Spy Sweeper is flagging a potential Spybot file- Browswer Helper Object flagged that a BHO is being installed in Internet Explorer.

Error Message:
TEATIMER.EXE is attempting to install a broswer add-on.

I am aware of SDHelper, but not this one. Please advise.

Update... Once teatimer has been turn off, via Spybot, then the message from Spysweeper is no longer coming up. I am being very careful and asking about this one as the person I am helping mistakenly loaded AdwareAlert. Spybot indicates that AdwareAlert is a pirated copy of Spybot with the intent to spread malware. With knowing this, it is important to make sure this teatimer.exe does in fact belongs to Spybot. I would have expected teatimer.exe to be a startup function and not flagged as BHO. The fact that Spysweeper message is not coming up once turned off in Spybot makes me think that Spysweeper is mislabeling it…. But there is a chance that AdwareAlert is using this.

Any thoughts/directions/advice would be very appreciated.

Hello,


Open SpyBot
Check for problems
Switch Spybot S&D to advanced mode
Navigate to tools - view report
Click "view report"
Click "export" to save the report to a text file and attach it here


Best regards.

It creates a text file that is 39 kb (exceeding the limit), so I had to insert it in two parts. I hope this will work. If not, please let me know what steps I need to take and I will do it right away.

Thank you for your help!


--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-02-09 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-02-20 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-02-20 Includes\DialerC.sbi (*)
2008-02-20 Includes\HeavyDuty.sbi (*)
2008-02-20 Includes\Hijackers.sbi (*)
2008-02-20 Includes\HijackersC.sbi (*)
2008-02-20 Includes\Keyloggers.sbi (*)
2008-02-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-02-20 Includes\Malware.sbi (*)
2008-02-20 Includes\MalwareC.sbi (*)
2008-02-20 Includes\PUPS.sbi (*)
2008-02-20 Includes\PUPSC.sbi (*)
2008-02-20 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-02-20 Includes\SecurityC.sbi (*)
2008-02-20 Includes\Spybots.sbi (*)
2008-02-20 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-02-20 Includes\Trojans.sbi (*)
2008-02-20 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6000) (6.0.6000)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C

Located: HK_LM:Run, Corel Photo Downloader
command: C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, dscactivate
command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
file: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
size: 16384
MD5: 267B3A856E9F4DB1CABD4E6DB71E07D2

Located: HK_LM:Run, ECenter
command: c:\dell\E-Center\EULALauncher.exe
file: c:\dell\E-Center\EULALauncher.exe
size: 17920
MD5: BCB30677F086E0E84CFD22D1FEFF9BDB

Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 1862144
MD5: 472064F37E86B1361F01308441D21F52

Located: HK_LM:Run, IAAnotif
command: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
file: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
size: 151552
MD5: D2CA35A3F711E613D9399845CE9302FA

Located: HK_LM:Run, ISUSPM Startup
command: "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: 9ABF687071C649609BF7E177062A9008

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: FF3BF05021BFECC92DB81B8257EEB026

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\Windows\KHALMNPR.EXE
size: 94208
MD5: FFDE5245589FFA24C5075203D2A9C314

Located: HK_LM:Run, LogitechCommunicationsManager
command: "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
file: C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
size: 480816
MD5: 57746505F27BFE21D3BC74BCA6B1904C

Located: HK_LM:Run, NvCplDaemon
command: "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4B555106290BD117334E9A08761C035A

Located: HK_LM:Run, NvMediaCenter
command: "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4B555106290BD117334E9A08761C035A

Located: HK_LM:Run, NvSvc
command: "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4B555106290BD117334E9A08761C035A

Located: HK_LM:Run, osCheck
command: "C:\Program Files\Norton Internet Security\osCheck.exe"
file: C:\Program Files\Norton Internet Security\osCheck.exe
size: 22696
MD5: 9F9169BA9B0E44B6C86A5247CEC2CDEE

Located: HK_LM:Run, SigmatelSysTrayApp
command: sttray.exe
file: C:\Windows\sttray.exe
size: 303104
MD5: 733DA847D5C3E32C40BA831BEAA8DC93

Located: HK_LM:Run, SpySweeper
command: "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
file: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
size: 5367664
MD5: 2B0B8C29092FB420826F5A8FD02DC081

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9C1C80BBF8E6044980890E2D2D91091C

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: DEB2A99C1AD9B9190C78E895AE60A745

Located: HK_LM:Run, UpdReg
command: C:\Windows\UpdReg.EXE
file: C:\Windows\UpdReg.EXE
size: 90112
MD5: C419DF63E0121D72411285780C2FC6CC

Located: HK_LM:Run, VolPanel
command: "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
file: C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
size: 180224
MD5: CDA2001978A4C967C41A1C7CF79E1815

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77

Located: HK_CU:Run, DellSupport
where: S-1-5-21-3202169981-310995558-3244067593-1000...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 446976
MD5: CC4413981C4F1234E6E884DFF8B99C03

Located: HK_CU:Run, DellSupportCenter
where: S-1-5-21-3202169981-310995558-3244067593-1000...
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-3202169981-310995558-3244067593-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A

Located: HK_CU:Run, LDM
where: S-1-5-21-3202169981-310995558-3244067593-1000...
command: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 32768
MD5: 5588812731C64305F2579DD8215037E0

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-3202169981-310995558-3244067593-1000...
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-3202169981-310995558-3244067593-1000...
command: "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B

Located: HK_CU:Run, MsnMsgr (DISABLED)
where: S-1-5-21-3202169981-310995558-3244067593-1000...
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60

Located: Startup (common), Digital Line Detect.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 45056
MD5: 66B8C84DF54555782CE61E393A1B67B1

Located: Startup (common), hpoddt01.exe.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
size: 28672
MD5: A564A22308A3F55235BA2478EE82992D

Located: Startup (common), Logitech Desktop Messenger.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 450560
MD5: 9C964C7C72FD732B1A0EEC80421EDAED

Located: Startup (common), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 593920
MD5: F11CA562270B3802DBCD51EA9F4731BA

Located: WinLogon, GoToAssist
command: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
file: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} (Ask Search Assistant BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Ask Search Assistant BHO
Path: C:\Program Files\AskSBar\SrchAstt\1.bin\
Long name: A2SRCHAS.DLL
Short name:
Date (created): 10/21/2007 4:12:12 PM
Date (last access): 10/21/2007 4:12:12 PM
Date (last write): 10/21/2007 4:12:12 PM
Filesize: 66912
Attributes: archive
MD5: 2F19F535F88BEE3AF522BD28478C019E
CRC32: 77B4EC1E
Version: 1.1.0.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 2/11/2008 6:08:54 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\
Long name: NppBHO.dll
Short name:
Date (created): 12/5/2006 7:54:56 PM
Date (last access): 5/24/2007 11:01:26 AM
Date (last write): 12/5/2006 7:54:56 PM
Filesize: 96984
Attributes: readonly archive
MD5: 57E8CF524AFF1D945AABD65B9AAA8075
CRC32: EA607DA7
Version: 2007.1.3.6

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 2/9/2008 6:17:54 PM
Date (last access): 2/9/2008 6:17:54 PM
Date (last write): 1/28/2008 11:43:28 AM
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 8/31/2006 7:33:06 PM
Date (last access): 6/28/2007 3:35:30 PM
Date (last write): 8/31/2006 7:33:06 PM
Filesize: 322368
Attributes: archive
MD5: E43F7CFDEE2B00A22C96C168147B20D3
CRC32: 2AEACC43
Version: 4.100.313.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 5/24/2007 11:03:46 AM
Date (last access): 5/24/2007 11:03:46 AM
Date (last write): 5/24/2007 11:03:46 AM
Filesize: 2193280
Attributes: readonly archive
MD5: B6B99ED927A26A88A4BFC258A30A6DB4
CRC32: 72CDBC2C
Version: 4.0.1306.3130

{CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: CBrowserHelperObject Object
Path: C:\Program Files\BAE\
Long name: BAE.dll
Short name:
Date (created): 5/24/2007 11:03:30 AM
Date (last access): 5/24/2007 11:03:30 AM
Date (last write): 3/16/2007 2:20:26 AM
Filesize: 98304
Attributes: archive
MD5: 1A4F60EF6DA38621F1091B0CB0FA2C09
CRC32: 54D81822
Version: 1.2.0.3

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (Ask Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Ask Toolbar BHO
Path: C:\Program Files\AskSBar\bar\1.bin\
Long name: ASKSBAR.DLL
Short name:
Date (created): 10/21/2007 4:12:12 PM
Date (last access): 10/21/2007 4:12:12 PM
Date (last write): 10/21/2007 4:12:12 PM
Filesize: 267592
Attributes: archive
MD5: AA0B5AFB2F92F16831A9D34D818FA174
CRC32: 20387C5A
Version: 2.3.0.11

2nd part...


--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 10/11/2007 2:12:48 PM
Date (last access): 10/11/2007 2:12:48 PM
Date (last write): 10/11/2007 2:12:48 PM
Filesize: 1468968
Attributes: archive
MD5: FC6680B6D4812D017109518AC07DED0E
CRC32: 4DC7C79C
Version: 1.7.59.1

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\Windows\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 1/15/2008 10:12:38 PM
Date (last access): 1/15/2008 10:12:38 PM
Date (last write): 1/15/2008 10:12:38 PM
Filesize: 312680
Attributes: archive
MD5: 888798ADCF17BEF44219A7CC910B8FC8
CRC32: 36D46E76
Version: 2006.2.22.58

{512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class)
DPF name:
CLSID name: TotalScan Installer Class
Installer: C:\Windows\Downloaded Program Files\CONFLICT.1\ascstubie.inf
Codebase: http://www.nanoscan.com/as/cabs/ascstubie.cab
description:
classification: Legitimate
known filename: ascstubie.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\CONFLICT.1\
Long name: ascstubie.dll
Short name: ASCSTU~1.DLL
Date (created): 8/21/2007 2:37:26 PM
Date (last access): 8/21/2007 2:37:26 PM
Date (last write): 8/21/2007 2:37:26 PM
Filesize: 124208
Attributes: archive
MD5: 0AD87599756B34C0214AFCE961E78DD5
CRC32: EA254381
Version: 1.0.0.7

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\Windows\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 1/15/2008 10:12:48 PM
Date (last access): 1/15/2008 10:12:48 PM
Date (last write): 1/15/2008 10:12:48 PM
Filesize: 296336
Attributes: archive
MD5: B64C2F3609301D0FA2BBABFB5799890C
CRC32: 246BD9BB
Version: 2006.2.15.43

{8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class)
DPF name:
CLSID name: NanoInstaller Class
Installer: C:\Windows\Downloaded Program Files\nanoinst.inf
Codebase: http://www.nanoscan.com/cabs/nanoinst.cab
Path: C:\Windows\Downloaded Program Files\
Long name: NanoInst.dll
Short name:
Date (created): 9/11/2007 1:49:28 PM
Date (last access): 9/11/2007 1:49:28 PM
Date (last write): 9/11/2007 1:49:28 PM
Filesize: 38280
Attributes: archive
MD5: 4BEEB9E3A93CF218602A7A9AE21EDCA7
CRC32: FD77ABF2
Version: 2.2.0.5

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 2/22/2007 11:41:12 PM
Date (last access): 2/22/2007 11:41:12 PM
Date (last write): 2/22/2007 11:41:12 PM
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 12/26/2007 1:39:06 PM
Date (last access): 9/24/2007 11:31:44 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 12/26/2007 1:39:06 PM
Date (last access): 9/24/2007 11:31:44 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 12/26/2007 1:39:06 PM
Date (last access): 9/24/2007 11:31:44 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 12/26/2007 1:39:06 PM
Date (last access): 9/24/2007 11:31:44 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Installer: C:\Windows\Downloaded Program Files\mcfscan.inf
Codebase: http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5219/mcfscan.cab
description:
classification: Legitimate
known filename: mcfscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 1/30/2008 9:44:46 AM
Date (last access): 1/30/2008 9:44:46 AM
Date (last write): 1/30/2008 9:44:46 AM
Filesize: 156984
Attributes: archive
MD5: 0C6D0F532075B5D9FA86EA63713FDFD7
CRC32: 9923E15D
Version: 2.2.0.5219



--- Process list ---
PID: 3696 (1144) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 3704 (1120) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 3756 (3664) C:\Windows\Explorer.EXE
size: 2923520
MD5: 6D06CD98D954FE87FB2DB8108793B399
PID: 4068 (3756) C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77
PID: 2260 (3756) C:\Windows\sttray.exe
size: 303104
MD5: 733DA847D5C3E32C40BA831BEAA8DC93
PID: 2436 (3756) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
size: 151552
MD5: D2CA35A3F711E613D9399845CE9302FA
PID: 2600 (4076) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 2696 (3756) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: FF3BF05021BFECC92DB81B8257EEB026
PID: 2820 (3756) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C
PID: 3340 (3756) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 1862144
MD5: 472064F37E86B1361F01308441D21F52
PID: 3408 (3756) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
size: 180224
MD5: CDA2001978A4C967C41A1C7CF79E1815
PID: 3732 (3756) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9C1C80BBF8E6044980890E2D2D91091C
PID: 3896 (3756) C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
size: 480816
MD5: 57746505F27BFE21D3BC74BCA6B1904C
PID: 3500 (3756) C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
size: 5367664
MD5: 2B0B8C29092FB420826F5A8FD02DC081
PID: 1132 (3756) C:\Program Files\DellSupport\DSAgnt.exe
size: 446976
MD5: CC4413981C4F1234E6E884DFF8B99C03
PID: 1100 (3756) C:\Windows\ehome\ehtray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A
PID: 1016 (3756) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B
PID: 2708 (3756) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60
PID: 532 (3756) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA
PID: 2564 (3340) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 1862144
MD5: 472064F37E86B1361F01308441D21F52
PID: 1280 (3756) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 593920
MD5: F11CA562270B3802DBCD51EA9F4731BA
PID: 1456 ( 820) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 693E4C15CEE5D6487D7913A2701B5E40
PID: 4352 (1280) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
size: 94208
MD5: FFDE5245589FFA24C5075203D2A9C314
PID: 5060 (3756) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 196152
MD5: 40825ACFC23E0AD28DA1FC63F77E9825
PID: 5592 ( 820) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12037688
MD5: 1EEA7DD2F1EA6EFEF380B99A90228D2F
PID: 3664 ( 820) C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
size: 243248
MD5: 506FA18147A4135FC9D98AFEDAAC6F13
PID: 1408 ( 936) C:\Program Files\Internet Explorer\ieuser.exe
size: 301568
MD5: 7906D40BA8A6C8AC1586B1EF549319BA
PID: 5504 ( 936) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 9143C721DD6482374EFB35BC35944324
PID: 2664 ( 820) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
size: 115024
MD5: 44CDED85B91EEF32E9CBCA348371F6BB
PID: 5316 ( 820) C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
size: 218496
MD5: 55DAE09CBE5FE5E8EB2698107C18FD0D
PID: 4620 (3756) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 460 ( 4) smss.exe
size: 62976
PID: 540 ( 528) csrss.exe
size: 7680
PID: 584 ( 528) wininit.exe
size: 95744
PID: 592 ( 576) csrss.exe
size: 7680
PID: 628 ( 584) services.exe
size: 279552
PID: 640 ( 584) lsass.exe
size: 7680
PID: 648 ( 584) lsm.exe
size: 210944
PID: 716 ( 576) winlogon.exe
size: 308224
PID: 820 ( 628) svchost.exe
size: 22016
PID: 916 ( 628) svchost.exe
size: 22016
PID: 948 ( 628) svchost.exe
size: 22016
PID: 1052 ( 628) svchost.exe
size: 22016
PID: 1120 ( 628) svchost.exe
size: 22016
PID: 1144 ( 628) svchost.exe
size: 22016
PID: 1236 (1052) audiodg.exe
size: 88064
PID: 1272 ( 628) SLsvc.exe
size: 2605568
PID: 1328 ( 628) svchost.exe
size: 22016
PID: 1476 ( 628) svchost.exe
size: 22016
PID: 1576 ( 628) ccSvcHst.exe
PID: 1652 ( 628) AppSvc32.exe
PID: 1716 ( 628) aawservice.exe
PID: 1860 ( 628) spoolsv.exe
size: 124928
PID: 1888 ( 628) svchost.exe
size: 22016
PID: 2020 ( 628) CreativeLicensing.exe
PID: 1724 ( 628) CTSVCCDA.EXE
size: 44032
PID: 2032 ( 628) IAANTmon.exe
PID: 2052 ( 628) svchost.exe
size: 22016
PID: 2132 ( 628) sprtsvc.exe
PID: 2164 ( 628) stacsv.exe
size: 90112
PID: 2268 ( 628) svchost.exe
size: 22016
PID: 2296 ( 628) SpySweeper.exe
PID: 2536 ( 628) svchost.exe
size: 22016
PID: 2556 ( 628) SearchIndexer.exe
size: 287744
PID: 2612 ( 628) XAudio.exe
PID: 2652 ( 628) SDWinSec.exe
size: 810320
MD5: A0C00A6265949AC72AB51B711743CA6D
PID: 3096 (1144) taskeng.exe
size: 166400
PID: 3132 (1120) WUDFHost.exe
size: 143360
PID: 3832 ( 628) wmpnetwk.exe
PID: 6008 (2296) ssu.exe
PID: 2836 ( 628) symlcsvc.exe
PID: 3120 ( 628) VSSVC.exe
size: 924160
PID: 5508 ( 628) svchost.exe
size: 22016
PID: 5040 (1144) taskeng.exe
size: 166400


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2/24/2008 6:15:17 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070525
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896

3rd part...



--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CA5AFF38-D5EC-4BD7-A920-3AE47A793892}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CA5AFF38-D5EC-4BD7-A920-3AE47A793892}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CA5AFF38-D5EC-4BD7-A920-3AE47A793892}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CA5AFF38-D5EC-4BD7-A920-3AE47A793892}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Hello 787Infoquest,

This may be a Spy Sweeper false positive but one of our detectives will get back to you soon with more information.

I noticed there are old versions of Sun Java on the System, please see:
Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2)

Best regards. :)

Hello 787Infoquest,
Indeed there seems to be a problem with SpySweeper concerning the error you got. They seem to block all Browser Helper Objects that get installed on the computer. I will get in contact with SpySweeper and try to solve that issue.
Until the issue is solved you should be able to allow the Browser Helper Object when SpySweeper asks you what to do.

regards,
Markus

Thank you for looking into this and all your help. It just made me nervous when it was flagging the teatimer.exe, instead of the SDHelper, as a BHO, so I though I better check it out.

All your help and time is very much appreciated!