I tried to go thru this step by step but ran into many problems.
Security IGuard
Virtual Maid
Search Maid
These were not found in add and remove programs (and I do have it set up to show hidden files)
"List any files going to be deleted that are running", by this I guess you mean:
Security IGuard
Virtual Maid
Search Maid
C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
However, intmon.exe (there was no p in mine) would not end. It kept popping up elsewhere in the list no matter how many times i ended it.
I did the killbox, but it would not list :
C:\wp.exe
C:\Windows\popuper.exe
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
Then, of these:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard
the only one I could find was :
C:\Windows\System32\Log Files, which I deleted
I did the registerlite thing.
The Hoster program would not let me use "Restore Original Hosts" (I got a message saying that items were read only and to push putton at right if you want to be able to write, but nothing happened when I pushed that button.
Then I did CLeanup and tried to do ActiveScan, but the window that opened was the quicknavigate screen (just like when I try to go to sites like yahoo)
Here is my NEW Ad-aware SE Logfile:
Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 9:22:43 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CommonName(TAC index:7):3 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:48 %
Total physical memory:522228 kb
Available physical memory:249564 kb
Total page file size:1276916 kb
Available on page file:1070108 kb
Total virtual memory:2097024 kb
Available virtual memory:2049352 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
5-12-2005 9:22:43 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 572
ThreadCreationTime : 5-12-2005 2:12:30 PM
BasePriority : Normal
#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 660
ThreadCreationTime : 5-12-2005 2:12:32 PM
BasePriority : High
#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 704
ThreadCreationTime : 5-12-2005 2:12:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 716
ThreadCreationTime : 5-12-2005 2:12:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 916
ThreadCreationTime : 5-12-2005 2:12:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1016
ThreadCreationTime : 5-12-2005 2:12:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1264
ThreadCreationTime : 5-12-2005 2:12:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:8 [asfagent.exe]
ModuleName : C:\Program Files\Intel\ASF Agent\ASFAgent.exe
Command Line : n/a
ProcessID : 1424
ThreadCreationTime : 5-12-2005 2:12:42 PM
BasePriority : Normal
FileVersion : 3.0
ProductVersion : 3.0
ProductName : Intel® PRO Alerting Suite ASF 1.0 Compatible
CompanyName : Intel Corporation
FileDescription : ASF Agent COM Service
InternalName : ASFAgent
LegalCopyright : Copyright © 2000-2002 Intel Corporation
OriginalFilename : ASFAgent.EXE
#:9 [iap.exe]
ModuleName : C:\Program Files\Dell\OpenManage\Client\Iap.exe
Command Line : n/a
ProcessID : 1476
ThreadCreationTime : 5-12-2005 2:12:42 PM
BasePriority : Normal
FileVersion : 7, 0, 316, 0
ProductVersion : 7, 0, 316, 0
ProductName : OpenManage Client Instrumentation
CompanyName : Dell Computer Corporation
FileDescription : Iap Module
InternalName : Iap
LegalCopyright : Copyright © Dell Computer Corporation 2000-2001
OriginalFilename : Iap.EXE
#:10 [ntrtscan.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
Command Line : n/a
ProcessID : 1500
ThreadCreationTime : 5-12-2005 2:12:42 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.
#:11 [tmlisten.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Command Line : n/a
ProcessID : 1568
ThreadCreationTime : 5-12-2005 2:12:42 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.
#:12 [ofcdog.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
Command Line : n/a
ProcessID : 184
ThreadCreationTime : 5-12-2005 2:12:46 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.
#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 632
ThreadCreationTime : 5-12-2005 2:20:54 PM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:14 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe"
ProcessID : 640
ThreadCreationTime : 5-12-2005 2:20:55 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:15 [shnlog.exe]
ModuleName : C:\WINDOWS\System32\shnlog.exe
Command Line : "C:\WINDOWS\System32\shnlog.exe"
ProcessID : 260
ThreadCreationTime : 5-12-2005 2:20:55 PM
BasePriority : Normal
ProductVersion : 1.7
#:16 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 428
ThreadCreationTime : 5-12-2005 2:20:55 PM
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE
#:17 [intmon.exe]
ModuleName : C:\WINDOWS\System32\intmon.exe
Command Line : intmon.exe
ProcessID : 2176
ThreadCreationTime : 5-12-2005 2:20:56 PM
BasePriority : Normal
#:18 [pccntmon.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
ProcessID : 2568
ThreadCreationTime : 5-12-2005 2:20:56 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
FileDescription : I/O Monitor
InternalName : PCCNTMON
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.
OriginalFilename : PCCNTMON.EXE
#:19 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2548
ThreadCreationTime : 5-12-2005 2:20:56 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:20 [javaw.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" -jar -Duser.dir="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0" "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\bin\bootstrap.jar" start
ProcessID : 2728
ThreadCreationTime : 5-12-2005 2:21:00 PM
BasePriority : Normal
#:21 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 4016
ThreadCreationTime : 5-12-2005 2:21:24 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:22 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2140
ThreadCreationTime : 5-12-2005 2:22:30 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
CommonName Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
Value :
CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{1e1b286c-88ff-11d2-8d96-d7acac95951f}
Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 4
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
9:30:33 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:50.305
Objects scanned:105606
Objects identified:4
Objects ignored:0
New critical objects:4
Here is the Spybot report which did find securityIguard and coolwebsearch
--- Search result list ---
Cache: Cache (167) (Cache, nothing done)
Adobe Acrobat Reader 6: Recent file #1 (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c1
Common Dialogs: History (16 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Cookie: Cookie (3) (Cookie, nothing done)
CoolWWWSearch.ToonComics: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}
CoolWWWSearch.ToonComics: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}
Internet Explorer: AutoComplete data (36 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Internet Explorer\IntelliForms\SPW
Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Internet Explorer\Download Directory!=
Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Install: Active Setup Log.txt (Backup file, nothing done)
C:\WINDOWS\Active Setup Log.txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log
Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log
MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=
MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0
MS Media Player: Manually modified tags history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit
MS Media Player: Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch
MS Office 10.0 (Word): Recently used documents list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Office\10.0\Word\Data\Settings
MS Office 11.0 (Document Imaging): Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Document Imaging): Persistent filename list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Search Assistant\ACMru
RealOne Player 2 (aka RealPlayer 6.0): Last open file directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir\!=
Security IGuards: Autorun settings (Security iGuard) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security iGuard
Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
Windows Explorer: Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: Network map history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU
Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Recent wallpaper list (46 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: Stream history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: User Assistant history files (936 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: User Assistant history IE (57 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows.OpenWith: Open with list - .BMP extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: Open with list - .001 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList
Windows.OpenWith: Open with list - .005 extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList
Windows.OpenWith: Open with list - .ASX extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList
Windows.OpenWith: Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-04-27 Includes\Dialer.sbi
2005-04-27 Includes\Hijackers.sbi
2005-04-15 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-04-27 Includes\Malware.sbi
2005-04-27 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-04-27 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-04-27 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP1: Windows XP Hotfix - KB824146
/ Windows XP / SP1: Windows XP Service Pack 1a
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q329048
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329256 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q331060 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q816982
/ Windows XP / SP2: Windows XP Hotfix - KB810217
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See KB810243 for more information]
/ Windows XP / SP2: Advanced Networking Pack for Windows XP
/ Windows XP / SP2: Windows XP Hotfix - KB820291
/ Windows XP / SP2: Windows XP Hotfix - KB821253
/ Windows XP / SP2: Windows XP Hotfix - KB822603
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB826939
/ Windows XP / SP2: Windows XP Hotfix - KB826942
/ Windows XP / SP2: Windows XP Hotfix - KB828028
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB829558
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q322011
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329048
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See q329256 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q331060 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814995
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q816982
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696
--- Startup entries list ---
Located: HK_LM:Run,
command:
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 118784
MD5: 07e2751e246bff288c76a86f9ecd9ac0
Located: HK_LM:Run, iexplore.exe
command: C:\Program Files\Internet Explorer\iexplore.exe
file: C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418d301c3b1fa94b19584aeeb3d65166
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 2454d762448b0bc5f2e9ee642804af8f
Located: HK_LM:Run, MSN Messenger
command: C:\WINDOWS\System32\msmsgs.exe
Located: HK_LM:Run, OfficeScanNT Monitor
command: "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
file: C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
size: 303104
MD5: a0c6fa7bf2fa2a831ad517ca97df313b
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: fc9f5c5d87d0a6d1e10773d20cb3c3ef
Located: HK_LM:Run, Security iGuard
command: C:\Program Files\Security iGuard\Security iGuard.exe
Located: HK_LM:Run, TomcatStartup
command: C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
file: C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
size: 143360
MD5: dbfc15a757470302b3a81ccde3feea28
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1498032
MD5: f5c2f0308d0aa91457059ec7227a06f7
Located: HK_CU:Run, WindowsFY
command: c:\bsw.exe
--- Browser helper object list ---
{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} (VMHomepage Class)
BHO name:
CLSID name: VMHomepage Class
Path: C:\WINDOWS\System32\
Long name: hpE964.tmp
Short name:
Date (created): 5/12/2005 9:20:56 AM
Date (last access): 5/12/2005 9:20:56 AM
Date (last write): 5/12/2005 9:20:56 AM
Filesize: 52736
Attributes: archive
MD5: C221E7AD873EE6A52CF590FD667FC648
CRC32: ABBE297A
Version: 255.255.255.255
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan60.ocx
Short name:
Date (created): 4/9/2005 3:12:42 AM
Date (last access): 5/10/2005 8:01:50 AM
Date (last write): 4/9/2005 3:12:42 AM
Filesize: 475190
Attributes: archive
MD5: FC295A70672646B4B0884288F6DB5BF9
CRC32: 256969EA
Version: 0.6.0.0
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 6/9/2004 4:56:02 PM
Date (last access): 5/10/2005 7:51:36 AM
Date (last write): 6/9/2004 4:56:02 PM
Filesize: 435712
Attributes: archive
MD5: DCFFCA7F818B4CF4DF29B8932907735D
CRC32: 89BBB9BF
Version: 0.5.0.70
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 8/31/2004 1:16:06 PM
Date (last access): 5/12/2005 9:23:26 AM
Date (last write): 8/31/2004 1:16:06 PM
Filesize: 62464
Attributes: archive
MD5: 2969926045E76630F7741FF2DE37205C
CRC32: AA4252EF
Version: 0.1.0.0
--- Process list ---
Spybot - Search && Destroy process list report, 5/12/2005 9:52:51 AM
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 184 (1500) C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
PID: 260 ( 632) C:\WINDOWS\System32\shnlog.exe
PID: 428 ( 632) C:\WINDOWS\System32\hkcmd.exe
PID: 572 ( 4) \SystemRoot\System32\smss.exe
PID: 632 (1104) C:\WINDOWS\Explorer.EXE
PID: 636 ( 572) CSRSS.EXE
PID: 640 ( 632) C:\Program Files\Messenger\msmsgs.exe
PID: 660 ( 572) \??\C:\WINDOWS\system32\winlogon.exe
PID: 704 ( 660) C:\WINDOWS\system32\services.exe
PID: 716 ( 660) C:\WINDOWS\system32\lsass.exe
PID: 916 ( 704) C:\WINDOWS\system32\svchost.exe
PID: 1016 ( 704) C:\WINDOWS\System32\svchost.exe
PID: 1088 ( 704) SVCHOST.EXE
PID: 1132 ( 704) SVCHOST.EXE
PID: 1264 ( 704) C:\WINDOWS\system32\spoolsv.exe
PID: 1424 ( 704) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PID: 1476 ( 704) C:\Program Files\Dell\OpenManage\Client\Iap.exe
PID: 1500 ( 704) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
PID: 1568 ( 704) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
PID: 1648 ( 704) wdfmgr.exe
PID: 2140 ( 632) C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
PID: 2176 ( 260) C:\WINDOWS\System32\intmon.exe
PID: 2260 ( 632) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 2548 ( 632) C:\Program Files\QuickTime\qttask.exe
PID: 2568 ( 632) C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
PID: 2728 (2216) C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
PID: 3696 ( 916) wmiprvse.exe
PID: 4016 ( 632) C:\Program Files\Internet Explorer\iexplore.exe
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 5/12/2005 9:52:51 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
http://www.quicknavigate.com/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.quicknavi...earch.php?qq=%1HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.quicknavigate.com/bar.htmlHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.quicknavi...earch.php?qq=%1HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.quicknavi...earch.php?qq=%1HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://www.quicknavi...earch.php?qq=%1HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.quicknavi...earch.php?qq=%1HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
http://www.qfind.net/HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.qfind.net/search.php?qq=%sHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://qfind.net/bar/index.htmlHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.qfind.net/HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.qfind.net/HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.qfind.net/search.php?qq=%sHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
http://www.microsoft...=ie&ar=iesearchHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.qfind.net/search.php?qq=%sHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://www.qfind.net/search.php?qq=%s--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A755912-ED41-4491-BE37-3A7292EBFD42}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A755912-ED41-4491-BE37-3A7292EBFD42}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6518CA11-FCBF-4B60-BF0D-A7E7050C3D48}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6518CA11-FCBF-4B60-BF0D-A7E7050C3D48}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC3A8FE7-9F17-4BA5-8355-DC05DD003F85}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC3A8FE7-9F17-4BA5-8355-DC05DD003F85}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace