Results 1 to 7 of 7

Thread: Win32.ActiveKeyLogger F/P

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2008-12-03, 20:04 #1
    Terminator
    Terminator is offline
    Senior Member Terminator's Avatar
    Join Date
    Sep 2006
    Location
    LV-426
    Posts
    349

    Exclamation Win32.ActiveKeyLogger F/P

    I found the above False Positive whilst using the On-Demand Scanner on 2 "UNWISE" Un-installers. I can repeat this False Positive on both Programs.

    I ran a full Spyware only Scan and it turned up nothing, I also scanned with Avast! On-Demand Scanner and that also failed to find anything.


    My System:


    Windows Vista Home Premium SP1 (Fully Patched)

    Internet Explorer 7 (Fully Patched)

    Spybot 1.6.1.38 with Todays updates including the beta (3/12/2008)


    Screenshot:




    Log File:


    2008-06-18 SDDelFile.exe (1.0.2.5)
    2008-11-13 SDFiles.exe (1.6.1.7)
    2008-11-13 SDMain.exe (1.0.0.6)
    2008-11-13 SDShred.exe (1.0.2.4)
    2008-11-13 SDUpdate.exe (1.6.0.11)
    2008-11-13 SDWinSec.exe (1.0.0.12)
    2008-11-13 SpybotSD.exe (1.6.1.38)
    2008-11-13 TeaTimer.exe (1.6.4.26)
    2008-11-23 unins000.exe (51.49.0.0)
    2008-11-13 Update.exe (1.6.0.7)
    2008-11-13 advcheck.dll (1.6.2.14)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-11-13 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2008-11-13 Tools.dll (2.1.6.10)
    2008-11-04 Includes\Adware.sbi
    2008-11-25 Includes\AdwareC.sbi
    2008-12-02 Includes\Beta.sbi
    2007-11-06 Includes\Beta.uti
    2008-06-03 Includes\Cookies.sbi
    2008-09-02 Includes\Dialer.sbi
    2008-09-09 Includes\DialerC.sbi
    2008-07-23 Includes\HeavyDuty.sbi
    2008-11-18 Includes\Hijackers.sbi
    2008-11-18 Includes\HijackersC.sbi
    2008-09-09 Includes\Keyloggers.sbi
    2008-11-18 Includes\KeyloggersC.sbi
    2008-11-18 Includes\Malware.sbi
    2008-12-03 Includes\MalwareC.sbi
    2008-11-03 Includes\PUPS.sbi
    2008-12-02 Includes\PUPSC.sbi
    2007-11-07 Includes\Revision.sbi
    2008-06-18 Includes\Security.sbi
    2008-12-02 Includes\SecurityC.sbi
    2008-06-03 Includes\Spybots.sbi
    2008-06-03 Includes\SpybotsC.sbi
    2008-11-04 Includes\Spyware.sbi
    2008-12-02 Includes\SpywareC.sbi
    2008-06-03 Includes\Tracks.uti
    2008-11-04 Includes\Trojans.sbi
    2008-12-02 Includes\TrojansC.sbi
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB941833)

    --- Startup entries list ---
    Located: HK_LM:Run, avast!
    command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    size: 81000
    MD5: 55EBFBAB39BFAB5E62358C093F297641
    Located: HK_LM:Run, COMODO Firewall Pro
    command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    file: C:\Program Files\COMODO\Firewall\cfp.exe
    size: 1796856
    MD5: B443A3B66DFBC137EEE36BEC364735F5
    Located: HK_LM:Run, HotKeysCmds
    command: C:\Windows\system32\hkcmd.exe
    file: C:\Windows\system32\hkcmd.exe
    size: 166424
    MD5: E0913BFFE047972BAA72AC3AE608E24D
    Located: HK_LM:Run, HP Metrics
    command: C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe a
    file: C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
    size: 368640
    MD5: 36BA55D14C3F78C2F137D741EB99E3C0
    Located: HK_LM:Run, HP Software Update
    command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    size: 49152
    MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220
    Located: HK_LM:Run, hpsysdrv
    command: c:\hp\support\hpsysdrv.exe
    file: c:\hp\support\hpsysdrv.exe
    size: 65536
    MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
    Located: HK_LM:Run, IgfxTray
    command: C:\Windows\system32\igfxtray.exe
    file: C:\Windows\system32\igfxtray.exe
    size: 141848
    MD5: EF4FF93786AE65DD307FCADABCD087CA
    Located: HK_LM:Run, KBD
    command: C:\HP\KBD\KbdStub.EXE
    file: C:\HP\KBD\KbdStub.EXE
    size: 65536
    MD5: 7088B136BB58A5F95CF0DE8386CA6C0F
    Located: HK_LM:Run, OsdMaestro
    command: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    file: C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    size: 118784
    MD5: B1361669BDC6ED612C35B7C67ADA2240
    Located: HK_LM:Run, Persistence
    command: C:\Windows\system32\igfxpers.exe
    file: C:\Windows\system32\igfxpers.exe
    size: 133656
    MD5: 83591BC9E3328F5BACCF487CD12414EB
    Located: HK_LM:Run, RtHDVCpl
    command: RtHDVCpl.exe
    file: C:\Windows\RtHDVCpl.exe
    size: 4874240
    MD5: 361CD47DC5BD83EE24407903233B0D9A
    Located: HK_LM:Run, SunJavaUpdateReg
    command: "C:\Windows\system32\jureg.exe" -delete
    file: C:\Windows\system32\jureg.exe
    size: 54936
    MD5: 4F89DD4EA74C66916E15A6E7D74A50B5
    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre6\bin\jusched.exe"
    file: C:\Program Files\Java\jre6\bin\jusched.exe
    size: 136600
    MD5: B98FFA8288EFAABC436C30D198608345
    Located: HK_LM:Run, Windows Defender
    command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    file: C:\Program Files\Windows Defender\MSASCui.exe
    size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
    Located: HK_CU:Run, Sidebar
    where: S-1-5-19...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6
    Located: HK_CU:Run, WindowsWelcomeCenter
    where: S-1-5-19...
    command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
    file: C:\Windows\system32\oobefldr.dll
    size: 2153472
    MD5: 83E4A5435B0FA6AD0166722621A04725
    Located: HK_CU:Run, Sidebar
    where: S-1-5-20...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6
    Located: HK_CU:Run, WindowsWelcomeCenter
    where: S-1-5-20...
    command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
    file: C:\Windows\system32\oobefldr.dll
    size: 2153472
    MD5: 83E4A5435B0FA6AD0166722621A04725
    Located: HK_CU:Run, ehTray.exe
    where: S-1-5-21-16169106-2878052200-2811833100-1000...
    command: C:\Windows\ehome\ehTray.exe
    file: C:\Windows\ehome\ehTray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C
    Located: HK_CU:Run, WMPNSCFG
    where: S-1-5-21-16169106-2878052200-2811833100-1000...
    command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    size: 202240
    MD5: 35937EAD711207544E219C2A19A78A7D
    Located: Startup (common), HP Digital Imaging Monitor.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    size: 210520
    MD5: F14219FC767F1383526AB423F278A8E3
    Located: WinLogon, igfxcui
    command: igfxdev.dll
    file: igfxdev.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    --- Browser helper object list ---
    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 27/03/2008 16:50:26
    Date (last access): 23/11/2008 19:52:52
    Date (last write): 13/11/2008 16:19:32
    Filesize: 1877336
    Attributes: archive
    MD5: D0EE028C2FB3F0C38B40147F9AB31F77
    CRC32: 90CB2B8B
    Version: 1.6.2.14
    {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 28/10/2008 14:40:42
    Date (last access): 10/11/2072 03:39:26
    Date (last write): 10/11/2008 05:43:32
    Filesize: 320920
    Attributes: archive
    MD5: 35E6FB6E6003BD54A5D69C9C1C762192
    CRC32: 9699660C
    Version: 6.0.110.3
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 34816
    Attributes: archive
    MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
    CRC32: D7C13FB2
    Version: 6.0.110.3
    {DC3EB972-8628-4C46-B7CE-25EBD05EA362} (NetPurity.SiteAccess)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: NetPurity.SiteAccess
    Path: C:\Windows\System32\
    Long name: NetPurity.dll
    Short name: NETPUR~1.DLL
    Date (created): 03/12/2008 18:27:50
    Date (last access): 03/12/2008 18:27:50
    Date (last write): 23/03/2005 18:02:20
    Filesize: 49152
    Attributes: archive
    MD5: 425ABE2C7E142680CEA5682473817439
    CRC32: A5BA056E
    Version: 1.1.0.0
    {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    --- ActiveX list ---
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase:
    description: Apple Quicktime
    classification: Legitimate
    known filename: QTPLUGIN.OCX
    info link:
    info source: Patrick M. Kolla
    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://download.microsoft.com/downlo...eckControl.cab
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\system32\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 20/03/2008 17:06:36
    Date (last access): 20/03/2008 17:06:36
    Date (last write): 20/03/2008 17:06:36
    Filesize: 1480232
    Attributes: archive
    MD5: E058C4821D48E0A67F6069CB50818D44
    CRC32: 3513AE02
    Version: 1.7.69.2
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
    DPF name:
    CLSID name: MSN Photo Upload Tool
    Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
    Codebase: http://gfx1.hotmail.com/mail/w2/reso...PUplden-gb.cab
    description:
    classification: Legitimate
    known filename: MsnPUpld.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\Downloaded Program Files\
    Long name: MsnPUpld.dll
    Short name:
    Date (created): 20/11/2006 11:04:16
    Date (last access): 20/11/2006 11:04:16
    Date (last write): 20/11/2006 11:04:16
    Filesize: 543544
    Attributes: archive
    MD5: A0F541D9D2CACEEC7A4A378CD0C31626
    CRC32: 035C591F
    Version: 10.0.914.0
    {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class)
    DPF name:
    CLSID name: GMNRev Class
    Installer: C:\Windows\Downloaded Program Files\setup.inf
    Codebase: http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    Path: C:\Program Files\HP\Common\
    Long name: HPGMNRev.dll
    Short name:
    Date (created): 29/07/2008 13:47:04
    Date (last access): 27/08/2008 19:53:18
    Date (last write): 29/07/2008 13:47:04
    Filesize: 198448
    Attributes: archive
    MD5: D118AAAB43BFAB719B2F185C3D556E54
    CRC32: 4FA69970
    Version: 8.7.13.0
    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3
    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07)
    DPF name:
    CLSID name: Java Plug-in 1.6.0_07
    Installer:
    Codebase:
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3
    {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10)
    DPF name:
    CLSID name: Java Plug-in 1.6.0_10
    Installer:
    Codebase:
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3
    {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_11.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10/11/2008 03:39:26
    Date (last access): 10/11/2072 03:39:26
    Date (last write): 10/11/2008 05:43:32
    Filesize: 132504
    Attributes: archive
    MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
    CRC32: CECB5751
    Version: 6.0.110.3
    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\Windows\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\Windows\system32\Macromed\Flash\
    Long name: Flash10a.ocx
    Short name:
    Date (created): 05/10/2008 03:16:26
    Date (last access): 25/11/2008 20:03:58
    Date (last write): 05/10/2008 03:16:26
    Filesize: 3789728
    Attributes: readonly archive
    MD5: 466C1355934925768822E380DA6E6E4A
    CRC32: 48EC1E52
    Version: 10.0.12.36

    --- Process list ---
    PID: 1668 (1104) C:\Windows\system32\Dwm.exe
    size: 81920
    MD5: 59903071D7ACE6A02093C47E9E38AF97
    PID: 1696 (1660) C:\Windows\Explorer.EXE
    size: 2927104
    MD5: FFA764631CB70A30065C12EF8E174F9F
    PID: 260 (1696) C:\Program Files\Windows Defender\MSASCui.exe
    size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
    PID: 280 (1696) C:\hp\support\hpsysdrv.exe
    size: 65536
    MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
    PID: 300 (1696) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    size: 118784
    MD5: B1361669BDC6ED612C35B7C67ADA2240
    PID: 320 (1696) C:\Windows\RtHDVCpl.exe
    size: 4874240
    MD5: 361CD47DC5BD83EE24407903233B0D9A
    PID: 12 (1696) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    size: 49152
    MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220
    PID: 600 (1124) C:\Windows\system32\taskeng.exe
    size: 169472
    MD5: 5F109032CE46B7184ED9E50F9FE8489E
    PID: 880 (1696) C:\Windows\System32\hkcmd.exe
    size: 166424
    MD5: E0913BFFE047972BAA72AC3AE608E24D
    PID: 1228 (1696) C:\Windows\System32\igfxpers.exe
    size: 133656
    MD5: 83591BC9E3328F5BACCF487CD12414EB
    PID: 1636 (1696) C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
    size: 368640
    MD5: 36BA55D14C3F78C2F137D741EB99E3C0
    PID: 1716 (1696) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    size: 81000
    MD5: 55EBFBAB39BFAB5E62358C093F297641
    PID: 1580 ( 828) C:\Windows\system32\igfxsrvc.exe
    size: 256536
    MD5: E604D80346076DDD1B9F214678A35A38
    PID: 1048 (1696) C:\Program Files\COMODO\Firewall\cfp.exe
    size: 1796856
    MD5: B443A3B66DFBC137EEE36BEC364735F5
    PID: 1068 (1696) C:\Program Files\Java\jre6\bin\jusched.exe
    size: 136600
    MD5: B98FFA8288EFAABC436C30D198608345
    PID: 1012 (1696) C:\Windows\ehome\ehtray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C
    PID: 1496 (1696) C:\Program Files\Windows Media Player\wmpnscfg.exe
    size: 202240
    MD5: 35937EAD711207544E219C2A19A78A7D
    PID: 1052 (1696) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    size: 210520
    MD5: F14219FC767F1383526AB423F278A8E3
    PID: 2208 ( 828) C:\Windows\ehome\ehmsas.exe
    size: 37376
    MD5: 0F4195B9B348DE5CF9B822F81704B20E
    PID: 1644 ( 828) C:\Windows\system32\wbem\unsecapp.exe
    size: 37888
    MD5: 25873356E52849C3F5B3F1B02317E8C8
    PID: 1188 (1052) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    size: 151552
    MD5: FEDDD3579FEE51A9873D856DF3933C68
    PID: 4756 ( 296) C:\hp\kbd\kbd.exe
    size: 67128
    MD5: 7CAC10A1C258DFCB5ADE563BAE6D2F15
    PID: 5316 (4248) C:\Program Files\Internet Explorer\ieuser.exe
    size: 299520
    MD5: 5B2E1C16A2C420F60CD391B666003F14
    PID: 4992 (5080) C:\Program Files\Internet Explorer\iexplore.exe
    size: 625664
    MD5: 5B92133D3E7FB2644677686305E29E81
    PID: 940 (1696) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5287768
    MD5: F55B10E6B28A01265A18E7DB787282AB
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 452 ( 4) smss.exe
    size: 64000
    PID: 540 ( 528) csrss.exe
    size: 6144
    PID: 584 ( 528) wininit.exe
    size: 96768
    PID: 596 ( 576) csrss.exe
    size: 6144
    PID: 628 ( 584) services.exe
    size: 279040
    PID: 640 ( 584) lsass.exe
    size: 9728
    PID: 648 ( 584) lsm.exe
    size: 229888
    PID: 692 ( 576) winlogon.exe
    size: 314880
    PID: 828 ( 628) svchost.exe
    size: 21504
    PID: 896 ( 628) svchost.exe
    size: 21504
    PID: 932 ( 628) svchost.exe
    size: 21504
    PID: 1056 ( 628) svchost.exe
    size: 21504
    PID: 1104 ( 628) svchost.exe
    size: 21504
    PID: 1124 ( 628) svchost.exe
    size: 21504
    PID: 1204 (1056) audiodg.exe
    size: 88064
    PID: 1236 ( 628) SLsvc.exe
    size: 2623488
    PID: 1292 ( 628) svchost.exe
    size: 21504
    PID: 1424 ( 628) svchost.exe
    size: 21504
    PID: 1532 ( 628) aswUpdSv.exe
    PID: 1544 ( 628) ashServ.exe
    PID: 496 ( 628) spoolsv.exe
    size: 125952
    PID: 532 ( 628) svchost.exe
    size: 21504
    PID: 1884 (1124) taskeng.exe
    size: 169472
    PID: 2472 ( 628) cmdagent.exe
    PID: 2516 ( 628) svchost.exe
    size: 21504
    PID: 2544 ( 628) LSSrvc.exe
    PID: 2560 ( 628) svchost.exe
    size: 21504
    PID: 2716 ( 628) svchost.exe
    size: 21504
    PID: 2744 ( 628) svchost.exe
    size: 21504
    PID: 2764 ( 628) svchost.exe
    size: 21504
    PID: 2792 ( 628) svchost.exe
    size: 21504
    PID: 2812 ( 628) SearchIndexer.exe
    size: 439808
    PID: 3084 ( 628) SDWinSec.exe
    size: 1124184
    MD5: EF94D5714AD0AC78ADAFF8A3A6438DDD
    PID: 3260 (1104) WUDFHost.exe
    size: 142336
    PID: 3772 ( 628) ashMaiSv.exe
    PID: 3908 ( 628) ashWebSv.exe
    PID: 4040 ( 628) wmpnetwk.exe
    PID: 1768 ( 828) WmiPrvSE.exe
    PID: 5400 ( 628) HPHC_Service.exe

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 03/12/2008 18:57:28
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.co.uk/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896

    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider
    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider
    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider
    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider
    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39C42534-2708-497A-9082-659CBCC7CD75}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39C42534-2708-497A-9082-659CBCC7CD75}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace
    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:
    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:
    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:
    Namespace Provider 4: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP
    Namespace Provider 5: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS


    If I've missed anything or you need me to perform further tests please let me know I'll rectify the situation.
    Last edited by Terminator; 2008-12-03 at 20:17. Reason: Edited Title and added some info.
    If it ain't broke, don't fix it!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules