Note about Panda scan in above post; Im confused why adware showed up in this scan, when all ad ware quarantine archives were deleted?
The log setup was left at the default setting. So I hope this helps
And here is my Spybot Search & Destroy log
--- Search result list ---
--- Spybot - Search && Destroy version: 1.3 ---
2005-03-03 Includes\Cookies.sbi
2005-03-16 Includes\Dialer.sbi
2005-03-17 Includes\Hijackers.sbi
2005-03-17 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-03-16 Includes\Malware.sbi
2005-03-17 Includes\PUPS.sbi
2005-03-17 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-03-17 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-03-16 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600)
/ Windows XP / SP1 / Q308676: Windows XP Hotfix (SP1) [See Q308676 for more information]
/ Windows XP / SP1 / Q308677: Windows XP Hotfix (SP1) [See Q308677 for more information]
/ Windows XP / SP1 / Q309521: Windows XP Hotfix (SP1) [See Q309521 for more information]
/ Windows XP / SP1 / Q309691: Windows XP Hotfix (SP1) [See Q309691 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311842 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311889 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q312370 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315000 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315403 for more information]
--- Startup entries list ---
Located: HK_LM:Run, CPQEASYACC
command: C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
file: C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
size: 32768
MD5: 553235e301a6498595720c9e225b9e54
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 106549
MD5: 6d21f9202a24b36e7cb10e8ed9f9de37
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 318b39089ff44d57368eff1ec81bdefd
Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06a1ecb63df139ec639e084d4ab3c9d7
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: c0ca97b06360872117e472eba3d25242
Located: HK_LM:Run, kmw_run.exe
command: kmw_run.exe
file: C:\WINDOWS\system32\kmw_run.exe
size: 106496
MD5: 5ee1ad8304f6f9c1fc3ac9b1223f9890
Located: HK_LM:Run, MMTray
command: C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
file: C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
size: 110592
MD5: d5742e8d40e6cd73cd03193afe8edcda
Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 212992
MD5: f8955392ccfcefb43084e22d7212645b
Located: HK_LM:Run, srmclean
command: C:\Cpqs\Scom\srmclean.exe
file: C:\Cpqs\Scom\srmclean.exe
size: 36864
MD5: 787b8ad5fef1a68d3ed00e4e393b9d18
Located: HK_LM:Run, StorageGuard
command: "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
file: C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
size: 155648
MD5: 33d18d25af83df302a6e66ab781c4ccf
Located: HK_LM:Run, THGuard
command: "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
file: C:\Program Files\TrojanHunter 4.2\THGuard.exe
size: 1089024
MD5: edb3dca0b1f57ac8d915c8ad0830b27c
Located: HK_LM:Run, type32
command: "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
file: C:\Program Files\Microsoft IntelliType Pro\type32.exe
size: 114688
MD5: 0b45a5b6c854cc6c68c891bdeabec035
Located: HK_LM:Run, WCOLOREAL
command: "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
file: C:\Program Files\COMPAQ\Coloreal\coloreal.exe
size: 143360
MD5: 6db919559153bf8ed0b3200908222867
Located: HK_LM:RunOnce, Compaq_RBA
command: C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
Located: HK_LM:Run, MMTray (DISABLED)
command: C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
file: C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
size: 110592
MD5: d5742e8d40e6cd73cd03193afe8edcda
Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170
Located: HK_LM:Run, nwiz (DISABLED)
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 364544
MD5: fa537c72dc6d4f74b3d8a87f7cfbb6ac
Located: HK_LM:Run, TkBellExe (DISABLED)
command: C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
Located: HK_LM:Run, WinTools (DISABLED)
command: C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
Located: HK_LM:RunOnce, WinTools (DISABLED)
command:
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d
--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
BHO name:
CLSID name: Yahoo! Companion BHO
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link:
http://spybot.eon.net.au/ info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 5/12/2004 1:03:00 AM
Date (last access): 4/1/2005 1:45:16 AM
Date (last write): 5/12/2004 1:03:00 AM
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3
{87766247-311C-43B4-8499-3D5FEC94A183} ()
BHO name:
CLSID name:
description: HuntBar variant, HuntBar variant
classification: Confirmed as malware
known filename: Wtoolsb.dll
info link:
http://www.doxdesk.c...te/HuntBar.html info source: TonyKlein
{8952A998-1E7E-4716-B23D-3DBE03910972} ()
BHO name:
CLSID name:
description: HuntBar,
classification: Confirmed as malware
known filename: Toolbar.dll
info link:
http://www.doxdesk.c...te/HuntBar.html info source: TonyKlein
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 1/21/2005 5:46:38 PM
Date (last access): 4/1/2005 1:29:30 AM
Date (last write): 9/9/2004 2:49:12 PM
Filesize: 54488
Attributes: archive
MD5: 943193399C341AC34E842CB07B5F29A0
CRC32: 12DEB8F4
Version: 0.10.0.1
{205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class)
DPF name:
CLSID name: CInstall Class
Path: C:\WINDOWS\DOWNLO~1\
Long name: Install.dll
Short name:
Date (created): 9/30/2004 11:46:24 AM
Date (last access): 4/1/2005 1:46:06 AM
Date (last write): 9/30/2004 11:46:24 AM
Filesize: 315392
Attributes: archive
MD5: B2F217B063FFE01DA62EF1181E726F0E
CRC32: C78ECDD3
Version: 0.2.0.0
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 6/9/2004 4:56:02 PM
Date (last access): 4/1/2005 1:46:08 AM
Date (last write): 6/9/2004 4:56:02 PM
Filesize: 435712
Attributes: archive
MD5: DCFFCA7F818B4CF4DF29B8932907735D
CRC32: 89BBB9BF
Version: 0.5.0.70
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1)
DPF name: Java Runtime Environment 1.3.1
CLSID name: Java Plug-in 1.3.1
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\JavaSoft\JRE\1.3.1\bin\
Long name: NPJava131.dll
Short name: NPJAVA~1.DLL
Date (created): 8/2/2002 12:16:58 AM
Date (last access): 4/1/2005 1:42:12 AM
Date (last write): 5/6/2001 8:14:22 PM
Filesize: 53338
Attributes: archive
MD5: 8D7694975F0E5C1F153AADD68A460887
CRC32: 2AD23CCB
Version: 0.1.0.3
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 2/8/2005 10:52:16 AM
Date (last access): 4/1/2005 1:32:38 AM
Date (last write): 2/8/2005 10:52:16 AM
Filesize: 110592
Attributes: archive
MD5: D90D6B26641FED8E743E8E78F71F0C09
CRC32: C1BA2509
Version: 0.57.0.5
{A17E30C4-A9BA-11D4-8673-60DB54C10000} ()
DPF name:
CLSID name:
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1)
DPF name: Java Runtime Environment 1.3.1
CLSID name: Java Plug-in 1.3.1
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\JavaSoft\JRE\1.3.1\bin\
Long name: NPJava131.dll
Short name: NPJAVA~1.DLL
Date (created): 8/2/2002 12:16:58 AM
Date (last access): 4/1/2005 2:48:10 AM
Date (last write): 5/6/2001 8:14:22 PM
Filesize: 53338
Attributes: archive
MD5: 8D7694975F0E5C1F153AADD68A460887
CRC32: 2AD23CCB
Version: 0.1.0.3
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 6/9/2004 3:59:26 PM
Date (last access): 4/1/2005 1:53:12 AM
Date (last write): 6/9/2004 3:59:26 PM
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 0.7.0.0
--- Process list ---
Spybot - Search && Destroy process list report, 4/1/2005 2:48:09 AM
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 128 ( 800) C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
PID: 412 (1408) C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID: 460 ( 4) \SystemRoot\System32\smss.exe
PID: 520 ( 460) \??\C:\WINDOWS\system32\csrss.exe
PID: 544 ( 460) \??\C:\WINDOWS\system32\winlogon.exe
PID: 588 ( 544) C:\WINDOWS\system32\services.exe
PID: 600 ( 544) C:\WINDOWS\system32\lsass.exe
PID: 800 ( 588) C:\WINDOWS\system32\svchost.exe
PID: 824 (1844) C:\WINDOWS\System32\rmmpkm.exe
PID: 852 ( 588) C:\WINDOWS\System32\svchost.exe
PID: 952 ( 588) C:\WINDOWS\System32\svchost.exe
PID: 964 ( 588) C:\WINDOWS\System32\svchost.exe
PID: 1144 ( 588) C:\WINDOWS\system32\spoolsv.exe
PID: 1332 (1788) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 1400 ( 588) C:\WINDOWS\System32\alg.exe
PID: 1408 (1340) C:\WINDOWS\Explorer.EXE
PID: 1420 ( 588) C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
PID: 1508 ( 588) C:\WINDOWS\System32\nvsvc32.exe
PID: 1644 (1408) C:\windows\system\hpsysdrv.exe
PID: 1676 (1408) C:\WINDOWS\system32\dla\tfswctrl.exe
PID: 1712 (1408) C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
PID: 1728 (1408) C:\WINDOWS\System32\kmw_run.exe
PID: 1744 (1408) C:\Program Files\Microsoft IntelliType Pro\type32.exe
PID: 1752 (1408) C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
PID: 1764 (1408) THGuard.exe
PID: 1788 (1408) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 1852 (1728) C:\WINDOWS\System32\KMW_SHOW.EXE
PID: 1868 (1712) C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
PID: 1880 (1712) C:\Compaq\EAKDRV\EAUSBKBD.EXE
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 4/1/2005 2:48:09 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://home.microsof...ss/allinone.aspHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/search?q=%sHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%sHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://home.microsof...ss/allinone.aspHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://rd.yahoo.com/.../search/ie.htmlHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/search?q=%sHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{448EBD2A-3D73-4EC0-BFA2-D40882CDF538}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{448EBD2A-3D73-4EC0-BFA2-D40882CDF538}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B477CD21-9A4D-4539-9330-CE1C248E9261}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B477CD21-9A4D-4539-9330-CE1C248E9261}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44FBB619-E53D-49B0-B1A8-513BB5EBBE44}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44FBB619-E53D-49B0-B1A8-513BB5EBBE44}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1F55999-07DC-4AC6-A33A-F9F16BBA4BA5}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1F55999-07DC-4AC6-A33A-F9F16BBA4BA5}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D8D8EB9-0E1C-4832-96E1-822801CEFE12}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D8D8EB9-0E1C-4832-96E1-822801CEFE12}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
I also scanned with Trend Micro, Im not sure the log went but I click on
"Auto Clean".
I ran CWShedder ''clicked Fixed it said no CWS were found. Where does this program put its log file??
Im finished posting my virus scans
Now I will follow your list of instructions listed in post #20