DPF name:
CLSID name:

{11111111-1111-1111-1111-511111193458} ()
DPF name:
CLSID name:

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 06/01/2004 02:36:58 PM
Date (last access): 04/25/2005 10:27:54 AM
Date (last write): 06/01/2004 02:36:58 PM
Filesize: 141312
Attributes: archive
MD5: 508DA8ADF7BE51C22D13D02845FB431E
CRC32: 87D8A7AB
Version: 7.212.0.6

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0\bin\
Long name: NPJPI150.dll
Short name:
Date (created): 02/08/2005 07:31:40 AM
Date (last access): 04/25/2005 10:27:54 AM
Date (last write): 02/08/2005 07:31:40 AM
Filesize: 69740
Attributes: archive
MD5: 02803361D449A72585549856AD253BB9
CRC32: 65E663C8
Version: 0.1.0.5

{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0
Path: C:\Program Files\Java\jre1.5.0\bin\
Long name: NPJPI150.dll
Short name:
Date (created): 02/08/2005 07:31:40 AM
Date (last access): 04/25/2005 10:27:54 AM
Date (last write): 02/08/2005 07:31:40 AM
Filesize: 69740
Attributes: archive
MD5: 02803361D449A72585549856AD253BB9
CRC32: 65E663C8
Version: 0.1.0.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 06/09/2004 03:59:26 PM
Date (last access): 04/25/2005 10:27:54 AM
Date (last write): 06/09/2004 03:59:26 PM
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 0.7.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 04/25/2005 11:03:24 AM

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 480 ( 4) \SystemRoot\System32\smss.exe
PID: 556 ( 480) csrss.exe
PID: 580 ( 480) \??\C:\WINDOWS\system32\winlogon.exe
PID: 624 ( 580) C:\WINDOWS\system32\services.exe
PID: 636 ( 580) C:\WINDOWS\system32\lsass.exe
PID: 804 ( 624) C:\WINDOWS\system32\svchost.exe
PID: 828 ( 624) C:\WINDOWS\System32\svchost.exe
PID: 916 ( 624) svchost.exe
PID: 984 ( 624) svchost.exe
PID: 1200 (1176) C:\WINDOWS\Explorer.EXE
PID: 1228 ( 624) C:\WINDOWS\system32\spoolsv.exe
PID: 1368 ( 624) alg.exe
PID: 1408 ( 624) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 1452 ( 624) C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
PID: 1480 (1592) C:\WINDOWS\sllights.exe
PID: 1484 ( 624) C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PID: 1592 ( 624) C:\WINDOWS\system32\slserv.exe
PID: 1612 ( 624) C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
PID: 1688 ( 624) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PID: 1780 (1200) C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
PID: 1788 (1200) C:\WINDOWS\SOUNDMAN.EXE
PID: 1812 (1200) C:\Program Files\QuickTime\qttask.exe
PID: 1820 (1200) C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
PID: 1828 (1200) C:\WINDOWS\System32\carpserv.exe
PID: 1836 (1200) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PID: 1848 (1200) C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PID: 1892 (1200) C:\WINDOWS\System32\ctfmon.exe
PID: 1932 (1200) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 1944 (1200) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
PID: 2040 (1976) C:\Program Files\Microsoft Office\Office10\msoffice.exe
PID: 2108 (2040) D:\EI2000\IntraDay5min.exe
PID: 2268 (1200) C:\Program Files\Internet Explorer\iexplore.exe
PID: 2688 (1932) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 04/25/2005 11:03:24 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
*home.microsoft.com/access/allinone.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
*home.microsoft.com/search/lobby/search.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
*www.technicaltrends.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
*home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
*www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
*www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
*www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
*www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
*ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
*ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FFBCD443-B8A0-4CBF-A47A-E4DD04FB1A42}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FFBCD443-B8A0-4CBF-A47A-E4DD04FB1A42}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BA60C90-FC85-4049-8797-E577321DD542}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BA60C90-FC85-4049-8797-E577321DD542}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36F76271-04CD-44D2-B808-1553BD7757C8}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36F76271-04CD-44D2-B808-1553BD7757C8}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{23C977EF-B784-4EFB-9979-D8B601B4E72D}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{23C977EF-B784-4EFB-9979-D8B601B4E72D}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E0B1179-66B7-4ABF-806C-18FD5E7D4F3C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E0B1179-66B7-4ABF-806C-18FD5E7D4F3C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
 
swatkat

swatkat

Technomancer
Hmm..SpyBot SnD log looks alright.
Download HijackThis and unzip it to dedicated folder (like C:\HijackThisFolder\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.
Copy the entire contents of the file and post it this Section.
 
Status
Not open for further replies.
Top Bottom