win32.agent.wsg false positive?

[dddsl]

Hello, I'm new here, so I'm following the guide on reporting false positives. ( http://forums.spybot.info/showthread.php?t=19117 )

I had w32.sillydc deleted by Symantec antivirus from my flash drive earlier today. After the deletion I ran a full system scan with Symantec, Spybot and Ad-aware, and nothing showed up, before and after rebooting.

However if I right click the drive--> scan with Spybot, then the "malware" section indicates nothing found, while the "heuristic" section indicates Win32.Agent.wsg. After the scan, no option is given except "close". This occurs on every file on the drive. For that matter, I get the same result for every file and folder I scan on the whole machine.

I am running...

Windows Vista Home Premium, Service Pack 2
Spybot S&D 1.6.2.46, updated 11 Nov 2009

Thanks in advance for the help.

I am not sure if all of this is needed, but here is the Spybot report I just generated:


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi
2009-11-10 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-11-03 Includes\Dialer.sbi
2009-10-13 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-10-27 Includes\HijackersC.sbi
2009-10-20 Includes\Keyloggers.sbi
2009-10-20 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-11-10 Includes\Malware.sbi
2009-11-10 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-10-20 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-11-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-11-03 Includes\Spyware.sbi
2009-11-10 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-11-10 Includes\Trojans.sbi
2009-11-10 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Acrobat Assistant 8.0
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627

Located: HK_LM:Run, Ad-Watch
command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 27C529793ACDFCC3E510346CC36A7C4D

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 107112
MD5: 7AFDC3C713253451CD1F3C809903018B

Located: HK_LM:Run, dscactivate
command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
file: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
size: 16384
MD5: 267B3A856E9F4DB1CABD4E6DB71E07D2

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13535776
MD5: 7522597DD61F651A95A471D798E08304

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 92704
MD5: C1E17F8DF7524B454E57A0C887307403

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 417792
MD5: 8CBD57D84729DEBEE1E83CB5FA3E3D7A

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4907008
MD5: B503285B5D1CAC5AE445D60C690DCFF9

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 134808
MD5: 62F305095A75FB319D1D91DA9D4083E6

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_CU:Run, Google Update
where: S-1-5-21-761456651-567573979-1309722654-1000...
command: "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-761456651-567573979-1309722654-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: Startup (common), Digital Line Detect.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 50688
MD5: F03FFC962E18F36A922E61F96BE09925

Located: Startup (user), Adobe Gamma.lnk
where: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 10:08:42 PM
Date (last access): 7/23/2009 10:14:24 PM
Date (last write): 10/22/2006 10:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 6/20/2008 1:16:08 PM
Date (last access): 2/23/2009 2:24:06 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 2/12/2009 2:19:32 PM
Date (last access): 6/6/2009 1:33:56 PM
Date (last write): 2/12/2009 2:19:32 PM
Filesize: 2217848
Attributes: archive
MD5: A6B5A41C0ED007AB6C43CAD899E533D8
CRC32: BA078F79
Version: 12.0.6421.1000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 7/22/2008 12:36:10 PM
Date (last access): 6/10/2072 1:32:34 AM
Date (last write): 6/10/2008 3:27:02 AM
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6

{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 10/20/2009 3:08:44 PM
Date (last access): 10/20/2009 3:08:44 PM
Date (last write): 5/10/2007 10:47:04 PM
Filesize: 321120
Attributes: archive
MD5: FF29E3FB75E7726EE002B65A9F2D4A6E
CRC32: 1831F50E
Version: 8.1.0.0

{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Browser Address Error Redirector)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Browser Address Error Redirector
CLSID name: CBrowserHelperObject Object
Path: C:\Program Files\Dell\BAE\
Long name: BAE.dll
Short name:
Date (created): 11/9/2006 9:56:48 AM
Date (last access): 2/8/2008 6:04:00 AM
Date (last write): 11/9/2006 9:56:48 AM
Filesize: 98304
Attributes: archive
MD5: 1A4F60EF6DA38621F1091B0CB0FA2C09
CRC32: 54D81822
Version: 1.2.0.3



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 1:32:34 AM
Date (last access): 6/10/2072 1:32:34 AM
Date (last write): 6/10/2008 3:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_04\bin\
Long name: ssv.dll
Short name:
Date (created): 7/17/2008 4:02:54 PM
Date (last access): 12/14/2007 12:59:16 AM
Date (last write): 12/14/2007 2:42:36 AM
Filesize: 509328
Attributes: archive
MD5: F10499962C264BB9E7CBBB9C4A428567
CRC32: DAE43815
Version: 6.0.40.12

{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_04
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_04\bin\
Long name: ssv.dll
Short name:
Date (created): 7/17/2008 4:02:54 PM
Date (last access): 12/14/2007 12:59:16 AM
Date (last write): 12/14/2007 2:42:36 AM
Filesize: 509328
Attributes: archive
MD5: F10499962C264BB9E7CBBB9C4A428567
CRC32: DAE43815
Version: 6.0.40.12

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 1:32:34 AM
Date (last access): 6/10/2072 1:32:34 AM
Date (last write): 6/10/2008 3:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 1:32:34 AM
Date (last access): 6/10/2072 1:32:34 AM
Date (last write): 6/10/2008 3:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6



--- Process list ---
PID: 3628 (1188) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 3636 (1168) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 3756 (3620) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 4020 (3756) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 4040 (3756) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 107112
MD5: 7AFDC3C713253451CD1F3C809903018B
PID: 4048 (3756) C:\Program Files\Symantec AntiVirus\VPTray.exe
size: 134808
MD5: 62F305095A75FB319D1D91DA9D4083E6
PID: 4064 (3756) C:\Windows\RtHDVCpl.exe
size: 4907008
MD5: B503285B5D1CAC5AE445D60C690DCFF9
PID: 2864 (3756) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 2940 (3756) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 27C529793ACDFCC3E510346CC36A7C4D
PID: 2676 (3756) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B
PID: 2500 (3756) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627
PID: 3180 (3756) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 2472 (3756) C:\Program Files\Digital Line Detect\DLG.exe
size: 50688
MD5: F03FFC962E18F36A922E61F96BE09925
PID: 3492 ( 896) C:\Windows\System32\mobsync.exe
size: 95744
MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827
PID: 1700 (3756) C:\Program Files\Spybot - Search & Destroy\SDFiles.exe
size: 1757696
MD5: 8F70F2CCE1DEF20016B53A8D217FA3B5
PID: 2908 (3756) C:\Program Files\Opera\opera.exe
size: 832296
MD5: A8D0C53E5FFE77EFA240F89E1A9EBB66
PID: 2980 (2908) C:\Users\Dan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
size: 83440
MD5: CEC56AD97AD37558BD9D5BC08911C409
PID: 1684 (3756) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 440 ( 4) smss.exe
size: 64000
PID: 588 ( 576) csrss.exe
size: 6144
PID: 640 ( 632) csrss.exe
size: 6144
PID: 648 ( 576) wininit.exe
size: 96768
PID: 684 ( 648) services.exe
size: 279552
PID: 712 ( 632) winlogon.exe
size: 314368
PID: 736 ( 648) lsass.exe
size: 9728
PID: 744 ( 648) lsm.exe
size: 229888
PID: 896 ( 684) svchost.exe
size: 21504
PID: 940 ( 684) nvvsvc.exe
size: 118784
PID: 976 ( 684) svchost.exe
size: 21504
PID: 1024 ( 684) svchost.exe
size: 21504
PID: 1112 ( 684) svchost.exe
size: 21504
PID: 1168 ( 684) svchost.exe
size: 21504
PID: 1188 ( 684) svchost.exe
size: 21504
PID: 1272 (1112) audiodg.exe
size: 88576
PID: 1296 ( 684) svchost.exe
size: 21504
PID: 1312 ( 684) SLsvc.exe
size: 3408896
PID: 1416 ( 940) rundll32.exe
size: 44544
PID: 1476 ( 684) svchost.exe
size: 21504
PID: 1588 ( 684) svchost.exe
size: 21504
PID: 1704 ( 684) ccSvcHst.exe
PID: 1828 ( 684) AAWService.exe
PID: 1960 ( 684) spoolsv.exe
size: 127488
PID: 1984 ( 684) svchost.exe
size: 21504
PID: 636 ( 684) AERTSrv.exe
size: 77824
PID: 832 ( 684) svchost.exe
size: 21504
PID: 1044 ( 684) DefWatch.exe
PID: 1248 ( 684) svchost.exe
size: 21504
PID: 1608 ( 684) RoxWatch9.exe
PID: 544 ( 684) svchost.exe
size: 21504
PID: 2112 ( 684) Rtvscan.exe
PID: 2152 ( 684) svchost.exe
size: 21504
PID: 2196 ( 684) SearchIndexer.exe
size: 441344
PID: 2304 ( 684) XAudio.exe
PID: 2328 (1168) WUDFHost.exe
size: 142336
PID: 2400 ( 684) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2612 ( 896) unsecapp.exe
PID: 2720 ( 896) WmiPrvSE.exe
PID: 1376 (1188) taskeng.exe
size: 169984
PID: 2820 ( 684) FNPLicensingService.exe
PID: 3548 ( 684) svchost.exe
size: 21504
PID: 3572 (3756) VPC32.exe
PID: 3316 (2196) SearchProtocolHost.exe
size: 185344
PID: 3416 (2196) SearchFilterHost.exe
size: 87552


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/12/2009 3:04:45 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/ig/dell?hl=en&...us&ibd=2080208
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.google.com/ig/dell?hl=en&...us&ibd=2080208
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: Parental Controls LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {0127C6A4-4137-4647-B44F-404595680D9E}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 1: Parental Controls LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {832C5250-8049-4CDB-B14D-75F4C97B4A7E}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 2: Parental Controls LSP over [MSAFD Tcpip [TCP/IPv6]]
GUID: {37C06117-8CFB-454C-A876-1CFBDA1BBE26}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 3: Parental Controls LSP over [MSAFD Tcpip [UDP/IPv6]]
GUID: {0A144466-8B6E-4C4D-AD92-5B2A51AD4535}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 4: Parental Controls LSP over [RSVP TCPv6 Service Provider]
GUID: {3484D8EB-45BD-4E92-80EE-42D54BA0DAD5}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 5: Parental Controls LSP over [RSVP TCP Service Provider]
GUID: {3A2D56C0-482E-4D75-B156-8F893AD0827C}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 6: Parental Controls LSP over [RSVP UDPv6 Service Provider]
GUID: {23555782-B726-4B80-B756-BD524B0A7F2A}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 7: Parental Controls LSP over [RSVP UDP Service Provider]
GUID: {D54CAE1C-188E-439C-A177-B87254A04A57}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 8: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 9: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 10: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 11: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 12: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 13: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 14: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 15: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 16: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 17: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 18: Parental Controls LSP
GUID: {572F18CF-62F6-4456-BE0E-AF2D8FDBCE0B}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0B43C96-8792-4B9A-BC80-AB884F889080}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0B43C96-8792-4B9A-BC80-AB884F889080}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DC74B8E0-FEA9-490A-98D6-5B90779AC3F6}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DC74B8E0-FEA9-490A-98D6-5B90779AC3F6}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8FE96F39-D003-4327-8CE6-B438F7AA7FF5}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8FE96F39-D003-4327-8CE6-B438F7AA7FF5}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{475AAFD1-557C-4618-B1E6-32ADDB7E7CB4}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{475AAFD1-557C-4618-B1E6-32ADDB7E7CB4}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E0B43C96-8792-4B9A-BC80-AB884F889080}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E0B43C96-8792-4B9A-BC80-AB884F889080}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

[Yodama]

Hello,

this is an error of the heuristics scan, please ignore heuristic scan results for Win32.Agent.wsg until the next detection update.

[dddsl]

Thank you!

[Jarava]

Hello,

this is an error of the heuristics scan, please ignore heuristic scan results for Win32.Agent.wsg until the next detection update.

I scanned a file I downloaded from microsoft called SDelete an the heuristics said the zip file I scanned was infected by Win32.Agent.wsg

Is this a false positive also or is it something different? I uploaded the file to VirusTotal and Jotti Scan and they found nothing. Only spybot s&d found something with it's heruistics.

Here's where I got SDelete.
http://technet.microsoft.com/en-us/s.../bb897443.aspx


-EDIT-
I just made a compressed zip folder an didn't put anything in it and scanned it with spybot just to see if it would pick it up with it too because of being zip. It came up with the same thing with heuristics.

[dgmiller]

Thanks Yodama, for that advice about the Spybot heuristics result showing win32.agent.wsg, which I have also just noted from a Spybot scan of my Desktop folder. However, I did this because I also had a corrupted desktop/activation so am still suspicious of what is going on....

[sfled]

Hi, new guy here. Long-time lurker, first-time poster.

So, yes, I get the positive in the heuristic scan for win32.agent.wsg on all files thus far scanned with S&D contextual-menu scan on a couple of the machines in my small home network:

a) 2003 Server SP2 Retail - Positive
b) XP Pro V.2002 SP3 OEM - Positive
c) XP Pro V.2002 SP3 Retail - Negative
d) Vista Business SP1 Retail - Negative
e) XP Pro Retail SP3 -Negative
f) XP Media Center SP3 OEM - Negative

Some observations:
Running the S&D contextual scan from a POSITIVE PC to scan a shared file on a NEGATIVE machine returns a POSITIVE for win32.agent.wsg.

Running the S&D contextual scan from a NEGATIVE PC to scan a shared file on a POSITIVE machine returns a NEGATIVE for win32.agent.wsg.

In other words, machines that do not show a win32.agent.wsg infection do not show it on other machines. And vice-versa.

The software installed on 'b' and 'f' is nearly identical. THe rest of the machines are all over the place. The only aftermarket stuff on machine 'a' (the server) is S&D and EZTrust AV.

Hope this helps.

Ed

[StormyMorning]

I just dl'd Bandwidth Usage Monitor from bitsdujour to try before the promo date from here:
http://www.bitsdujour.com/software/b...usage-monitor/

The zip is clean according to scans I just did with Avira antivir, SuperAntispyware and A-Squared, but spybot shows this same heuristic finding.
I submitted to virustotal & shows as completely clean.

http://www.virustotal.com/analisis/b...9f7-1258563582

[StormyMorning]

I posted this info on the comments section of bitsdujour for this software.

[sfled]

Hi, new guy here. Long-time lurker, first-time poster.

So, yes, I get the positive in the heuristic scan for win32.agent.wsg on all files thus far scanned with S&D contextual-menu scan on a couple of the machines in my small home network... blah-blah-blah.

The 2009-11-18 update cleared everything up. for playing!

Ed

[StormyMorning]

I'm glad that's straightened out! thankyou!