I have the entry "mr20.dll", among others, showing up in the LSP window described as a Tcpip entry. When doing a Google it comes back as a Trojan\Backdoor. However when I removed it I lost the Internet. I used Winsockfix to restore my connection....it also restored mr20.dll. Scans with A-Squared, AdAware, Sptbot S&D, and NOD32 show clean. Also a search with hidden and protected files showing turns up nothing. Suggestions?

-{ Quote: "I have the entry "mr20.dll", " }-
Is it in windows startup?

-{ Quote: "Is it in windows startup?" }-


Nope. That is whats so strange. It shows up no where else. Did a files and folders search with all showing. All so did a registry search. As well as scanned with the above mentioned apps. Even dowmloaded\updated and ran Prevx. Everything came up blank.

If at some point you can find mr20.dll, and anything else that's possibly dodgy, and copy them into a new folder, i would be very interested in having a look at them. If so please PM me and let me know. Make sure you exclude the folder from any scans though.

Right now i would try a few online scans and see if they turn up anything

http://www.kaspersky.com/kos/english/kavwebscan.html

http://www.bitdefender.com/scan8/ie.html

http://www.ewido.net/en/

Also worth having, if only for the many useful tools/plug-ins, is Adaware. One in particular that's applicable to your situation, and could prove to be helpful as it gives you a huge list of almost, if not everything in there, is LSP Explorer. Of course you will need to install Adaware first !
_________________________

-{ Quote: "Layered Service Providers (LSP) are small pieces of software that can be added or inserted into the Windows TCP/IP handler by other software. Data outward bound from your computer to a legitimate destination on the Internet can be intercepted by an LSP and sent somewhere other than where you intend it to go. LSP Explorer lets you view active LSP and Name Service Providers on your system, along with detailed information about each so you can determine whether or not they're legitimate. Access LSP Explorer can be run directly from the Add-ons menu. LSP Explorer works with all versions of Ad-Aware." }-
http://www.lavasoftusa.com/software/addons/lspexplorer.shtml

In case you ever need it, here's another good repair utility.

LSP-Fix

Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access.

http://www.cexx.org/lspfix.htm


StevieO

-{ Quote: "If at some point you can find mr20.dll, and anything else that's possibly dodgy, and copy them into a new folder, i would be very interested in having a look at them. If so please PM me and let me know. Make sure you exclude the folder from any scans though." }-

If I can find it you are welcome to it.

-{ Quote: "Right now i would try a few on line scans and see if they turn up anything

http://www.kaspersky.com/kos/english/kavwebscan.html

http://www.bitdefender.com/scan8/ie.html

http://www.ewido.net/en/" }-

All scans come up negative.

-{ Quote: "Also worth having, if only for the many useful tools/plug-ins, is Adaware. One in particular that's applicable to your situation, and could prove to be helpful as it gives you a huge list of almost, if not everything in there, is LSP Explorer. Of course you will need to install Adaware first !" }-

Already have it installed with all plugins. Checking out some of the entries now.

-{ Quote: "In case you ever need it, here's another good repair utility.

LSP-Fix

Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access.

http://www.cexx.org/lspfix.htm


StevieO" }-

Have it already as well. That is how I found the item in question. When I had LSP remove it I lost the Internet. Ran Winsock fix to get it back. Unfortunately mr29.dll returned as well.

Did some tracking down with LSP explorer. Guess it is time for stronger glasses. It turns out to be "rnr20.dll" not "mr20.dll". :-[ "rnr.dll" is a legit MS TCP\IP entry. Feel good my defenses have not been compromised, feel like an a$$ for the mistake. Thanks for the assist just the same. ;D