That darn nuker.com window just opened. This is after running Spybot and fixing.
Attached is the SpyBot report. No, I don't find a "Browse" button to do an attachment, so I'll copy the text here. I hope that's OK.
--- Search result list ---
MagicControl.Agent: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-3009342548-954458941-1801271328-1005\Software\mc\SA
MagicControl.Agent: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3009342548-954458941-1801271328-1005\Software\LanConfig
--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-04-27 Includes\Dialer.sbi
2005-05-12 Includes\Hijackers.sbi
2005-04-15 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-05-11 Includes\Malware.sbi
2005-05-11 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-05-11 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-05-11 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Microsoft SQL Server 2000 Service Pack 3 Updates to MDAC 2.7 SP1
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB893066
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88107
MD5: 338879395df79b77565077f9c0727f7b
Located: HK_LM:Run, AOL Spyware Protection
command: "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
file: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
size: 79448
MD5: 747f55208a1508db7b91e0e1fe0ef23a
Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 496752
MD5: c470f57fb6c4b4df32d694ce0fd2b387
Located: HK_LM:Run, AutoProp
command: C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\WMPaddin.dll
file: C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\regprop.exe
size: 36864
MD5: 06a4c46a2856bd5e3a631a268d306e3b
Located: HK_LM:Run, ezShieldProtector for Px
command: C:\WINDOWS\System32\ezSP_Px.exe
file: C:\WINDOWS\System32\ezSP_Px.exe
size: 40960
MD5: 2849ed071a0d83406bda342aa767f24e
Located: HK_LM:Run, IndexSearch
command: C:\PAPRPORT\IndexSearch.exe
file: C:\PAPRPORT\IndexSearch.exe
size: 40960
MD5: 1e7903df8917d777492f174db8b39f52
Located: HK_LM:Run, InstantAccess
command: C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
file: C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
size: 30720
MD5: c61eebaf8ef308a03c94b81dd20ca322
Located: HK_LM:Run, LTSMMSG
command: LTSMMSG.exe
file: C:\WINDOWS\LTSMMSG.exe
size: 32768
MD5: 2d88d91f138512ff7e4aab66486ee051
Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 278528
MD5: c9a041d6e5211ca48aeba3ac1987d837
Located: HK_LM:Run, MCUpdateExe
command: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
file: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
size: 180224
MD5: c7d0c96ad30cfafc37f621c75fad6252
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 323584
MD5: 99b4b415dd1be7325deda3b88df5938a
Located: HK_LM:Run, PaperPort PTD
command: C:\PAPRPORT\pptd40nt.exe
file: C:\PAPRPORT\pptd40nt.exe
size: 57393
MD5: f66581c91edfc0464457e2f0fdb65aff
Located: HK_LM:Run, PP5300usb
command: C:\PAPRPORT\FBDirect.exe
file: C:\PAPRPORT\FBDirect.exe
size: 226816
MD5: f7db84d61b8df0f708c0ed2e197609e1
Located: HK_LM:Run, Pure Networks Port Magic
command: "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
file: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
size: 99480
MD5: ba99c608a075c44026720d5383f3d75b
Located: HK_LM:Run, QuickFinder Scheduler
command: "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
file: C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE
size: 77887
MD5: 5121b7bc599d22d26b939c95196f507c
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9
Located: HK_LM:Run, RegisterDropHandler
command: C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
file: C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
size: 22528
MD5: 3e557819c975ae55c1b032304a426d6c
Located: HK_LM:Run, SiS KHooker
command: C:\WINDOWS\System32\khooker.exe
Located: HK_LM:Run, SiS Tray
command:
Located: HK_LM:Run, SiSUSBRG
command: C:\WINDOWS\SiSUSBrg.exe
file: C:\WINDOWS\SiSUSBrg.exe
size: 102400
MD5: 52ceb84ac83d8c7b0ac0c40a3b734d64
Located: HK_LM:Run, StorageGuard
command: "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
file: C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
size: 155648
MD5: 68c91658a3cb6773ec79c90cc0ee6bc1
Located: HK_LM:Run, THGuard
command: "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
file: C:\Program Files\TrojanHunter 4.2\THGuard.exe
size: 1089024
MD5: edb3dca0b1f57ac8d915c8ad0830b27c
Located: HK_LM:Run, THGuard
command: "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
file: C:\Program Files\TrojanHunter 4.2\THGuard.exe
size: 1089024
MD5: edb3dca0b1f57ac8d915c8ad0830b27c
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 3cf6bff887af6f733473d81a8921a5c5
Located: HK_LM:Run, VirusScan Online
command: "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
file: c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
size: 196608
MD5: 944982c9b57c8bcc58f4001a62cd503f
Located: HK_LM:Run, VSOCheckTask
command: "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
file: c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
size: 143360
MD5: d527afe3bed159802f84fee4118b995a
Located: HK_LM:RunServices, RegisterDropHandler
command: C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
file: C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
size: 22528
MD5: 3e557819c975ae55c1b032304a426d6c
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259
Located: HK_CU:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_CU:Run, PPWebCap
command: C:\PAPRPORT\PPWebCap.exe
file: C:\PAPRPORT\PPWebCap.exe
size: 94257
MD5: 6363883e4dd9e71c10e5f18ce2a4813b
Located: Startup (common), Acrobat Assistant.lnk
command: C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
file: C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
size: 82026
MD5: 21189b8f2d747b6981a54d5c5d554c8e
Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (common), America Online Tray Icon.lnk
command: C:\Program Files\America Online 9.0a\aoltray.exe
file: C:\Program Files\America Online 9.0a\aoltray.exe
size: 156784
MD5: d3e103e5b79a6e8ba5b58e0a7c21523b
Located: Startup (common), Giga Pocket Remocon Driver.lnk
command: C:\Program Files\sony\giga pocket\usbsircs.exe
file: C:\Program Files\sony\giga pocket\usbsircs.exe
size: 159744
MD5: 0dc08610250bea1f0a099375be6a3e8f
Located: Startup (common), Microsoft Broadband Networking.lnk
command: C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe
file: C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe
size: 25214
MD5: 5cb1648da7a10d5003b27c19434ff124
Located: Startup (common), PositionAgent.lnk
command: C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
file: C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
size: 131072
MD5: b94ecfe591f74e68ebbcce856a26d8ca
Located: Startup (common), Timer Recording Manager.lnk
command: C:\Program Files\Sony\giga pocket\ReserveModule.exe
file: C:\Program Files\Sony\giga pocket\ReserveModule.exe
size: 233472
MD5: e5f45ac1a2cec72fc4da33b59581e40c
Located: Startup (common), VAIO Action Setup (Server).lnk
command: C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
file: C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
size: 40960
MD5: aa01ad8d6c16bcbf0d89b93ecd72f68d
Located: Startup (user), Shortcut to OUTLOOK.lnk
command: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
file: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 196296
MD5: edb2d35ef459fa287d02206602301e91
--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link:
http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 5/12/2004 1:03:00 AM
Date (last access): 5/22/2005 9:16:16 AM
Date (last write): 5/12/2004 1:03:00 AM
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
Yahoo! Chat (Yahoo! Chat)
DPF name: Yahoo! Chat
CLSID name:
{0075546E-5D3D-11D2-A3E5-0060971304D8} (WTX_Installer Class)
DPF name:
CLSID name: WTX_Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wtx_setup.dll
Short name: WTX_SE~1.DLL
Date (created): 8/18/2003 12:15:00 PM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 8/18/2003 12:15:00 PM
Filesize: 55800
Attributes: archive
MD5: A08DCED7C8D4950D968B63C0A55DB95D
CRC32: 4A991FB2
Version: 0.3.0.0
{02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass)
DPF name:
CLSID name: VaioInfo.CMClass
Path: C:\WINDOWS\Downloaded Program Files\
Long name: VaioInfo.dll
Short name:
Date (created): 10/27/2004 1:06:30 PM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 10/27/2004 1:06:30 PM
Filesize: 49152
Attributes: archive
MD5: 48A6D73627BED4C463FEBA338D8E13A5
CRC32: 01620329
Version: 0.2.0.2
{0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class)
DPF name:
CLSID name: BrowseFolderPopup Class
description: McAfee
classification: Legitimate
known filename: MGBRWFLD.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\MCBin\Shared\
Long name: MGBrwFld.dll
Short name:
Date (created): 11/19/1999 8:06:54 PM
Date (last access): 5/20/2005 5:42:06 PM
Date (last write): 11/19/1999 8:06:54 PM
Filesize: 94208
Attributes: archive
MD5: BE3CA757FB644CDF0A3CC0F6BCDF3803
CRC32: E67A73A4
Version: 0.1.0.0
{11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control)
DPF name:
CLSID name: iPIX ActiveX Control
description: iPIX ActiveX Control
classification: Unknown
known filename: ipixx.ocx
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: ipixx.ocx
Short name:
Date (created): 6/2/2000 12:29:42 PM
Date (last access): 5/20/2005 5:42:06 PM
Date (last write): 6/2/2000 12:29:42 PM
Filesize: 102912
Attributes: archive
MD5: FF183CADA1ED933276B169E304E88910
CRC32: E85AE186
Version: 0.6.0.2
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 1/14/2003 7:52:40 PM
Date (last access): 5/20/2005 5:42:08 PM
Date (last write): 1/9/2002 3:28:02 AM
Filesize: 32768
Attributes: archive
MD5: 92FA0AE21D3A08B65D291724AA7D0E43
CRC32: 7B63A9DB
Version: 0.8.0.5
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 1/28/2005 3:38:00 PM
Date (last access): 5/18/2005 8:18:02 PM
Date (last write): 1/28/2005 3:38:00 PM
Filesize: 421128
Attributes: archive
MD5: C3C3864DA698F0CC1BE56F9695534DD8
CRC32: C0FC216A
Version: 0.1.0.0
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class)
DPF name:
CLSID name: MSSecurityAdvisor Class
Path: C:\WINDOWS\System32\
Long name: mssecadv.dll
Short name:
Date (created): 9/8/2003 12:30:46 PM
Date (last access): 5/16/2005 2:14:06 PM
Date (last write): 9/8/2003 12:30:46 PM
Filesize: 36960
Attributes: archive
MD5: A4282FD762CE1C4FFA665538E335CFF0
CRC32: 51ECFB75
Version: 0.5.0.4
{2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing)
DPF name:
CLSID name: Yahoo! Audio Conferencing
description: Yahoo Audio Conferencing
classification: Legitimate
known filename: YACSCOM.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: yacscom.dll
Short name:
Date (created): 5/27/2003 7:24:20 PM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 5/27/2003 7:24:20 PM
Filesize: 233472
Attributes: archive
MD5: B9B01094F1E7A2B9EF2A74F9D8A7D464
CRC32: 313C98A6
Version: 0.1.0.0
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 4/27/2005 9:43:34 AM
Date (last access): 5/22/2005 9:25:04 AM
Date (last write): 4/27/2005 9:43:34 AM
Filesize: 202352
Attributes: archive
MD5: DED7B2F31D562643DAFD67F304813CB8
CRC32: 2921D0E7
Version: 7.212.0.12
{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 8/27/2003 5:10:30 AM
Date (last access): 5/22/2005 9:26:02 AM
Date (last write): 8/27/2003 5:10:30 AM
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 0.11.0.0
{41F17733-B041-4099-A042-B518BB6A408C} ()
DPF name:
CLSID name:
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class)
DPF name:
CLSID name: QDiagAOLCCUpdateObj Class
Path: C:\WINDOWS\System32\
Long name: qdiagcc.ocx
Short name:
Date (created): 2/23/2004 10:58:20 AM
Date (last access): 5/8/2005 3:47:16 PM
Date (last write): 2/23/2004 10:58:20 AM
Filesize: 1003520
Attributes: archive
MD5: 8B6C90078C00352FFC6F78BE1E4891DE
CRC32: 896B9758
Version: 0.1.0.0
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Path: C:\WINDOWS\system32\
Long name: mcinsctl.dll
Short name:
Date (created): 8/5/2003 12:01:28 PM
Date (last access): 5/22/2005 9:16:18 AM
Date (last write): 3/7/2005 3:05:30 PM
Filesize: 341568
Attributes: archive
MD5: E87BA172619E82572106B008BB494B38
CRC32: 96945A8E
Version: 0.4.0.0
{597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class)
DPF name:
CLSID name: OPUCatalog Class
Path: C:\WINDOWS\System32\
Long name: opuc.dll
Short name:
Date (created): 4/3/2003 4:48:58 PM
Date (last access): 5/16/2005 2:14:20 PM
Date (last write): 4/3/2003 4:48:58 PM
Filesize: 180496
Attributes: archive
MD5: 81FBAD247E1A8C38BD5937578748C248
CRC32: 9A0F00AB
Version: 0.10.0.0
{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 4/27/2005 9:43:46 AM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 4/27/2005 9:43:46 AM
Filesize: 161432
Attributes: archive
MD5: 2E5FCBD80A006132A302E2B3C5ED653E
CRC32: 4A61625E
Version: 7.212.0.6
{6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class)
DPF name:
CLSID name: Ofoto Upload Manager Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: axofupld.dll
Short name:
Date (created): 11/5/2003 12:24:56 AM
Date (last access): 5/22/2005 9:25:04 AM
Date (last write): 11/5/2003 12:24:56 AM
Filesize: 196694
Attributes: archive
MD5: 709AA5EE6325C0D2F3F5C82F90635C25
CRC32: 667A9090
Version: 0.1.0.0
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 3/24/2004 6:22:12 PM
Date (last access): 5/8/2005 4:03:30 PM
Date (last write): 3/24/2004 6:22:12 PM
Filesize: 435712
Attributes: archive
MD5: 99A67AEE9A6E3EFD2126AFA0840ECBED
CRC32: 9198FA39
Version: 0.5.0.70
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 9/18/2003 10:45:06 PM
Date (last access): 5/8/2005 3:23:14 PM
Date (last write): 2/20/2003 4:42:34 PM
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 0.1.0.4
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
DPF name:
CLSID name: DwnldGroupMgr Class
Path: C:\WINDOWS\system32\
Long name: McGDMgr.dll
Short name:
Date (created): 8/7/2003 8:41:22 PM
Date (last access): 5/22/2005 9:16:18 AM
Date (last write): 2/15/2005 11:34:18 AM
Filesize: 277616
Attributes: archive
MD5: 1D9A1D29A60BFB9B92E36E17F0D951E5
CRC32: EEB52960
Version: 0.1.0.0
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
Path: C:\Program Files\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 9/18/2003 10:45:06 PM
Date (last access): 5/22/2005 10:24:12 AM
Date (last write): 2/20/2003 4:42:34 PM
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 0.1.0.4
{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class)
DPF name:
CLSID name: Live365Player Class
Path: C:\WINDOWS\DOWNLO~1\
Long name: Play365.dll
Short name:
Date (created): 6/6/2003 7:06:56 PM
Date (last access): 5/22/2005 9:25:04 AM
Date (last write): 6/6/2003 7:06:56 PM
Filesize: 335872
Attributes: archive
MD5: 02D3243B77F6C3EFBF67AAD62C26B443
CRC32: FA8AB3C6
Version: 0.1.0.0
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 6/9/2004 3:59:26 PM
Date (last access): 5/21/2005 1:24:28 PM
Date (last write): 6/9/2004 3:59:26 PM
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 0.7.0.0
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class)
DPF name:
CLSID name: iTunesDetector Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ITDetector.ocx
Short name: ITDETE~1.OCX
Date (created): 2/3/2004 10:26:38 AM
Date (last access): 5/20/2005 5:42:28 PM
Date (last write): 2/3/2004 10:26:38 AM
Filesize: 49152
Attributes: archive
MD5: C45D0B763A601B1EEF0573F99F1DD732
CRC32: 09E2233A
Version: 0.2.0.0
{D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class)
DPF name:
CLSID name: MMRadioHostX Class
{DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control)
DPF name:
CLSID name: Microsoft Office Tools on the Web Control
Path: C:\WINDOWS\Downloaded Program Files\
Long name: OUTC.DLL
Short name:
Date (created): 3/13/2003 12:04:06 PM
Date (last access): 5/22/2005 9:25:04 AM
Date (last write): 3/13/2003 12:04:06 PM
Filesize: 45720
Attributes: archive
MD5: 45DE1052FE8AA3D8507FD5A6343420E0
CRC32: 41AA4F0C
Version: 0.1.0.3
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Path: C:\WINDOWS\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 1/22/2003 10:04:38 AM
Date (last access): 5/20/2005 5:42:30 PM
Date (last write): 1/22/2003 10:04:38 AM
Filesize: 86016
Attributes: archive
MD5: 3C88E39B1DFD31FD591907DD13393E89
CRC32: 23B8F415
Version: 0.1.0.4
{FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm)
DPF name:
CLSID name: sonyctl.sonycm
Path: C:\WINDOWS\Downloaded Program Files\
Long name: sonyctl.dll
Short name:
Date (created): 9/20/2001 1:40:38 PM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 9/20/2001 1:40:38 PM
Filesize: 32768
Attributes: archive
MD5: 70E2F85BD910C720C5FE1D81B9FBF850
CRC32: F5955C0C
Version: 0.4.0.0
--- Process list ---
Spybot - Search && Destroy process list report, 5/22/2005 10:24:11 AM
PID: 0 ( 0) [System]
PID: 4 ( 0) system
PID: 148 ( 456) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
PID: 188 ( 996) C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
PID: 216 ( 456) C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PID: 280 ( 996) C:\Program Files\Sony\giga pocket\ReserveModule.exe
PID: 328 ( 996) C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
PID: 332 ( 456) c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
PID: 336 ( 4) \SystemRoot\System32\smss.exe
PID: 388 ( 336) \??\C:\WINDOWS\system32\csrss.exe
PID: 412 ( 336) \??\C:\WINDOWS\system32\winlogon.exe
PID: 456 ( 412) C:\WINDOWS\system32\services.exe
PID: 468 ( 412) C:\WINDOWS\system32\lsass.exe
PID: 472 ( 456) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 576 ( 608) C:\WINDOWS\System32\wbem\wmiprvse.exe
PID: 608 ( 456) C:\WINDOWS\system32\svchost.exe
PID: 668 ( 456) C:\WINDOWS\system32\svchost.exe
PID: 708 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 756 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 780 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 796 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 996 ( 972) C:\WINDOWS\Explorer.EXE
PID: 1080 ( 456) C:\WINDOWS\system32\spoolsv.exe
PID: 1180 ( 996) C:\Program Files\Google\ggviewer67-48.exe
PID: 1200 ( 996) C:\PROGRA~1\mcafee.com\agent\mcagent.exe
PID: 1256 ( 996) C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
PID: 1284 ( 708) C:\WINDOWS\system32\wuauclt.exe
PID: 1288 ( 996) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 1360 (1256) c:\progra~1\mcafee.com\vso\mcvsescn.exe
PID: 1432 ( 996) C:\PAPRPORT\FBDirect.exe
PID: 1440 ( 996) C:\PAPRPORT\pptd40nt.exe
PID: 1492 ( 996) C:\WINDOWS\LTSMMSG.exe
PID: 1500 ( 996) C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
PID: 1524 ( 996) C:\WINDOWS\System32\ezSP_Px.exe
PID: 1564 ( 996) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PID: 1572 ( 996) C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
PID: 1584 ( 996) C:\WINDOWS\AGRSMMSG.exe
PID: 1592 ( 996) thguard.exe
PID: 1652 ( 996) C:\WINDOWS\system32\ctfmon.exe
PID: 1660 ( 996) C:\PAPRPORT\PPWebCap.exe
PID: 1672 ( 996) C:\WINDOWS\system32\RUNDLL32.EXE
PID: 1680 ( 996) C:\Program Files\Messenger\msmsgs.exe
PID: 1704 ( 996) C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
PID: 1732 ( 996) C:\Program Files\America Online 9.0a\aoltray.exe
PID: 1744 ( 996) C:\Program Files\sony\giga pocket\usbsircs.exe
PID: 1808 ( 280) C:\Program Files\sony\giga pocket\gps.exe
PID: 1932 ( 608) c:\progra~1\mcafee.com\vso\mcvsftsn.exe
PID: 2024 ( 996) C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
PID: 2112 ( 608) C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe
PID: 2124 ( 456) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PID: 2220 ( 456) C:\WINDOWS\System32\nvsvc32.exe
PID: 2276 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 2344 ( 456) C:\WINDOWS\system32\wdfmgr.exe
PID: 2384 ( 456) C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
PID: 2472 ( 456) C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
PID: 2504 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
PID: 2528 ( 456) C:\Program Files\Sony\giga pocket\GPVSvr.exe
PID: 2612 ( 456) C:\WINDOWS\system32\fxssvc.exe
PID: 2640 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
PID: 2676 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PID: 2728 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
PID: 2772 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PID: 2820 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PID: 3316 ( 456) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
PID: 3580 ( 996) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 3692 ( 456) C:\WINDOWS\System32\alg.exe
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 5/22/2005 10:24:11 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.rushconsulting.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.sony.com/vaiopeople
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *
Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*