Results 1 to 9 of 9

Thread: TEATIMER.EXE is attempting to install a browswer add-on

  1. 2008-02-18, 05:38 #1
    787Infoquest
    787Infoquest is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    13

    Default TEATIMER.EXE is attempting to install a browswer add-on

    Spy Sweeper is flagging a potential Spybot file- Browswer Helper Object flagged that a BHO is being installed in Internet Explorer.

    Error Message:
    TEATIMER.EXE is attempting to install a broswer add-on.

    I am aware of SDHelper, but not this one. Please advise.
    Reply With Quote Reply With Quote
  2. 2008-02-21, 21:57 #2
    787Infoquest
    787Infoquest is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    13

    Default

    Update... Once teatimer has been turn off, via Spybot, then the message from Spysweeper is no longer coming up. I am being very careful and asking about this one as the person I am helping mistakenly loaded AdwareAlert. Spybot indicates that AdwareAlert is a pirated copy of Spybot with the intent to spread malware. With knowing this, it is important to make sure this teatimer.exe does in fact belongs to Spybot. I would have expected teatimer.exe to be a startup function and not flagged as BHO. The fact that Spysweeper message is not coming up once turned off in Spybot makes me think that Spysweeper is mislabeling it…. But there is a chance that AdwareAlert is using this.

    Any thoughts/directions/advice would be very appreciated.
    Reply With Quote Reply With Quote
  3. 2008-02-23, 09:35 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello,

    • Open SpyBot
    • Check for problems
    • Switch Spybot S&D to advanced mode
    • Navigate to tools - view report
    • Click "view report"
    • Click "export" to save the report to a text file and attach it here


    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
    Reply With Quote Reply With Quote
  4. 2008-02-25, 05:31 #4
    787Infoquest
    787Infoquest is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    13

    Default

    It creates a text file that is 39 kb (exceeding the limit), so I had to insert it in two parts. I hope this will work. If not, please let me know what steps I need to take and I will do it right away.

    Thank you for your help!


    --- Search result list ---
    Congratulations!: No immediate threats were found. ()



    --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

    2008-01-28 blindman.exe (1.0.0.7)
    2008-01-28 SDDelFile.exe (1.0.2.4)
    2008-01-28 SDMain.exe (1.0.0.5)
    2007-10-07 SDShred.exe (1.0.1.2)
    2008-01-28 SDUpdate.exe (1.0.8.8)
    2008-01-28 SDWinSec.exe (1.0.0.11)
    2008-01-28 SpybotSD.exe (1.5.2.20)
    2008-01-28 TeaTimer.exe (1.5.2.16)
    2008-02-09 unins000.exe (51.49.0.0)
    2008-01-28 Update.exe (1.4.0.6)
    2008-01-28 advcheck.dll (1.5.4.5)
    2007-04-02 aports.dll (2.1.0.0)
    2007-11-17 DelZip179.dll (1.79.7.4)
    2008-01-28 SDFiles.dll (1.5.1.19)
    2008-01-28 SDHelper.dll (1.5.0.11)
    2008-01-28 Tools.dll (2.1.3.3)
    2008-02-20 Includes\Cookies.sbi (*)
    2007-12-26 Includes\Dialer.sbi (*)
    2008-02-20 Includes\DialerC.sbi (*)
    2008-02-20 Includes\HeavyDuty.sbi (*)
    2008-02-20 Includes\Hijackers.sbi (*)
    2008-02-20 Includes\HijackersC.sbi (*)
    2008-02-20 Includes\Keyloggers.sbi (*)
    2008-02-20 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2008-02-20 Includes\Malware.sbi (*)
    2008-02-20 Includes\MalwareC.sbi (*)
    2008-02-20 Includes\PUPS.sbi (*)
    2008-02-20 Includes\PUPSC.sbi (*)
    2008-02-20 Includes\Revision.sbi (*)
    2008-01-09 Includes\Security.sbi (*)
    2008-02-20 Includes\SecurityC.sbi (*)
    2008-02-20 Includes\Spybots.sbi (*)
    2008-02-20 Includes\SpybotsC.sbi (*)
    2007-11-06 Includes\Tracks.uti
    2008-02-20 Includes\Trojans.sbi (*)
    2008-02-20 Includes\TrojansC.sbi (*)
    2008-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows Vista (Build: 6000) (6.0.6000)


    --- Startup entries list ---
    Located: HK_LM:Run,
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 39792
    MD5: 8B9145D229D4E89D15ACB820D4A3A90F

    Located: HK_LM:Run, ccApp
    command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 115816
    MD5: 25BE770865658CB79100117112819A7C

    Located: HK_LM:Run, Corel Photo Downloader
    command: C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, dscactivate
    command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    file: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
    size: 16384
    MD5: 267B3A856E9F4DB1CABD4E6DB71E07D2

    Located: HK_LM:Run, ECenter
    command: c:\dell\E-Center\EULALauncher.exe
    file: c:\dell\E-Center\EULALauncher.exe
    size: 17920
    MD5: BCB30677F086E0E84CFD22D1FEFF9BDB

    Located: HK_LM:Run, Google Desktop Search
    command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    size: 1862144
    MD5: 472064F37E86B1361F01308441D21F52

    Located: HK_LM:Run, IAAnotif
    command: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    file: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    size: 151552
    MD5: D2CA35A3F711E613D9399845CE9302FA

    Located: HK_LM:Run, ISUSPM Startup
    command: "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    size: 221184
    MD5: 9ABF687071C649609BF7E177062A9008

    Located: HK_LM:Run, ISUSScheduler
    command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    size: 81920
    MD5: FF3BF05021BFECC92DB81B8257EEB026

    Located: HK_LM:Run, Logitech Hardware Abstraction Layer
    command: KHALMNPR.EXE
    file: C:\Windows\KHALMNPR.EXE
    size: 94208
    MD5: FFDE5245589FFA24C5075203D2A9C314

    Located: HK_LM:Run, LogitechCommunicationsManager
    command: "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    file: C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    size: 480816
    MD5: 57746505F27BFE21D3BC74BCA6B1904C

    Located: HK_LM:Run, NvCplDaemon
    command: "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
    file: C:\Windows\system32\RUNDLL32.EXE
    size: 44544
    MD5: 4B555106290BD117334E9A08761C035A

    Located: HK_LM:Run, NvMediaCenter
    command: "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    file: C:\Windows\system32\RUNDLL32.EXE
    size: 44544
    MD5: 4B555106290BD117334E9A08761C035A

    Located: HK_LM:Run, NvSvc
    command: "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
    file: C:\Windows\system32\RUNDLL32.EXE
    size: 44544
    MD5: 4B555106290BD117334E9A08761C035A

    Located: HK_LM:Run, osCheck
    command: "C:\Program Files\Norton Internet Security\osCheck.exe"
    file: C:\Program Files\Norton Internet Security\osCheck.exe
    size: 22696
    MD5: 9F9169BA9B0E44B6C86A5247CEC2CDEE

    Located: HK_LM:Run, SigmatelSysTrayApp
    command: sttray.exe
    file: C:\Windows\sttray.exe
    size: 303104
    MD5: 733DA847D5C3E32C40BA831BEAA8DC93

    Located: HK_LM:Run, SpySweeper
    command: "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    file: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    size: 5367664
    MD5: 2B0B8C29092FB420826F5A8FD02DC081

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    size: 83608
    MD5: 9C1C80BBF8E6044980890E2D2D91091C

    Located: HK_LM:Run, Symantec PIF AlertEng
    command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    size: 583048
    MD5: DEB2A99C1AD9B9190C78E895AE60A745

    Located: HK_LM:Run, UpdReg
    command: C:\Windows\UpdReg.EXE
    file: C:\Windows\UpdReg.EXE
    size: 90112
    MD5: C419DF63E0121D72411285780C2FC6CC

    Located: HK_LM:Run, VolPanel
    command: "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
    file: C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    size: 180224
    MD5: CDA2001978A4C967C41A1C7CF79E1815

    Located: HK_LM:Run, Windows Defender
    command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    file: C:\Program Files\Windows Defender\MSASCui.exe
    size: 1006264
    MD5: 9AD9E2FB2811123DA13DE84CC154AB77

    Located: HK_CU:Run, DellSupport
    where: S-1-5-21-3202169981-310995558-3244067593-1000...
    command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    file: C:\Program Files\DellSupport\DSAgnt.exe
    size: 446976
    MD5: CC4413981C4F1234E6E884DFF8B99C03

    Located: HK_CU:Run, DellSupportCenter
    where: S-1-5-21-3202169981-310995558-3244067593-1000...
    command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    size: 202544
    MD5: 852AB81EDE166A0B25046DD7F4CD3FFA

    Located: HK_CU:Run, ehTray.exe
    where: S-1-5-21-3202169981-310995558-3244067593-1000...
    command: C:\Windows\ehome\ehTray.exe
    file: C:\Windows\ehome\ehTray.exe
    size: 125440
    MD5: 2E0953919779A44BF9DFB7B07C58535A

    Located: HK_CU:Run, LDM
    where: S-1-5-21-3202169981-310995558-3244067593-1000...
    command: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
    file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    size: 32768
    MD5: 5588812731C64305F2579DD8215037E0

    Located: HK_CU:Run, msnmsgr
    where: S-1-5-21-3202169981-310995558-3244067593-1000...
    command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    file: C:\Program Files\MSN Messenger\msnmsgr.exe
    size: 5674352
    MD5: C4281AD865739E71FD1E4DAC19A68D60

    Located: HK_CU:Run, WMPNSCFG
    where: S-1-5-21-3202169981-310995558-3244067593-1000...
    command: "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    size: 201728
    MD5: 20EF9002CFF89C4C1077E4415EC7297B

    Located: HK_CU:Run, MsnMsgr (DISABLED)
    where: S-1-5-21-3202169981-310995558-3244067593-1000...
    command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
    size: 5674352
    MD5: C4281AD865739E71FD1E4DAC19A68D60

    Located: Startup (common), Digital Line Detect.lnk (DISABLED)
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Digital Line Detect\DLG.exe
    file: C:\Program Files\Digital Line Detect\DLG.exe
    size: 45056
    MD5: 66B8C84DF54555782CE61E393A1B67B1

    Located: Startup (common), hpoddt01.exe.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    size: 28672
    MD5: A564A22308A3F55235BA2478EE82992D

    Located: Startup (common), Logitech Desktop Messenger.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    size: 450560
    MD5: 9C964C7C72FD732B1A0EEC80421EDAED

    Located: Startup (common), Logitech SetPoint.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
    file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
    size: 593920
    MD5: F11CA562270B3802DBCD51EA9F4731BA

    Located: WinLogon, GoToAssist
    command: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
    file: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, WRNotifier
    command: WRLogonNTF.dll
    file: WRLogonNTF.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} (Ask Search Assistant BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Ask Search Assistant BHO
    Path: C:\Program Files\AskSBar\SrchAstt\1.bin\
    Long name: A2SRCHAS.DLL
    Short name:
    Date (created): 10/21/2007 4:12:12 PM
    Date (last access): 10/21/2007 4:12:12 PM
    Date (last write): 10/21/2007 4:12:12 PM
    Filesize: 66912
    Attributes: archive
    MD5: 2F19F535F88BEE3AF522BD28478C019E
    CRC32: 77B4EC1E
    Version: 1.1.0.1

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Adobe PDF Reader Link Helper
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
    info link: http://www.adobe.com/products/acrobat/readstep2.html
    info source: TonyKlein
    Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelper.dll
    Short name: ACROIE~1.DLL
    Date (created): 10/22/2006 11:08:42 PM
    Date (last access): 2/11/2008 6:08:54 PM
    Date (last write): 10/22/2006 11:08:42 PM
    Filesize: 62080
    Attributes: archive
    MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
    CRC32: E388508F
    Version: 8.0.0.456

    {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\
    Long name: NppBHO.dll
    Short name:
    Date (created): 12/5/2006 7:54:56 PM
    Date (last access): 5/24/2007 11:01:26 AM
    Date (last write): 12/5/2006 7:54:56 PM
    Filesize: 96984
    Attributes: readonly archive
    MD5: 57E8CF524AFF1D945AABD65B9AAA8075
    CRC32: EA607DA7
    Version: 2007.1.3.6

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\Program Files\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 2/9/2008 6:17:54 PM
    Date (last access): 2/9/2008 6:17:54 PM
    Date (last write): 1/28/2008 11:43:28 AM
    Filesize: 1554256
    Attributes: archive
    MD5: 5248E02EFBCB64D328647CD00E384B85
    CRC32: C1B426A9
    Version: 1.5.0.11

    {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 8/31/2006 7:33:06 PM
    Date (last access): 6/28/2007 3:35:30 PM
    Date (last write): 8/31/2006 7:33:06 PM
    Filesize: 322368
    Attributes: archive
    MD5: E43F7CFDEE2B00A22C96C168147B20D3
    CRC32: 2AEACC43
    Version: 4.100.313.1

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
    info link: http://toolbar.google.com/
    info source: TonyKlein
    Path: c:\program files\google\
    Long name: GoogleToolbar1.dll
    Short name: GOOGLE~1.DLL
    Date (created): 5/24/2007 11:03:46 AM
    Date (last access): 5/24/2007 11:03:46 AM
    Date (last write): 5/24/2007 11:03:46 AM
    Filesize: 2193280
    Attributes: readonly archive
    MD5: B6B99ED927A26A88A4BFC258A30A6DB4
    CRC32: 72CDBC2C
    Version: 4.0.1306.3130

    {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: CBrowserHelperObject Object
    Path: C:\Program Files\BAE\
    Long name: BAE.dll
    Short name:
    Date (created): 5/24/2007 11:03:30 AM
    Date (last access): 5/24/2007 11:03:30 AM
    Date (last write): 3/16/2007 2:20:26 AM
    Filesize: 98304
    Attributes: archive
    MD5: 1A4F60EF6DA38621F1091B0CB0FA2C09
    CRC32: 54D81822
    Version: 1.2.0.3

    {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (Ask Toolbar BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Ask Toolbar BHO
    Path: C:\Program Files\AskSBar\bar\1.bin\
    Long name: ASKSBAR.DLL
    Short name:
    Date (created): 10/21/2007 4:12:12 PM
    Date (last access): 10/21/2007 4:12:12 PM
    Date (last write): 10/21/2007 4:12:12 PM
    Filesize: 267592
    Attributes: archive
    MD5: AA0B5AFB2F92F16831A9D34D818FA174
    CRC32: 20387C5A
    Version: 2.3.0.11
    Reply With Quote Reply With Quote
  5. 2008-02-25, 05:32 #5
    787Infoquest
    787Infoquest is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    13

    Default

    2nd part...


    --- ActiveX list ---
    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://download.microsoft.com/downlo...eckControl.cab
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\system32\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 10/11/2007 2:12:48 PM
    Date (last access): 10/11/2007 2:12:48 PM
    Date (last write): 10/11/2007 2:12:48 PM
    Filesize: 1468968
    Attributes: archive
    MD5: FC6680B6D4812D017109518AC07DED0E
    CRC32: 4DC7C79C
    Version: 1.7.59.1

    {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
    DPF name:
    CLSID name: Symantec AntiVirus scanner
    Installer: C:\Windows\Downloaded Program Files\avsniff.inf
    Codebase: http://security.symantec.com/sscv6/S...in/AvSniff.cab
    description: Symantec online scanner
    classification: Legitimate
    known filename: AVSNIFF.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\Windows\Downloaded Program Files\
    Long name: avsniff.dll
    Short name:
    Date (created): 1/15/2008 10:12:38 PM
    Date (last access): 1/15/2008 10:12:38 PM
    Date (last write): 1/15/2008 10:12:38 PM
    Filesize: 312680
    Attributes: archive
    MD5: 888798ADCF17BEF44219A7CC910B8FC8
    CRC32: 36D46E76
    Version: 2006.2.22.58

    {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class)
    DPF name:
    CLSID name: TotalScan Installer Class
    Installer: C:\Windows\Downloaded Program Files\CONFLICT.1\ascstubie.inf
    Codebase: http://www.nanoscan.com/as/cabs/ascstubie.cab
    description:
    classification: Legitimate
    known filename: ascstubie.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\Downloaded Program Files\CONFLICT.1\
    Long name: ascstubie.dll
    Short name: ASCSTU~1.DLL
    Date (created): 8/21/2007 2:37:26 PM
    Date (last access): 8/21/2007 2:37:26 PM
    Date (last write): 8/21/2007 2:37:26 PM
    Filesize: 124208
    Attributes: archive
    MD5: 0AD87599756B34C0214AFCE961E78DD5
    CRC32: EA254381
    Version: 1.0.0.7

    {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
    DPF name:
    CLSID name: Symantec RuFSI Utility Class
    Installer: C:\Windows\Downloaded Program Files\CabSA.inf
    Codebase: http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    description:
    classification: Legitimate
    known filename: rufsi.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\Downloaded Program Files\
    Long name: rufsi.dll
    Short name:
    Date (created): 1/15/2008 10:12:48 PM
    Date (last access): 1/15/2008 10:12:48 PM
    Date (last write): 1/15/2008 10:12:48 PM
    Filesize: 296336
    Attributes: archive
    MD5: B64C2F3609301D0FA2BBABFB5799890C
    CRC32: 246BD9BB
    Version: 2006.2.15.43

    {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class)
    DPF name:
    CLSID name: NanoInstaller Class
    Installer: C:\Windows\Downloaded Program Files\nanoinst.inf
    Codebase: http://www.nanoscan.com/cabs/nanoinst.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: NanoInst.dll
    Short name:
    Date (created): 9/11/2007 1:49:28 PM
    Date (last access): 9/11/2007 1:49:28 PM
    Date (last write): 9/11/2007 1:49:28 PM
    Filesize: 38280
    Attributes: archive
    MD5: 4BEEB9E3A93CF218602A7A9AE21EDCA7
    CRC32: FD77ABF2
    Version: 2.2.0.5

    {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
    DPF name:
    CLSID name: MessengerStatsClient Class
    Installer:
    Codebase: http://messenger.zone.msn.com/binary...t.cab56907.cab
    description:
    classification: Legitimate
    known filename: MessengerStatsPAClient.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\Downloaded Program Files\
    Long name: MessengerStatsPAClient.dll
    Short name: MESSEN~1.DLL
    Date (created): 2/22/2007 11:41:12 PM
    Date (last access): 2/22/2007 11:41:12 PM
    Date (last write): 2/22/2007 11:41:12 PM
    Filesize: 304544
    Attributes: archive
    MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
    CRC32: 0F12FD23
    Version: 9.5.6907.1

    {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi160.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 12/26/2007 1:39:06 PM
    Date (last access): 9/24/2007 11:31:44 PM
    Date (last write): 9/25/2007 1:11:34 AM
    Filesize: 501136
    Attributes: archive
    MD5: D787E3123FAD2BD58AB45B9A5C360ACD
    CRC32: DDC625C2
    Version: 6.0.30.5

    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_01
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi160_01.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 12/26/2007 1:39:06 PM
    Date (last access): 9/24/2007 11:31:44 PM
    Date (last write): 9/25/2007 1:11:34 AM
    Filesize: 501136
    Attributes: archive
    MD5: D787E3123FAD2BD58AB45B9A5C360ACD
    CRC32: DDC625C2
    Version: 6.0.30.5

    {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_02
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi160_02.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 12/26/2007 1:39:06 PM
    Date (last access): 9/24/2007 11:31:44 PM
    Date (last write): 9/25/2007 1:11:34 AM
    Filesize: 501136
    Attributes: archive
    MD5: D787E3123FAD2BD58AB45B9A5C360ACD
    CRC32: DDC625C2
    Version: 6.0.30.5

    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 12/26/2007 1:39:06 PM
    Date (last access): 9/24/2007 11:31:44 PM
    Date (last write): 9/25/2007 1:11:34 AM
    Filesize: 501136
    Attributes: archive
    MD5: D787E3123FAD2BD58AB45B9A5C360ACD
    CRC32: DDC625C2
    Version: 6.0.30.5

    {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
    DPF name:
    CLSID name: McFreeScan Class
    Installer: C:\Windows\Downloaded Program Files\mcfscan.inf
    Codebase: http://download.mcafee.com/molbin/is...19/mcfscan.cab
    description:
    classification: Legitimate
    known filename: mcfscan.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\McAfee.com\FreeScan\
    Long name: mcfscan.dll
    Short name:
    Date (created): 1/30/2008 9:44:46 AM
    Date (last access): 1/30/2008 9:44:46 AM
    Date (last write): 1/30/2008 9:44:46 AM
    Filesize: 156984
    Attributes: archive
    MD5: 0C6D0F532075B5D9FA86EA63713FDFD7
    CRC32: 9923E15D
    Version: 2.2.0.5219



    --- Process list ---
    PID: 3696 (1144) C:\Windows\system32\taskeng.exe
    size: 166400
    MD5: 1226E9FAE5B8508801EC974E3C9D9C14
    PID: 3704 (1120) C:\Windows\system32\Dwm.exe
    size: 83456
    MD5: E87B968F3D49117445893EB0503FE34F
    PID: 3756 (3664) C:\Windows\Explorer.EXE
    size: 2923520
    MD5: 6D06CD98D954FE87FB2DB8108793B399
    PID: 4068 (3756) C:\Program Files\Windows Defender\MSASCui.exe
    size: 1006264
    MD5: 9AD9E2FB2811123DA13DE84CC154AB77
    PID: 2260 (3756) C:\Windows\sttray.exe
    size: 303104
    MD5: 733DA847D5C3E32C40BA831BEAA8DC93
    PID: 2436 (3756) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    size: 151552
    MD5: D2CA35A3F711E613D9399845CE9302FA
    PID: 2600 (4076) C:\Windows\System32\rundll32.exe
    size: 44544
    MD5: 4B555106290BD117334E9A08761C035A
    PID: 2696 (3756) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    size: 81920
    MD5: FF3BF05021BFECC92DB81B8257EEB026
    PID: 2820 (3756) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 115816
    MD5: 25BE770865658CB79100117112819A7C
    PID: 3340 (3756) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    size: 1862144
    MD5: 472064F37E86B1361F01308441D21F52
    PID: 3408 (3756) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    size: 180224
    MD5: CDA2001978A4C967C41A1C7CF79E1815
    PID: 3732 (3756) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    size: 83608
    MD5: 9C1C80BBF8E6044980890E2D2D91091C
    PID: 3896 (3756) C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    size: 480816
    MD5: 57746505F27BFE21D3BC74BCA6B1904C
    PID: 3500 (3756) C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    size: 5367664
    MD5: 2B0B8C29092FB420826F5A8FD02DC081
    PID: 1132 (3756) C:\Program Files\DellSupport\DSAgnt.exe
    size: 446976
    MD5: CC4413981C4F1234E6E884DFF8B99C03
    PID: 1100 (3756) C:\Windows\ehome\ehtray.exe
    size: 125440
    MD5: 2E0953919779A44BF9DFB7B07C58535A
    PID: 1016 (3756) C:\Program Files\Windows Media Player\wmpnscfg.exe
    size: 201728
    MD5: 20EF9002CFF89C4C1077E4415EC7297B
    PID: 2708 (3756) C:\Program Files\MSN Messenger\msnmsgr.exe
    size: 5674352
    MD5: C4281AD865739E71FD1E4DAC19A68D60
    PID: 532 (3756) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    size: 202544
    MD5: 852AB81EDE166A0B25046DD7F4CD3FFA
    PID: 2564 (3340) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    size: 1862144
    MD5: 472064F37E86B1361F01308441D21F52
    PID: 1280 (3756) C:\Program Files\Logitech\SetPoint\SetPoint.exe
    size: 593920
    MD5: F11CA562270B3802DBCD51EA9F4731BA
    PID: 1456 ( 820) C:\Windows\ehome\ehmsas.exe
    size: 37376
    MD5: 693E4C15CEE5D6487D7913A2701B5E40
    PID: 4352 (1280) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    size: 94208
    MD5: FFDE5245589FFA24C5075203D2A9C314
    PID: 5060 (3756) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    size: 196152
    MD5: 40825ACFC23E0AD28DA1FC63F77E9825
    PID: 5592 ( 820) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    size: 12037688
    MD5: 1EEA7DD2F1EA6EFEF380B99A90228D2F
    PID: 3664 ( 820) C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    size: 243248
    MD5: 506FA18147A4135FC9D98AFEDAAC6F13
    PID: 1408 ( 936) C:\Program Files\Internet Explorer\ieuser.exe
    size: 301568
    MD5: 7906D40BA8A6C8AC1586B1EF549319BA
    PID: 5504 ( 936) C:\Program Files\Internet Explorer\iexplore.exe
    size: 625664
    MD5: 9143C721DD6482374EFB35BC35944324
    PID: 2664 ( 820) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    size: 115024
    MD5: 44CDED85B91EEF32E9CBCA348371F6BB
    PID: 5316 ( 820) C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    size: 218496
    MD5: 55DAE09CBE5FE5E8EB2698107C18FD0D
    PID: 4620 (3756) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5146448
    MD5: 2ECA8CDEED7C82F879E766DA92A3561A
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 460 ( 4) smss.exe
    size: 62976
    PID: 540 ( 528) csrss.exe
    size: 7680
    PID: 584 ( 528) wininit.exe
    size: 95744
    PID: 592 ( 576) csrss.exe
    size: 7680
    PID: 628 ( 584) services.exe
    size: 279552
    PID: 640 ( 584) lsass.exe
    size: 7680
    PID: 648 ( 584) lsm.exe
    size: 210944
    PID: 716 ( 576) winlogon.exe
    size: 308224
    PID: 820 ( 628) svchost.exe
    size: 22016
    PID: 916 ( 628) svchost.exe
    size: 22016
    PID: 948 ( 628) svchost.exe
    size: 22016
    PID: 1052 ( 628) svchost.exe
    size: 22016
    PID: 1120 ( 628) svchost.exe
    size: 22016
    PID: 1144 ( 628) svchost.exe
    size: 22016
    PID: 1236 (1052) audiodg.exe
    size: 88064
    PID: 1272 ( 628) SLsvc.exe
    size: 2605568
    PID: 1328 ( 628) svchost.exe
    size: 22016
    PID: 1476 ( 628) svchost.exe
    size: 22016
    PID: 1576 ( 628) ccSvcHst.exe
    PID: 1652 ( 628) AppSvc32.exe
    PID: 1716 ( 628) aawservice.exe
    PID: 1860 ( 628) spoolsv.exe
    size: 124928
    PID: 1888 ( 628) svchost.exe
    size: 22016
    PID: 2020 ( 628) CreativeLicensing.exe
    PID: 1724 ( 628) CTSVCCDA.EXE
    size: 44032
    PID: 2032 ( 628) IAANTmon.exe
    PID: 2052 ( 628) svchost.exe
    size: 22016
    PID: 2132 ( 628) sprtsvc.exe
    PID: 2164 ( 628) stacsv.exe
    size: 90112
    PID: 2268 ( 628) svchost.exe
    size: 22016
    PID: 2296 ( 628) SpySweeper.exe
    PID: 2536 ( 628) svchost.exe
    size: 22016
    PID: 2556 ( 628) SearchIndexer.exe
    size: 287744
    PID: 2612 ( 628) XAudio.exe
    PID: 2652 ( 628) SDWinSec.exe
    size: 810320
    MD5: A0C00A6265949AC72AB51B711743CA6D
    PID: 3096 (1144) taskeng.exe
    size: 166400
    PID: 3132 (1120) WUDFHost.exe
    size: 143360
    PID: 3832 ( 628) wmpnetwk.exe
    PID: 6008 (2296) ssu.exe
    PID: 2836 ( 628) symlcsvc.exe
    PID: 3120 ( 628) VSSVC.exe
    size: 924160
    PID: 5508 ( 628) svchost.exe
    size: 22016
    PID: 5040 (1144) taskeng.exe
    size: 166400


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 2/24/2008 6:15:17 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com/ig/dell?hl=en&...us&ibd=0070525
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    Reply With Quote Reply With Quote
  6. 2008-02-25, 05:33 #6
    787Infoquest
    787Infoquest is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    13

    Default

    3rd part...



    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CA5AFF38-D5EC-4BD7-A920-3AE47A793892}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CA5AFF38-D5EC-4BD7-A920-3AE47A793892}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CA5AFF38-D5EC-4BD7-A920-3AE47A793892}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CA5AFF38-D5EC-4BD7-A920-3AE47A793892}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 2: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 3: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 4: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 5: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:
    Reply With Quote Reply With Quote
  7. 2008-02-25, 09:51 #7
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello 787Infoquest,

    This may be a Spy Sweeper false positive but one of our detectives will get back to you soon with more information.

    I noticed there are old versions of Sun Java on the System, please see:
    Sun Microsystems~Java. Security vunerability in older versions left on system

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
    Reply With Quote Reply With Quote
  8. 2008-02-25, 11:42 #8
    MisterW
    MisterW is offline
    Retired
    Join Date
    Oct 2005
    Posts
    566

    Default

    Hello 787Infoquest,
    Indeed there seems to be a problem with SpySweeper concerning the error you got. They seem to block all Browser Helper Objects that get installed on the computer. I will get in contact with SpySweeper and try to solve that issue.
    Until the issue is solved you should be able to allow the Browser Helper Object when SpySweeper asks you what to do.

    regards,
    Markus
    Last edited by MisterW; 2008-02-25 at 12:07.
    Reply With Quote Reply With Quote
  9. 2008-02-25, 18:24 #9
    787Infoquest
    787Infoquest is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    13

    Default

    Thank you for looking into this and all your help. It just made me nervous when it was flagging the teatimer.exe, instead of the SDHelper, as a BHO, so I though I better check it out.

    All your help and time is very much appreciated!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules