PDA

View Full Version : Fixed: eblast detected


patgann
2009-08-03, 04:21
I originally posted this in the malware removal forum and it was recommonded that I post it here as well. Here is my original post.

The last couple of days spybot has been detected eblast on my computer. I am wondering if it is a false positive as no other virus/spware scan finds it and the file it was under I sent to jottis online scanner and it came up as clean.

It came up under the windows/system32/dinput8.dll file

SBI ($3EA258E5) Library

That file does not seem to very commonly associated with this progam so I dont know if I should be very worried or not. Any help appreciated.

Here is the hgt log. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:59:12 p.m., on 31/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\GE\98706 Teclado Multimedio\KBDAP32A.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [DT HPW] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [FLMK08KB] "C:\Program Files\GE\98706 Teclado Multimedio\KbdAp32A.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Launcher] "C:\Windows\SMINST\launcher.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.vectorvest.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/...fslauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ast Service - Unknown owner - C:\Windows\system32\\AstSrv.exe (file missing)
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Unknown owner - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (file missing)
O23 - Service: Motor de Spy Sweeper de Webroot (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10263 bytes
patgann is online now Report Post Reply With Quote
patgann
2009-08-03, 04:38
I just realized I should have included the spybot report.

Here is the report with eblast.

Report generated: 2009-08-02 20:10 ---

EBlaster: [SBI $3EA258E5] Library (File, nothing done)
C:\Windows\System32\dinput8.dll
Properties.size=159232
Properties.md5=C204701A5D9F935B717DBCF9F59D7844
Properties.filedate=1200728044
Properties.filedatetext=2008-01-19 01:34:04


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-04-01 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-07-28 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-07-28 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-28 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-07-14 Includes\Malware.sbi (*)
2009-07-28 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-28 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-28 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-28 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-22 Includes\Trojans.sbi (*)
2009-07-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Here is a general report.

Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-04-01 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-07-28 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-07-28 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-07-28 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-07-28 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-07-14 Includes\Malware.sbi
2009-07-28 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-07-28 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-07-28 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-07-28 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-07-22 Includes\Trojans.sbi
2009-07-28 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C

Located: HK_LM:Run, DPService
command: "C:\Program Files\HP\DVDPlay\DPService.exe"
file: C:\Program Files\HP\DVDPlay\DPService.exe
size: 90112
MD5: 190107A7F297DF9CFC156CC6C0E0E5DF

Located: HK_LM:Run, DT HPW
command: "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
file: C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
size: 280064
MD5: 445C2BB252EFDACAC1AF042DEDB77BF9

Located: HK_LM:Run, FLMK08KB
command: "C:\Program Files\GE\98706 Teclado Multimedio\KbdAp32A.exe"
file: C:\Program Files\GE\98706 Teclado Multimedio\KbdAp32A.exe
size: 381440
MD5: 18DC210A1FB9A82186EEE98CE836552E

Located: HK_LM:Run, HotKeysCmds
command: "C:\Windows\system32\hkcmd.exe"
file: C:\Windows\system32\hkcmd.exe
size: 166424
MD5: 71FC5102BBB5690E7CB94F46643D499B

Located: HK_LM:Run, HP Health Check Scheduler
command: "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
file: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
size: 71176
MD5: 2D141D455A3F1BDAC97A08006ACD7B4B

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22

Located: HK_LM:Run, hpsysdrv
command: "c:\hp\support\hpsysdrv.exe"
file: c:\hp\support\hpsysdrv.exe
size: 65536
MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1

Located: HK_LM:Run, IAAnotif
command: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
file: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
size: 178712
MD5: 1992E7E8BC448CEBA62DC698098C0BD2

Located: HK_LM:Run, IgfxTray
command: "C:\Windows\system32\igfxtray.exe"
file: C:\Windows\system32\igfxtray.exe
size: 141848
MD5: B3C56D066BCBCD76CD837E3E4F90C6FC

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292136
MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0

Located: HK_LM:Run, LELA
command: "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
file: C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
size: 131072
MD5: 180BDB1F17FE41C8D8AEFE069A70CA2B

Located: HK_LM:Run, nmctxth
command: "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
file: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
size: 648504
MD5: E6A51806370DC61767CAE6DCD5F082A6

Located: HK_LM:Run, OsdMaestro
command: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
file: C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
size: 118784
MD5: B1361669BDC6ED612C35B7C67ADA2240

Located: HK_LM:Run, Persistence
command: "C:\Windows\system32\igfxpers.exe"
file: C:\Windows\system32\igfxpers.exe
size: 133656
MD5: C70EB732C5D8B81EFF69A9A1FE19C320

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF

Located: HK_LM:Run, RtHDVCpl
command: "C:\Windows\RtHDVCpl.exe"
file: C:\Windows\RtHDVCpl.exe
size: 4874240
MD5: 361CD47DC5BD83EE24407903233B0D9A

Located: HK_LM:Run, SpySweeper
command: "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
file: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
size: 6345840
MD5: EB8D09A4B351D8C9FE2EE5C523C33770

Located: HK_LM:Run, SunJavaUpdateReg
command: "C:\Windows\system32\jureg.exe" -delete
file: C:\Windows\system32\jureg.exe
size: 54936
MD5: 4F89DD4EA74C66916E15A6E7D74A50B5

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: D22D936F9AB0DA3B8EB7537284867708

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:RunOnce, Launcher
command: "C:\Windows\SMINST\launcher.exe"
file: C:\Windows\SMINST\launcher.exe
size: 44168
MD5: 31539595F006DAE39F719735F30C3570

Located: HK_LM:RunOnce, SpybotDeletingA9345
command: "command.com" /c del "C:\Windows\System32\dinput8.dll"
file: C:\Windows\system32\command.com
size: 50648
MD5: BA597F9A4BB90F038266CE1A3C3BE3FB

Located: HK_LM:RunOnce, SpybotDeletingC1744
command: "cmd.exe" /c del "C:\Windows\System32\dinput8.dll"
file: C:\Windows\system32\cmd.exe
size: 318976
MD5: 74F26FC01B180D4A99A168ED69C30A53

Located: HK_CU:Run, AnyDVD
where: S-1-5-21-728468221-2364398259-2871844177-1000...
command: "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe"
file: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
size: 2931648
MD5: 8A4F57E82BBA0313A45CBAB397A71AB4

Located: HK_CU:Run, Google Update
where: S-1-5-21-728468221-2364398259-2871844177-1000...
command: "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9

Located: HK_CU:Run, Sidebar
where: S-1-5-21-728468221-2364398259-2871844177-1000...
command: "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-728468221-2364398259-2871844177-1000...
command: "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D

Located: HK_CU:RunOnce, SpybotDeletingB5884
where: S-1-5-21-728468221-2364398259-2871844177-1000...
command: "command.com" /c del "C:\Windows\System32\dinput8.dll"
file: C:\Windows\system32\command.com
size: 50648
MD5: BA597F9A4BB90F038266CE1A3C3BE3FB

Located: HK_CU:RunOnce, SpybotDeletingD9369
where: S-1-5-21-728468221-2364398259-2871844177-1000...
command: "cmd.exe" /c del "C:\Windows\System32\dinput8.dll"
file: C:\Windows\system32\cmd.exe
size: 318976
MD5: 74F26FC01B180D4A99A168ED69C30A53

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22/10/2006 11:08:42 p.m.
Date (last access): 02/08/2009 07:49:56 p.m.
Date (last write): 22/10/2006 11:08:42 p.m.
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Skype add-on (mastermind)
CLSID name: Skype add-on (mastermind)
Path: C:\Program Files\Skype\Toolbars\Internet Explorer\
Long name: SkypeIEPlugin.dll
Short name: SKYPEI~1.DLL
Date (created): 30/05/2008 02:54:16 p.m.
Date (last access): 02/08/2009 08:28:24 p.m.
Date (last write): 30/05/2008 02:54:16 p.m.
Filesize: 1410344
Attributes: archive
MD5: 46C05BEAD4EF4869A4D987CB85A416B5
CRC32: 0DADEB5B
Version: 2.2.0.181

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 27/07/2008 12:43:44 a.m.
Date (last access): 02/08/2009 08:02:28 p.m.
Date (last write): 26/01/2009 03:31:02 p.m.
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 04/06/2009 10:17:32 p.m.
Date (last access): 02/08/2009 08:28:24 p.m.
Date (last write): 21/05/2009 11:34:00 a.m.
Filesize: 41368
Attributes: archive
MD5: 192E39C717013A0BD532B33AC29D6E7D
CRC32: 6D4D2A2E
Version: 6.0.140.8



--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\Windows\Downloaded Program Files\QTPlugin.inf
Codebase: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 26/05/2009 05:18:52 p.m.
Date (last access): 02/08/2009 08:28:26 p.m.
Date (last write): 26/05/2009 05:18:52 p.m.
Filesize: 779568
Attributes: archive
MD5: 119F55DAE2859632F2DD950031CD0A3B
CRC32: 0FB7CD34
Version: 7.6.2.0

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\Windows\Downloaded Program Files\oscan8.inf
Codebase: http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\DOWNLO~1\
Long name: oscan8.ocx
Short name:
Date (created): 25/10/2007 04:54:18 p.m.
Date (last access): 02/08/2009 08:28:26 p.m.
Date (last write): 25/10/2007 04:54:18 p.m.
Filesize: 471040
Attributes: archive
MD5: BC4E154A06C9208EF36669B1B9E5FDAD
CRC32: DF08A08D
Version: 1.0.0.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 04/06/2009 10:17:32 p.m.
Date (last access): 02/08/2009 08:28:26 p.m.
Date (last write): 21/05/2009 11:34:00 a.m.
Filesize: 99736
Attributes: archive
MD5: 7702383BFB3FFE13451248747EABE0D3
CRC32: 18EC5764
Version: 6.0.140.8

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher)
DPF name:
CLSID name: F-Secure Online Scanner 4.0 Launcher
Installer: C:\Windows\Downloaded Program Files\fslauncher.inf
Codebase: http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
Path: C:\Windows\DOWNLO~1\
Long name: fslauncher.dll
Short name: FSLAUN~1.DLL
Date (created): 22/04/2009 06:05:50 p.m.
Date (last access): 02/08/2009 08:28:26 p.m.
Date (last write): 22/04/2009 06:05:50 p.m.
Filesize: 406640
Attributes: archive
MD5: 8EA4B1295339E7CC320D6FC971A356D3
CRC32: 00519F0A
Version: 1.0.0.1

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 04/06/2009 10:17:32 p.m.
Date (last access): 02/08/2009 08:28:26 p.m.
Date (last write): 21/05/2009 11:34:00 a.m.
Filesize: 99736
Attributes: archive
MD5: 7702383BFB3FFE13451248747EABE0D3
CRC32: 18EC5764
Version: 6.0.140.8

{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 04/06/2009 10:17:32 p.m.
Date (last access): 02/08/2009 08:28:26 p.m.
Date (last write): 21/05/2009 11:34:00 a.m.
Filesize: 99736
Attributes: archive
MD5: 7702383BFB3FFE13451248747EABE0D3
CRC32: 18EC5764
Version: 6.0.140.8

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 21/05/2009 09:35:24 a.m.
Date (last access): 02/08/2009 08:28:26 p.m.
Date (last write): 21/05/2009 11:34:00 a.m.
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash10a.ocx
Short name:
Date (created): 04/10/2008 09:16:26 p.m.
Date (last access): 02/08/2009 08:28:26 p.m.
Date (last write): 04/10/2008 09:16:26 p.m.
Filesize: 3789728
Attributes: readonly archive
MD5: 466C1355934925768822E380DA6E6E4A
CRC32: 48EC1E52
Version: 10.0.12.36

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} ()
DPF name:
CLSID name:
Installer: C:\ProgramData\webex\ieatgpc.inf
Codebase:
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\ProgramData\webex\
Long name: ieatgpc.dll
Short name:
Date (created): 12/12/2007 06:36:14 p.m.
Date (last access): 02/08/2009 08:28:26 p.m.
Date (last write): 12/12/2007 06:36:14 p.m.
Filesize: 98712
Attributes: archive
MD5: DA6B7E081853872B699DBC6C14DCEFDE
CRC32: FFB52863
Version: 2.1.0.2



--- Process list ---
PID: 3224 (1224) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 3284 (1188) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 3384 (3264) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 3116 (3384) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 3100 (3384) C:\hp\support\hpsysdrv.exe
size: 65536
MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
PID: 3112 (3384) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
size: 118784
MD5: B1361669BDC6ED612C35B7C67ADA2240
PID: 2152 (3384) C:\Windows\RtHDVCpl.exe
size: 4874240
MD5: 361CD47DC5BD83EE24407903233B0D9A
PID: 3540 (3384) C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
size: 280064
MD5: 445C2BB252EFDACAC1AF042DEDB77BF9
PID: 3152 (3384) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 3532 (3384) C:\Program Files\GE\98706 Teclado Multimedio\KBDAP32A.EXE
size: 381440
MD5: 18DC210A1FB9A82186EEE98CE836552E
PID: 3968 (3384) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
size: 178712
MD5: 1992E7E8BC448CEBA62DC698098C0BD2
PID: 1208 (3384) C:\Windows\System32\hkcmd.exe
size: 166424
MD5: 71FC5102BBB5690E7CB94F46643D499B
PID: 1148 (3384) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 1264 (3384) C:\Windows\System32\igfxpers.exe
size: 133656
MD5: C70EB732C5D8B81EFF69A9A1FE19C320
PID: 1724 (3384) C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
size: 131072
MD5: 180BDB1F17FE41C8D8AEFE069A70CA2B
PID: 3544 (3384) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
size: 648504
MD5: E6A51806370DC61767CAE6DCD5F082A6
PID: 904 (3384) C:\Program Files\iTunes\iTunesHelper.exe
size: 292136
MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0
PID: 3204 (3384) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: D22D936F9AB0DA3B8EB7537284867708
PID: 3964 (3384) C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
size: 6345840
MD5: EB8D09A4B351D8C9FE2EE5C523C33770
PID: 1968 (3384) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4
PID: 3048 (1712) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2
PID: 3644 ( 932) C:\Windows\system32\igfxsrvc.exe
size: 256536
MD5: 446E40E9FDBDBC9D30A3D0B0E1120E06
PID: 928 (3384) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
size: 2931648
MD5: 8A4F57E82BBA0313A45CBAB397A71AB4
PID: 3876 (3540) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
size: 110592
MD5: CA286A369EED2D6EAFF79A1050CDBC15
PID: 4292 (4264) C:\Windows\system32\conime.exe
size: 69120
MD5: 6080A176D09435FC8E6E800996656E18
PID: 5392 (3384) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307704
MD5: 26C3F01DF1B1AA6CFEC22D75F1E072F9
PID: 572 (3384) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 460 ( 4) smss.exe
size: 64000
PID: 616 ( 604) csrss.exe
size: 6144
PID: 660 ( 604) wininit.exe
size: 96768
PID: 672 ( 652) csrss.exe
size: 6144
PID: 704 ( 660) services.exe
size: 279552
PID: 720 ( 660) lsass.exe
size: 9728
PID: 728 ( 660) lsm.exe
size: 229888
PID: 764 ( 652) winlogon.exe
size: 314368
PID: 932 ( 704) svchost.exe
size: 21504
PID: 976 ( 704) WRConsumerService.exe
PID: 1008 ( 704) svchost.exe
size: 21504
PID: 1048 ( 704) svchost.exe
size: 21504
PID: 1128 ( 704) svchost.exe
size: 21504
PID: 1188 ( 704) svchost.exe
size: 21504
PID: 1224 ( 704) svchost.exe
size: 21504
PID: 1324 (1128) audiodg.exe
size: 88576
PID: 1348 ( 704) svchost.exe
size: 21504
PID: 1364 ( 704) SLsvc.exe
size: 3408896
PID: 1416 ( 704) svchost.exe
size: 21504
PID: 1568 ( 704) svchost.exe
size: 21504
PID: 1712 ( 704) AAWService.exe
PID: 1900 ( 704) spoolsv.exe
size: 127488
PID: 1924 ( 704) svchost.exe
size: 21504
PID: 484 ( 704) AppleMobileDeviceService.exe
PID: 512 ( 704) mDNSResponder.exe
PID: 620 ( 704) DTSRVC.exe
PID: 696 ( 704) IAANTmon.exe
PID: 1172 ( 704) LSSrvc.exe
PID: 1704 ( 704) LinksysUpdater.exe
PID: 1932 ( 704) svchost.exe
size: 21504
PID: 1232 ( 704) svchost.exe
size: 21504
PID: 1440 ( 704) SpySweeper.exe
PID: 2124 (1704) java.exe
size: 144792
PID: 2380 ( 704) svchost.exe
size: 21504
PID: 2432 ( 704) SearchIndexer.exe
size: 441344
PID: 2516 ( 704) XAudio.exe
PID: 2548 ( 704) nmsrvc.exe
PID: 2604 (1188) WUDFHost.exe
size: 142336
PID: 2644 ( 704) SDWinSec.exe
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 3396 (1224) taskeng.exe
size: 169984
PID: 3956 ( 932) unsecapp.exe
PID: 3128 ( 932) WmiPrvSE.exe
PID: 2308 (1224) taskeng.exe
size: 169984
PID: 3748 ( 704) wmpnetwk.exe
PID: 3692 ( 704) HPHC_Service.exe
PID: 2276 ( 704) iPodService.exe
PID: 5376 (1440) SSU.exe
PID: 5708 (3384) SpybotSD.exe
MD5: 0477C2F9171599CA5BC3307FDFBA8D89


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 02/08/2009 08:32:27 p.m.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: Proveedor de servicios RSVP TCPv6
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: Proveedor de servicios RSVP TCP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: Proveedor de servicios RSVP UDPv6
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: Proveedor de servicios RSVP UDP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4109F0C8-DF79-4686-B73E-C99307A7C728}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4109F0C8-DF79-4686-B73E-C99307A7C728}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{351E89B6-11FC-40A5-9E6D-EF469913E80F}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{351E89B6-11FC-40A5-9E6D-EF469913E80F}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{06F24AE5-6211-4EC5-ADDA-410D79675A1A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{06F24AE5-6211-4EC5-ADDA-410D79675A1A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4109F0C8-DF79-4686-B73E-C99307A7C728}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4109F0C8-DF79-4686-B73E-C99307A7C728}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Espacio de nombres para el reconocimiento de ubicación de red heredado (NLAv1)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Proveedor de correcciones de compatibilidad (shim) de nomenclaturas de correo electrónico
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: Proveedor de espacio de nombres para la nube PNRP
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: Proveedor de espacio de nombres para el nombre PNRP
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

Namespace Provider 5: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 6: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS


I use internet explorer 8 and mozilla 3.0.11.
spybotsandra
2009-08-03, 14:49
Hello,

Please send the file to:
detections(at)spybot.info
Thanks.

Best regards
Sandra
Team Spybot
patgann
2009-08-04, 06:09
This file is being very resistant. It wont let me do much anything to it - delete, email it etc. I was able to download winwar and open its contents. It appears to be some code embedded into an old street.com email from windows live from 2006. So now I am wondering if it is not a false positive which is kind of scary considering how long it supposedly has been on my computer. I pasted and copied the contents of the file and emailed that. I dont know if that will be helpful or not. Im still trying to find out how to get the file file into a zip or rar folder and then having copied and emailed but well it either is not clear to me how or the file just wont let me. Im not that computer savy so any help appreciated on how to best to do that.
patgann
2009-08-04, 07:04
Well I finally just got so fed up with this dinput8.dll file I opened Malwarebytes then their file assassin and well assasinated it. No other program could even change its darn name. That program actually deleted it. Powerful I guess.

Probably dumb to delete it but the spybot scan just came back as clean.

Still no problems with my sound or video - not yet at least.

Maybe a system restore will get it back if I need it.

Now I am wondering if I need to change all my password info etc or if it could still be a false positive - but seeing what appeared to be code embedded in an email kind of freaked me out so dont scold me too much please.