Results 1 to 7 of 7

Thread: Win32.ActiveKeyLogger F/P

  1. #1
    Senior Member Terminator's Avatar
    Join Date
    Sep 2006
    Location
    LV-426
    Posts
    349

    Exclamation Win32.ActiveKeyLogger F/P

    I found the above False Positive whilst using the On-Demand Scanner on 2 "UNWISE" Un-installers. I can repeat this False Positive on both Programs.

    I ran a full Spyware only Scan and it turned up nothing, I also scanned with Avast! On-Demand Scanner and that also failed to find anything.


    My System:


    Windows Vista Home Premium SP1 (Fully Patched)

    Internet Explorer 7 (Fully Patched)

    Spybot 1.6.1.38 with Todays updates including the beta (3/12/2008)


    Screenshot:




    Log File:


    2008-06-18 SDDelFile.exe (1.0.2.5)
    2008-11-13 SDFiles.exe (1.6.1.7)
    2008-11-13 SDMain.exe (1.0.0.6)
    2008-11-13 SDShred.exe (1.0.2.4)
    2008-11-13 SDUpdate.exe (1.6.0.11)
    2008-11-13 SDWinSec.exe (1.0.0.12)
    2008-11-13 SpybotSD.exe (1.6.1.38)
    2008-11-13 TeaTimer.exe (1.6.4.26)
    2008-11-23 unins000.exe (51.49.0.0)
    2008-11-13 Update.exe (1.6.0.7)
    2008-11-13 advcheck.dll (1.6.2.14)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-11-13 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2008-11-13 Tools.dll (2.1.6.10)
    2008-11-04 Includes\Adware.sbi
    2008-11-25 Includes\AdwareC.sbi
    2008-12-02 Includes\Beta.sbi
    2007-11-06 Includes\Beta.uti
    2008-06-03 Includes\Cookies.sbi
    2008-09-02 Includes\Dialer.sbi
    2008-09-09 Includes\DialerC.sbi
    2008-07-23 Includes\HeavyDuty.sbi
    2008-11-18 Includes\Hijackers.sbi
    2008-11-18 Includes\HijackersC.sbi
    2008-09-09 Includes\Keyloggers.sbi
    2008-11-18 Includes\KeyloggersC.sbi
    2008-11-18 Includes\Malware.sbi
    2008-12-03 Includes\MalwareC.sbi
    2008-11-03 Includes\PUPS.sbi
    2008-12-02 Includes\PUPSC.sbi
    2007-11-07 Includes\Revision.sbi
    2008-06-18 Includes\Security.sbi
    2008-12-02 Includes\SecurityC.sbi
    2008-06-03 Includes\Spybots.sbi
    2008-06-03 Includes\SpybotsC.sbi
    2008-11-04 Includes\Spyware.sbi
    2008-12-02 Includes\SpywareC.sbi
    2008-06-03 Includes\Tracks.uti
    2008-11-04 Includes\Trojans.sbi
    2008-12-02 Includes\TrojansC.sbi
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB941833)

    --- Startup entries list ---
    Located: HK_LM:Run, avast!
    command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    size: 81000
    MD5: 55EBFBAB39BFAB5E62358C093F297641
    Located: HK_LM:Run, COMODO Firewall Pro
    command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    file: C:\Program Files\COMODO\Firewall\cfp.exe
    size: 1796856
    MD5: B443A3B66DFBC137EEE36BEC364735F5
    Located: HK_LM:Run, HotKeysCmds
    command: C:\Windows\system32\hkcmd.exe
    file: C:\Windows\system32\hkcmd.exe
    size: 166424
    MD5: E0913BFFE047972BAA72AC3AE608E24D
    Located: HK_LM:Run, HP Metrics
    command: C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe a
    file: C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
    size: 368640
    MD5: 36BA55D14C3F78C2F137D741EB99E3C0
    Located: HK_LM:Run, HP Software Update
    command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    size: 49152
    MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220
    Located: HK_LM:Run, hpsysdrv
    command: c:\hp\support\hpsysdrv.exe
    file: c:\hp\support\hpsysdrv.exe
    size: 65536
    MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
    Located: HK_LM:Run, IgfxTray
    command: C:\Windows\system32\igfxtray.exe
    file: C:\Windows\system32\igfxtray.exe
    size: 141848
    MD5: EF4FF93786AE65DD307FCADABCD087CA
    Located: HK_LM:Run, KBD
    command: C:\HP\KBD\KbdStub.EXE
    file: C:\HP\KBD\KbdStub.EXE
    size: 65536
    MD5: 7088B136BB58A5F95CF0DE8386CA6C0F
    Located: HK_LM:Run, OsdMaestro
    command: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    file: C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    size: 118784
    MD5: B1361669BDC6ED612C35B7C67ADA2240
    Located: HK_LM:Run, Persistence
    command: C:\Windows\system32\igfxpers.exe
    file: C:\Windows\system32\igfxpers.exe
    size: 133656
    MD5: 83591BC9E3328F5BACCF487CD12414EB
    Located: HK_LM:Run, RtHDVCpl
    command: RtHDVCpl.exe
    file: C:\Windows\RtHDVCpl.exe
    size: 4874240
    MD5: 361CD47DC5BD83EE24407903233B0D9A
    Located: HK_LM:Run, SunJavaUpdateReg
    command: "C:\Windows\system32\jureg.exe" -delete
    file: C:\Windows\system32\jureg.exe
    size: 54936
    MD5: 4F89DD4EA74C66916E15A6E7D74A50B5
    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre6\bin\jusched.exe"
    file: C:\Program Files\Java\jre6\bin\jusched.exe
    size: 136600
    MD5: B98FFA8288EFAABC436C30D198608345
    Located: HK_LM:Run, Windows Defender
    command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    file: C:\Program Files\Windows Defender\MSASCui.exe
    size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
    Located: HK_CU:Run, Sidebar
    where: S-1-5-19...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6
    Located: HK_CU:Run, WindowsWelcomeCenter
    where: S-1-5-19...
    command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
    file: C:\Windows\system32\oobefldr.dll
    size: 2153472
    MD5: 83E4A5435B0FA6AD0166722621A04725
    Located: HK_CU:Run, Sidebar
    where: S-1-5-20...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6
    Located: HK_CU:Run, WindowsWelcomeCenter
    where: S-1-5-20...
    command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
    file: C:\Windows\system32\oobefldr.dll
    size: 2153472
    MD5: 83E4A5435B0FA6AD0166722621A04725
    Located: HK_CU:Run, ehTray.exe
    where: S-1-5-21-16169106-2878052200-2811833100-1000...
    command: C:\Windows\ehome\ehTray.exe
    file: C:\Windows\ehome\ehTray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C
    Located: HK_CU:Run, WMPNSCFG
    where: S-1-5-21-16169106-2878052200-2811833100-1000...
    command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    size: 202240
    MD5: 35937EAD711207544E219C2A19A78A7D
    Located: Startup (common), HP Digital Imaging Monitor.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    size: 210520
    MD5: F14219FC767F1383526AB423F278A8E3
    Located: WinLogon, igfxcui
    command: igfxdev.dll
    file: igfxdev.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    --- Browser helper object list ---
    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 27/03/2008 16:50:26
    Date (last access): 23/11/2008 19:52:52
    Date (last write): 13/11/2008 16:19:32
    Filesize: 1877336
    Attributes: archive
    MD5: D0EE028C2FB3F0C38B40147F9AB31F77
    CRC32: 90CB2B8B
    Version: 1.6.2.14
    {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 28/10/2008 14:40:42
    Date (last access): 10/11/2072 03:39:26
    Date (last write): 10/11/2008 05:43:32
    Filesize: 320920
    Attributes: archive
    MD5: 35E6FB6E6003BD54A5D69C9C1C762192
    CRC32: 9699660C
    Version: 6.0.110.3
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 34816
    Attributes: archive
    MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
    CRC32: D7C13FB2
    Version: 6.0.110.3
    {DC3EB972-8628-4C46-B7CE-25EBD05EA362} (NetPurity.SiteAccess)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: NetPurity.SiteAccess
    Path: C:\Windows\System32\
    Long name: NetPurity.dll
    Short name: NETPUR~1.DLL
    Date (created): 03/12/2008 18:27:50
    Date (last access): 03/12/2008 18:27:50
    Date (last write): 23/03/2005 18:02:20
    Filesize: 49152
    Attributes: archive
    MD5: 425ABE2C7E142680CEA5682473817439
    CRC32: A5BA056E
    Version: 1.1.0.0
    {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    --- ActiveX list ---
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase:
    description: Apple Quicktime
    classification: Legitimate
    known filename: QTPLUGIN.OCX
    info link:
    info source: Patrick M. Kolla
    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://download.microsoft.com/downlo...eckControl.cab
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\system32\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 20/03/2008 17:06:36
    Date (last access): 20/03/2008 17:06:36
    Date (last write): 20/03/2008 17:06:36
    Filesize: 1480232
    Attributes: archive
    MD5: E058C4821D48E0A67F6069CB50818D44
    CRC32: 3513AE02
    Version: 1.7.69.2
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
    DPF name:
    CLSID name: MSN Photo Upload Tool
    Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
    Codebase: http://gfx1.hotmail.com/mail/w2/reso...PUplden-gb.cab
    description:
    classification: Legitimate
    known filename: MsnPUpld.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\Downloaded Program Files\
    Long name: MsnPUpld.dll
    Short name:
    Date (created): 20/11/2006 11:04:16
    Date (last access): 20/11/2006 11:04:16
    Date (last write): 20/11/2006 11:04:16
    Filesize: 543544
    Attributes: archive
    MD5: A0F541D9D2CACEEC7A4A378CD0C31626
    CRC32: 035C591F
    Version: 10.0.914.0
    {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class)
    DPF name:
    CLSID name: GMNRev Class
    Installer: C:\Windows\Downloaded Program Files\setup.inf
    Codebase: http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    Path: C:\Program Files\HP\Common\
    Long name: HPGMNRev.dll
    Short name:
    Date (created): 29/07/2008 13:47:04
    Date (last access): 27/08/2008 19:53:18
    Date (last write): 29/07/2008 13:47:04
    Filesize: 198448
    Attributes: archive
    MD5: D118AAAB43BFAB719B2F185C3D556E54
    CRC32: 4FA69970
    Version: 8.7.13.0
    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3
    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07)
    DPF name:
    CLSID name: Java Plug-in 1.6.0_07
    Installer:
    Codebase:
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3
    {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10)
    DPF name:
    CLSID name: Java Plug-in 1.6.0_10
    Installer:
    Codebase:
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3
    {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 28/10/2008 14:40:40
    Date (last access): 10/11/2008 03:39:26
    Date (last write): 10/11/2008 05:43:16
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_11.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10/11/2008 03:39:26
    Date (last access): 10/11/2072 03:39:26
    Date (last write): 10/11/2008 05:43:32
    Filesize: 132504
    Attributes: archive
    MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
    CRC32: CECB5751
    Version: 6.0.110.3
    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\Windows\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\Windows\system32\Macromed\Flash\
    Long name: Flash10a.ocx
    Short name:
    Date (created): 05/10/2008 03:16:26
    Date (last access): 25/11/2008 20:03:58
    Date (last write): 05/10/2008 03:16:26
    Filesize: 3789728
    Attributes: readonly archive
    MD5: 466C1355934925768822E380DA6E6E4A
    CRC32: 48EC1E52
    Version: 10.0.12.36

    --- Process list ---
    PID: 1668 (1104) C:\Windows\system32\Dwm.exe
    size: 81920
    MD5: 59903071D7ACE6A02093C47E9E38AF97
    PID: 1696 (1660) C:\Windows\Explorer.EXE
    size: 2927104
    MD5: FFA764631CB70A30065C12EF8E174F9F
    PID: 260 (1696) C:\Program Files\Windows Defender\MSASCui.exe
    size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
    PID: 280 (1696) C:\hp\support\hpsysdrv.exe
    size: 65536
    MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
    PID: 300 (1696) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    size: 118784
    MD5: B1361669BDC6ED612C35B7C67ADA2240
    PID: 320 (1696) C:\Windows\RtHDVCpl.exe
    size: 4874240
    MD5: 361CD47DC5BD83EE24407903233B0D9A
    PID: 12 (1696) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    size: 49152
    MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220
    PID: 600 (1124) C:\Windows\system32\taskeng.exe
    size: 169472
    MD5: 5F109032CE46B7184ED9E50F9FE8489E
    PID: 880 (1696) C:\Windows\System32\hkcmd.exe
    size: 166424
    MD5: E0913BFFE047972BAA72AC3AE608E24D
    PID: 1228 (1696) C:\Windows\System32\igfxpers.exe
    size: 133656
    MD5: 83591BC9E3328F5BACCF487CD12414EB
    PID: 1636 (1696) C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
    size: 368640
    MD5: 36BA55D14C3F78C2F137D741EB99E3C0
    PID: 1716 (1696) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    size: 81000
    MD5: 55EBFBAB39BFAB5E62358C093F297641
    PID: 1580 ( 828) C:\Windows\system32\igfxsrvc.exe
    size: 256536
    MD5: E604D80346076DDD1B9F214678A35A38
    PID: 1048 (1696) C:\Program Files\COMODO\Firewall\cfp.exe
    size: 1796856
    MD5: B443A3B66DFBC137EEE36BEC364735F5
    PID: 1068 (1696) C:\Program Files\Java\jre6\bin\jusched.exe
    size: 136600
    MD5: B98FFA8288EFAABC436C30D198608345
    PID: 1012 (1696) C:\Windows\ehome\ehtray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C
    PID: 1496 (1696) C:\Program Files\Windows Media Player\wmpnscfg.exe
    size: 202240
    MD5: 35937EAD711207544E219C2A19A78A7D
    PID: 1052 (1696) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    size: 210520
    MD5: F14219FC767F1383526AB423F278A8E3
    PID: 2208 ( 828) C:\Windows\ehome\ehmsas.exe
    size: 37376
    MD5: 0F4195B9B348DE5CF9B822F81704B20E
    PID: 1644 ( 828) C:\Windows\system32\wbem\unsecapp.exe
    size: 37888
    MD5: 25873356E52849C3F5B3F1B02317E8C8
    PID: 1188 (1052) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    size: 151552
    MD5: FEDDD3579FEE51A9873D856DF3933C68
    PID: 4756 ( 296) C:\hp\kbd\kbd.exe
    size: 67128
    MD5: 7CAC10A1C258DFCB5ADE563BAE6D2F15
    PID: 5316 (4248) C:\Program Files\Internet Explorer\ieuser.exe
    size: 299520
    MD5: 5B2E1C16A2C420F60CD391B666003F14
    PID: 4992 (5080) C:\Program Files\Internet Explorer\iexplore.exe
    size: 625664
    MD5: 5B92133D3E7FB2644677686305E29E81
    PID: 940 (1696) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5287768
    MD5: F55B10E6B28A01265A18E7DB787282AB
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 452 ( 4) smss.exe
    size: 64000
    PID: 540 ( 528) csrss.exe
    size: 6144
    PID: 584 ( 528) wininit.exe
    size: 96768
    PID: 596 ( 576) csrss.exe
    size: 6144
    PID: 628 ( 584) services.exe
    size: 279040
    PID: 640 ( 584) lsass.exe
    size: 9728
    PID: 648 ( 584) lsm.exe
    size: 229888
    PID: 692 ( 576) winlogon.exe
    size: 314880
    PID: 828 ( 628) svchost.exe
    size: 21504
    PID: 896 ( 628) svchost.exe
    size: 21504
    PID: 932 ( 628) svchost.exe
    size: 21504
    PID: 1056 ( 628) svchost.exe
    size: 21504
    PID: 1104 ( 628) svchost.exe
    size: 21504
    PID: 1124 ( 628) svchost.exe
    size: 21504
    PID: 1204 (1056) audiodg.exe
    size: 88064
    PID: 1236 ( 628) SLsvc.exe
    size: 2623488
    PID: 1292 ( 628) svchost.exe
    size: 21504
    PID: 1424 ( 628) svchost.exe
    size: 21504
    PID: 1532 ( 628) aswUpdSv.exe
    PID: 1544 ( 628) ashServ.exe
    PID: 496 ( 628) spoolsv.exe
    size: 125952
    PID: 532 ( 628) svchost.exe
    size: 21504
    PID: 1884 (1124) taskeng.exe
    size: 169472
    PID: 2472 ( 628) cmdagent.exe
    PID: 2516 ( 628) svchost.exe
    size: 21504
    PID: 2544 ( 628) LSSrvc.exe
    PID: 2560 ( 628) svchost.exe
    size: 21504
    PID: 2716 ( 628) svchost.exe
    size: 21504
    PID: 2744 ( 628) svchost.exe
    size: 21504
    PID: 2764 ( 628) svchost.exe
    size: 21504
    PID: 2792 ( 628) svchost.exe
    size: 21504
    PID: 2812 ( 628) SearchIndexer.exe
    size: 439808
    PID: 3084 ( 628) SDWinSec.exe
    size: 1124184
    MD5: EF94D5714AD0AC78ADAFF8A3A6438DDD
    PID: 3260 (1104) WUDFHost.exe
    size: 142336
    PID: 3772 ( 628) ashMaiSv.exe
    PID: 3908 ( 628) ashWebSv.exe
    PID: 4040 ( 628) wmpnetwk.exe
    PID: 1768 ( 828) WmiPrvSE.exe
    PID: 5400 ( 628) HPHC_Service.exe

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 03/12/2008 18:57:28
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.co.uk/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896

    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]
    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider
    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider
    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider
    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider
    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39C42534-2708-497A-9082-659CBCC7CD75}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39C42534-2708-497A-9082-659CBCC7CD75}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *
    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace
    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:
    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:
    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:
    Namespace Provider 4: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP
    Namespace Provider 5: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS


    If I've missed anything or you need me to perform further tests please let me know I'll rectify the situation.
    Last edited by Terminator; 2008-12-03 at 21:17. Reason: Edited Title and added some info.
    If it ain't broke, don't fix it!

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    thank you for reporting this false positive with the heuristics scan.
    Please also email the unwise.exe to detections-at-spybot.info (relpace -at- with @) with a reference to this thread. That way we can better check that the issue is resolved.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Senior Member Terminator's Avatar
    Join Date
    Sep 2006
    Location
    LV-426
    Posts
    349

    Lightbulb

    As requested I have e-mailed the unwise file to detections-at-spybot.info.
    Last edited by Terminator; 2008-12-04 at 13:12. Reason: Rephrased sentance
    If it ain't broke, don't fix it!

  4. #4
    Senior Member Terminator's Avatar
    Join Date
    Sep 2006
    Location
    LV-426
    Posts
    349

    Lightbulb

    Just out of curiosity When can I expect this to be fixed?
    Last edited by Terminator; 2008-12-06 at 19:00. Reason: Re-phrased Question
    If it ain't broke, don't fix it!

  5. #5
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    Well, there seems to be a F/P Fix (2KB) just today the 4th. You can download it and scan again.

  6. #6
    Senior Member Terminator's Avatar
    Join Date
    Sep 2006
    Location
    LV-426
    Posts
    349

    Unhappy

    Quote Originally Posted by drragostea View Post
    Well, there seems to be a F/P Fix (2KB) just today the 4th. You can download it and scan again.
    I already did that and the F/P is still there.
    If it ain't broke, don't fix it!

  7. #7
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    this heuristics FP will be fixed on Wednesday
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •