Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

aklsp.dll[CLOSED]


  • This topic is locked This topic is locked

#1
avengerx

avengerx

    New Member

  • Member
  • Pip
  • 3 posts
Good day.

I'm hoping to get a bit of advise. I believe my LSP has been jacked by ak-networks.

As advised, I've run CWS, TDS, SpyBot, Ad-Aware, etc. My Norton virus defs are current. XPsp2 is also current.

Through such, I've been able to correct all malware issues, but one. I include an Ad-Aware LSP Log.

LSP Explorer export.
Created on:5/19/2005 11:44:13 PM
---------------------------------------------

Layered Service Providers
winaklsp.dll over [MSAFD Tcpip [TCP/IP]]
Filename : c:\windows\system32\winaklsp.dll
File desicription : winaklsp
File version : 0, 407, 14, 1400
Internal name : winaklsp
Original filename : winaklsp.dll
Product version : 2, 0, 0, 0
Version : 2
Catalog Entry : 1229
Address Family : internetwork: UDP, TCP, etc.
Provider : {563192CF-A128-4EEE-A93E-BE5571FA4513}
Service Flags 1 : $00000066
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_GRACEFUL_CLOSE
XP1_EXPEDITED_DATA
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000008
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $00000000
Security Sheme : 0
Byte Order : Big Endian
Protocol : 6
Protocol MaxOffset : $00000000
Min Socket Address : $00000010
Max Socket Address : $00000010
Socket Type : Stream
Protocol Chain length : 2
Protocol Chain Entry (0) : 1228
Protocol Chain Entry (1) : 1001
winaklsp.dll over [MSAFD Tcpip [UDP/IP]]
Filename : c:\windows\system32\winaklsp.dll
File desicription : winaklsp
File version : 0, 407, 14, 1400
Internal name : winaklsp
Original filename : winaklsp.dll
Product version : 2, 0, 0, 0
Version : 2
Catalog Entry : 1230
Address Family : internetwork: UDP, TCP, etc.
Provider : {563192CF-A128-4EEE-A93E-BE5571FA4513}
Service Flags 1 : $00000609
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_MULTIPOINT
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000008
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $0000FFBB
Security Sheme : 0
Byte Order : Big Endian
Protocol : 17
Protocol MaxOffset : $00000000
Min Socket Address : $00000010
Max Socket Address : $00000010
Socket Type : Datagram
Protocol Chain length : 2
Protocol Chain Entry (0) : 1228
Protocol Chain Entry (1) : 1002
winaklsp.dll over [MSAFD Tcpip [RAW/IP]]
Filename : c:\windows\system32\winaklsp.dll
File desicription : winaklsp
File version : 0, 407, 14, 1400
Internal name : winaklsp
Original filename : winaklsp.dll
Product version : 2, 0, 0, 0
Version : 2
Catalog Entry : 1231
Address Family : internetwork: UDP, TCP, etc.
Provider : {563192CF-A128-4EEE-A93E-BE5571FA4513}
Service Flags 1 : $00000609
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_MULTIPOINT
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $0000000C
PFL_HIDDEN
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $0000FFBB
Security Sheme : 0
Byte Order : Big Endian
Protocol : 0
Protocol MaxOffset : $000000FF
Min Socket Address : $00000010
Max Socket Address : $00000010
Socket Type : Unknown
Protocol Chain length : 2
Protocol Chain Entry (0) : 1228
Protocol Chain Entry (1) : 1003
MSAFD Tcpip [TCP/IP]
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1001
Address Family : internetwork: UDP, TCP, etc.
Provider : {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Service Flags 1 : $00020066
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_GRACEFUL_CLOSE
XP1_EXPEDITED_DATA
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000008
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $00000000
Security Sheme : 0
Byte Order : Big Endian
Protocol : 6
Protocol MaxOffset : $00000000
Min Socket Address : $00000010
Max Socket Address : $00000010
Socket Type : Stream
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD Tcpip [UDP/IP]
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1002
Address Family : internetwork: UDP, TCP, etc.
Provider : {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Service Flags 1 : $00020609
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_MULTIPOINT
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000008
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $0000FFBB
Security Sheme : 0
Byte Order : Big Endian
Protocol : 17
Protocol MaxOffset : $00000000
Min Socket Address : $00000010
Max Socket Address : $00000010
Socket Type : Datagram
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD Tcpip [RAW/IP]
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1003
Address Family : internetwork: UDP, TCP, etc.
Provider : {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Service Flags 1 : $00020609
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_MULTIPOINT
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $0000000C
PFL_HIDDEN
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $0000FFBB
Security Sheme : 0
Byte Order : Big Endian
Protocol : 0
Protocol MaxOffset : $000000FF
Min Socket Address : $00000010
Max Socket Address : $00000010
Socket Type : Unknown
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
RSVP UDP Service Provider
Filename : C:\WINDOWS\system32\rsvpsp.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Rsvp 1.0 Service Provider
File version : 5.1.2600.0 (xpclient.010817-1148)
Internal name : rsvpsp.dll
Original filename : rsvpsp.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.0
Version : 6
Catalog Entry : 1004
Address Family : internetwork: UDP, TCP, etc.
Provider : {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Service Flags 1 : $00022609
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_MULTIPOINT
XP1_QOS_SUPPORTED
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000008
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $0000FFBB
Security Sheme : 0
Byte Order : Big Endian
Protocol : 17
Protocol MaxOffset : $00000000
Min Socket Address : $00000010
Max Socket Address : $00000010
Socket Type : Datagram
Protocol Chain length : 1
Protocol Chain Entry (0) : 23722496
RSVP TCP Service Provider
Filename : C:\WINDOWS\system32\rsvpsp.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Rsvp 1.0 Service Provider
File version : 5.1.2600.0 (xpclient.010817-1148)
Internal name : rsvpsp.dll
Original filename : rsvpsp.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.0
Version : 6
Catalog Entry : 1005
Address Family : internetwork: UDP, TCP, etc.
Provider : {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Service Flags 1 : $00022066
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_GRACEFUL_CLOSE
XP1_EXPEDITED_DATA
XP1_QOS_SUPPORTED
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000008
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $00000000
Security Sheme : 0
Byte Order : Big Endian
Protocol : 6
Protocol MaxOffset : $00000000
Min Socket Address : $00000010
Max Socket Address : $00000010
Socket Type : Stream
Protocol Chain length : 1
Protocol Chain Entry (0) : 2009349512
MSAFD Irda [IrDA]
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1059
Address Family : IrDA
Provider : {3972523D-2AF1-11D1-B655-00805F3642CC}
Service Flags 1 : $00020006
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000008
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $00000000
Security Sheme : 0
Byte Order : Big Endian
Protocol : 1
Protocol MaxOffset : $00000000
Min Socket Address : $00000008
Max Socket Address : $00000020
Socket Type : Stream
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D9C1C6F-C3EF-4BEC-93D7-BFEE67829F1F}] SEQPACKET 4
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1084
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $0002000E
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_MESSAGE_ORIENTED
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -4
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Unknown
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D9C1C6F-C3EF-4BEC-93D7-BFEE67829F1F}] DATAGRAM 4
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1085
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $00020209
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -4
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Datagram
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2173A04-4E82-476C-B99C-8C9D7EC31FDB}] SEQPACKET 3
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1086
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $0002000E
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_MESSAGE_ORIENTED
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -3
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Unknown
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2173A04-4E82-476C-B99C-8C9D7EC31FDB}] DATAGRAM 3
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1087
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $00020209
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -3
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Datagram
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6EA95727-C623-4E60-A6ED-53D26521F4B7}] SEQPACKET 0
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1088
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $0002000E
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_MESSAGE_ORIENTED
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000008
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -2147483648
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Unknown
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6EA95727-C623-4E60-A6ED-53D26521F4B7}] DATAGRAM 0
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1089
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $00020209
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000008
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -2147483648
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Datagram
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6310D870-05F2-4F57-86F2-69838E93589F}] SEQPACKET 1
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1090
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $0002000E
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_MESSAGE_ORIENTED
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -1
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Unknown
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6310D870-05F2-4F57-86F2-69838E93589F}] DATAGRAM 1
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1091
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $00020209
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -1
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Datagram
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{349E0C2B-D186-4D1B-B8ED-C19961BC2706}] SEQPACKET 2
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1092
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $0002000E
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_MESSAGE_ORIENTED
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -2
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Unknown
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{349E0C2B-D186-4D1B-B8ED-C19961BC2706}] DATAGRAM 2
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1093
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $00020209
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -2
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Datagram
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{51C0C6AD-14EC-41F1-B2E8-70C7B1FCDF55}] SEQPACKET 5
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1094
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $0002000E
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_MESSAGE_ORIENTED
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -5
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Unknown
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{51C0C6AD-14EC-41F1-B2E8-70C7B1FCDF55}] DATAGRAM 5
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1095
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $00020209
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -5
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Datagram
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{88E8196B-48D7-4CE3-BA4D-6DFFC6997951}] SEQPACKET 6
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1096
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $0002000E
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_MESSAGE_ORIENTED
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -6
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Unknown
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
MSAFD NetBIOS [\Device\NetBT_Tcpip_{88E8196B-48D7-4CE3-BA4D-6DFFC6997951}] DATAGRAM 6
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
Version : 2
Catalog Entry : 1097
Address Family : NetBios-style addresses
Provider : {8D5F1830-C273-11CF-95C8-00805F48A192}
Service Flags 1 : $00020209
XP1_CONNECTIONLESS
XP1_MESSAGE_ORIENTED
XP1_SUPPORT_BROADCAST
XP1_SUPPORT_BROADCAST
XP1_IFS_HANDLES
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $00000000
Maximum Message Size : $0000FA00
Security Sheme : 0
Byte Order : Big Endian
Protocol : -6
Protocol MaxOffset : $00000000
Min Socket Address : $00000014
Max Socket Address : $00000014
Socket Type : Datagram
Protocol Chain length : 1
Protocol Chain Entry (0) : 0
winaklsp.dll
Filename : c:\windows\system32\winaklsp.dll
File desicription : winaklsp
File version : 0, 407, 14, 1400
Internal name : winaklsp
Original filename : winaklsp.dll
Product version : 2, 0, 0, 0
Version : 2
Catalog Entry : 1228
Address Family : internetwork: UDP, TCP, etc.
Provider : {9FFE79E9-BFAB-49D5-B461-7A38B71A8EE8}
Service Flags 1 : $00000066
XP1_GUARANTEED_DELIVERY
XP1_GUARANTEED_ORDER
XP1_GRACEFUL_CLOSE
XP1_EXPEDITED_DATA
Service Flags 2 : $00000000
Service Flags 3 : $00000000
Service Flags 4 : $00000000
Provider Flags : $0000000C
PFL_HIDDEN
PFL_MATCHES_PROTOCOL_ZERO
Maximum Message Size : $00000000
Security Sheme : 0
Byte Order : Big Endian
Protocol : 6
Protocol MaxOffset : $00000000
Min Socket Address : $00000010
Max Socket Address : $00000010
Socket Type : Stream
Protocol Chain length : 0
Name Space Providers
Description : Tcpip
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
NameSpace : NS_DNS
Active : Yes
Protocol Version : 0
Provider : {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Description : NTDS
Filename : C:\WINDOWS\system32\winrnr.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : LDAP RnR Provider DLL
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : winrnr
Original filename : winrnr
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
NameSpace : NS_NTDS
Active : Yes
Protocol Version : 0
Provider : {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Description : Network Location Awareness (NLA) Namespace
Filename : C:\WINDOWS\system32\mswsock.dll
Legal copyright : Microsoft Corporation. All rights reserved.
Company name : Microsoft Corporation
File desicription : Microsoft Windows Sockets 2.0 Service Provider
File version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal name : mswsock.dll
Original filename : mswsock.dll
Product name : Microsoft Windows Operating System
Product version : 5.1.2600.2180
NameSpace : Unknown
Active : Yes
Protocol Version : 0
Provider : {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Ad-Aware LSP offers a remove option. Is this my best route? Or should I use LSPFix, instead? In removing these four entries, could either cause numbering problems on restart? If so, is WinsockXPFix my best option? Any advise would be appreciated.

Thanks, JB
  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hi there and welcome to GeeksToGo! could you please post a HijackThis log here in a reply for me to look at? I will be happy to help you get this fixed up!!
  • 0

#3
avengerx

avengerx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi, Kat.

As requested...

Logfile of HijackThis v1.99.1
Scan saved at 2:28:42 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Norton SystemWorks\CKA.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eBay\eBay Toolbar\4.4.0.2\ebaytbar.exe
C:\Program Files\WebJet\WebJet\WebJet.exe
C:\Program Files\GALTWARE\SCREEN CONTROL\screencontrol.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ev1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ev1.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:3128
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [EZNXP] C:\PROGRA~1\EZN\EVERYO~1\eznorun.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SymKeepAlive] C:\Program Files\Norton SystemWorks\CKA.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Screen Control.lnk = C:\Program Files\GALTWARE\SCREEN CONTROL\screencontrol.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.4.0.2\ebaytbar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: WebJet.lnk = C:\Program Files\WebJet\WebJet\WebJet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\winaklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winaklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winaklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winaklsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?319
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E8196B-48D7-4CE3-BA4D-6DFFC6997951}: NameServer = 207.218.192.38 207.218.192.39
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

#4
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
1. A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

1. Please download LSPFix from here.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of winaklsp.dll
5. Select every instance of winaklsp.dll and move each one to the Remove box by clicking the >> button.
6. When you are done click Finish>>.

2. Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
3. Open HijackThis and click "Scan". Place an X next to each of the following entries only:

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab


Make sure all other windows and programs are closed, then click "Fix selected". Reboot.

4. Reply here with a copy of the log from Ewido, along with a fresh HJT log. Please also let me know how things are running!
  • 0

#5
avengerx

avengerx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi, Kat. Thanks for responding so promptly. Before I begin with the remedy you suggest, if you would humor me with a reply to the questions in my first post. I'm sure I'm just being overcautious, but I don't like surprises. Thanks for understanding.


>>> From Original Post

Ad-Aware LSP offers a remove option. Is this my best route? Or should I use LSPFix, instead? In removing these four entries, could either cause numbering problems on restart? If so, is WinsockXPFix my best option? Any advise would be appreciated.


Thanks again, JB
  • 0

#6
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hi JB. To be honest, I am unfamiliar with the Ad-Aware LSP. In my two years' worth of experience the best and safest way to fix this problem is to use LSPFix. I did research the entry showing in the 010 lines in your HJT log, and they ARE most definitely malicious. Using LSP fix will NOT lose your internet connection for you.
  • 0

#7
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP