Results 1 to 4 of 4

Thread: Possible False Positive - Win32.ZAccess.ewjg

  1. #1
    Junior Member
    Join Date
    Dec 2013
    Posts
    2

    Default Possible False Positive - Win32.ZAccess.ewjg

    Spybot 1.6.2.46 with definitions from Dec 28, 2013

    Windows 7 Pro, IE 11.0.9600.16476 with update version 11.0.2 & FF 26.0

    Win32.Zaccess.ewjg reported by scan (ran as administrator in normal mode as well as safe mode)


    Spybot reported registry problem but could not repair. Regedit can not find any occurrence of "etadpug" in HLM\System\ControlSet001āServices\ or any where else in the registry.

    Problem not detected in scans by Malware Byte or Windows Essentials

    Let me know what else you need from me.

    Thanks

    Steve


    -------------------------------------------------------- log --------------------------------------------------------------
    --- Search result list ---
    Win32.ZAccess.ewjg: [SBI $20E69783] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\?etadpug

    Win32.ZAccess.ewjg: [SBI $20E69783] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\?etadpug

    Win32.ZAccess.ewjg: [SBI $5603AEBE] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\?etadpug

    Win32.ZAccess.ewjg: [SBI $5603AEBE] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\?etadpug


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-09-19 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2013-11-06 Includes\Adware.sbi (*)
    2013-12-23 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2013-04-11 Includes\DialerC.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2013-04-11 Includes\HijackersC.sbi (*)
    2013-10-16 Includes\iPhone.sbi (*)
    2013-06-25 Includes\Keyloggers.sbi (*)
    2013-10-30 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-12-23 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-12-23 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2013-10-30 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2013-09-17 Includes\Spyware.sbi (*)
    2013-08-06 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2013-01-16 Includes\Trojans.sbi (*)
    2013-12-11 Includes\TrojansC-02.sbi (*)
    2013-12-10 Includes\TrojansC-03.sbi (*)
    2013-12-23 Includes\TrojansC-04.sbi (*)
    2013-06-13 Includes\TrojansC-05.sbi (*)
    2013-04-19 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


    --- Startup entries list ---
    Located: HK_LM:Run, BrStsMon00
    command: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    file: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    size: 2621440
    MD5: 7F42FFCD6FF7CA558C2D95DADCD5EFA9

    Located: HK_LM:Run, NUSB3MON
    command: "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    file: C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    size: 113288
    MD5: 51C8885B6A00904C0252704C9FB0F43A

    Located: HK_CU:Run, Sidebar
    where: S-1-5-19...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    size: 1174016
    MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

    Located: HK_CU:Run, Sidebar
    where: S-1-5-20...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    size: 1174016
    MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

    Located: HK_CU:Run, Sidebar (DISABLED)
    where: S-1-5-21-2256770228-2703759153-3824626566-1000...
    command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    file: C:\Program Files\Windows Sidebar\sidebar.exe
    size: 1475584
    MD5: E3BF29CED96790CDAAFA981FFDDF53A3

    Located: Startup (common), Mail.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    file: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    size: 92024
    MD5: 77BD0166102F3B9BB9499B2952C3BCFA

    Located: Startup (common), WampServer.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Windows\System32\schtasks.exe
    file: C:\Windows\System32\schtasks.exe
    size: 179712
    MD5: 2003E9B15E1C502B146DAD2E383AC1E3



    --- Browser helper object list ---
    AutorunsDisabled ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: HP Print Enhancer
    CLSID name: HP Print Enhancer
    Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
    Long name: hpswp_printenhancer.dll
    Short name: HPSWP_~3.DLL
    Date (created): 9/20/2009 11:15:26 AM
    Date (last access): 5/1/2012 2:56:04 PM
    Date (last write): 9/20/2009 11:15:26 AM
    Filesize: 328248
    Attributes: archive
    MD5: C05A0B625DFE1F6D25E5430746A180D1
    CRC32: 4F156357
    Version: 131.1.35898.0

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDHelper.dll
    info link: http://www.safer-networking.org/
    info source: Safer-Networking Ltd.
    Path: C:\PROGRA~2\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 9/19/2011 10:12:16 AM
    Date (last access): 9/19/2011 10:12:16 AM
    Date (last write): 1/26/2009 2:31:02 PM
    Filesize: 1879896
    Attributes: archive
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In SSV Helper
    Path: C:\Program Files (x86)\Java\jre7\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 2/13/2013 6:25:46 PM
    Date (last access): 2/13/2013 6:25:46 PM
    Date (last write): 2/13/2013 6:25:46 PM
    Filesize: 461216
    Attributes: archive
    MD5: 14728086710D0416329EE84E3A9438ED
    CRC32: 4E3CB2A2
    Version: 10.13.2.20

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live ID Sign-in Helper
    Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 3/28/2011 7:35:06 PM
    Date (last access): 8/15/2011 8:17:28 PM
    Date (last write): 3/28/2011 7:35:06 PM
    Filesize: 441216
    Attributes: archive
    MD5: CF39A105CD553EED31E2255AFF4C6742
    CRC32: 3D1149C5
    Version: 7.250.4232.0

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files (x86)\Java\jre7\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 2/13/2013 6:25:44 PM
    Date (last access): 2/13/2013 6:25:44 PM
    Date (last write): 2/13/2013 6:25:44 PM
    Filesize: 170912
    Attributes: archive
    MD5: CADEE0EC4341755344540477599F08A8
    CRC32: A9D70180
    Version: 10.13.2.20

    {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: HP Smart BHO Class
    CLSID name: HP Smart BHO Class
    Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
    Long name: hpswp_BHO.dll
    Short name: HPSWP_~1.DLL
    Date (created): 9/20/2009 11:15:26 AM
    Date (last access): 5/1/2012 2:56:04 PM
    Date (last write): 9/20/2009 11:15:26 AM
    Filesize: 509496
    Attributes: archive
    MD5: 67A7E5DACA78544C826B16CD8C816A5C
    CRC32: 2EEE8ABA
    Version: 131.1.35898.0



    --- ActiveX list ---
    {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
    DPF name:
    CLSID name: Microsoft Office Template and Media Control
    Installer: C:\Windows\Downloaded Program Files\ieawsdc.inf
    Codebase: http://office.microsoft.com/sites/pr.../ieawsdc32.cab
    description:
    classification: Legitimate
    known filename: IEAWSDC.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\PROGRA~2\MICROS~2\Office12\
    Long name: IEAWSDC.DLL
    Short name:
    Date (created): 2/18/2011 9:53:28 AM
    Date (last access): 2/18/2011 9:53:28 AM
    Date (last write): 2/18/2011 9:53:28 AM
    Filesize: 190464
    Attributes: archive
    MD5: 9C46617BC4104E57391CB79A8F8C3912
    CRC32: 41FC9B36
    Version: 14.0.6100.0

    {12193C65-F0E1-4DD1-AD4E-DB73C6911011} (DCPForm Control 1.0.1.1)
    DPF name:
    CLSID name: DCPForm Control 1.0.1.1
    Installer: C:\Windows\Downloaded Program Files\DCP.inf
    Codebase: file:///D:/activeX/DCP.cab
    Path: C:\Windows\DOWNLO~1\
    Long name: DCP.ocx
    Short name:
    Date (created): 7/8/2010 10:07:12 AM
    Date (last access): 7/8/2010 10:07:12 AM
    Date (last write): 7/8/2010 10:07:12 AM
    Filesize: 1415680
    Attributes: archive
    MD5: 3FA41423A0A7C082CA5D7213514F1094
    CRC32: 06305743
    Version: 1.0.1.1

    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://download.microsoft.com/downlo...eckControl.cab
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\SysWow64\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 6/25/2009 12:20:28 PM
    Date (last access): 6/25/2009 12:20:28 PM
    Date (last write): 6/25/2009 12:20:28 PM
    Filesize: 1485176
    Attributes: archive
    MD5: 3307A07B81206F354F0D4BEFEE922437
    CRC32: 58E4DC38
    Version: 1.9.42.0

    {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control)
    DPF name:
    CLSID name: TunnelX Control
    Installer:
    Codebase: https://www.mydlink.com/8D/activeX//TunnelX.ocx
    Path: C:\Windows\DOWNLO~1\
    Long name: TunnelX.ocx
    Short name:
    Date (created): 7/11/2012 2:32:04 PM
    Date (last access): 7/11/2012 2:32:04 PM
    Date (last write): 7/11/2012 2:32:04 PM
    Filesize: 925056
    Attributes: archive
    MD5: 611A2A1559823B23ED3E1C8ED551FEAB
    CRC32: A86D3354
    Version: 2.2.6.0

    {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class)
    DPF name:
    CLSID name: Gif89 Lite +Audio Class
    Installer: C:\Windows\Downloaded Program Files\aplugLiteDL.inf
    Codebase: https://ca.mydlink.com/8D/activeX//aplugLiteDL.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: aplugLiteDL.ocx
    Short name: APLUGL~1.OCX
    Date (created): 5/4/2012 12:59:48 PM
    Date (last access): 5/4/2012 12:59:48 PM
    Date (last write): 5/4/2012 12:59:48 PM
    Filesize: 528104
    Attributes: archive
    MD5: B3A5F190D27FC80205DDF1CDC2537182
    CRC32: 0C8700EF
    Version: 2.3.2.26

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\Windows\Downloaded Program Files\CONFLICT.1\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\Windows\SysWOW64\Macromed\Flash\
    Long name: Flash32_11_9_900_117.ocx
    Short name: FLASH3~1.OCX
    Date (created): 10/22/2013 8:25:58 AM
    Date (last access): 10/22/2013 8:25:58 AM
    Date (last write): 10/22/2013 8:25:58 AM
    Filesize: 16304520
    Attributes: readonly archive
    MD5: 01D09C1B51B74590FBFAC5ED908E5E95
    CRC32: 9C027B68
    Version: 11.9.900.117

    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\gp.inf
    Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 1460 (1348) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    size: 10240
    MD5: 2DC64A3446C8C6E020E781456B46573D
    PID: 2756 (2480) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    size: 113288
    MD5: 51C8885B6A00904C0252704C9FB0F43A
    PID: 2712 (2656) C:\wamp\wampmanager.exe
    size: 1169920
    MD5: 663392E75FD426EA94C75CDBF1916251
    PID: 3192 (2744) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    size: 532040
    MD5: D1D5DAB39DCB4BE0359943738D87409B
    PID: 5132 (1452) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 4 ( 0) System
    PID: 324 ( 4) smss.exe
    PID: 520 ( 500) csrss.exe
    PID: 588 ( 500) wininit.exe
    size: 96256
    PID: 608 ( 596) csrss.exe
    PID: 656 ( 588) services.exe
    PID: 672 ( 588) lsass.exe
    PID: 680 ( 588) lsm.exe
    PID: 808 ( 596) winlogon.exe
    PID: 840 ( 656) svchost.exe
    size: 20992
    PID: 904 ( 656) nvvsvc.exe
    PID: 928 ( 656) nvSCPAPISvr.exe
    PID: 964 ( 656) svchost.exe
    size: 20992
    PID: 264 ( 656) cmdagent.exe
    PID: 500 ( 656) MsMpEng.exe
    PID: 1040 ( 656) svchost.exe
    size: 20992
    PID: 1088 ( 656) svchost.exe
    size: 20992
    PID: 1136 ( 656) svchost.exe
    size: 20992
    PID: 1168 ( 656) svchost.exe
    size: 20992
    PID: 1272 ( 656) svchost.exe
    size: 20992
    PID: 1400 ( 656) Pen_TouchService.exe
    PID: 1484 ( 656) svchost.exe
    size: 20992
    PID: 1560 ( 904) NvXDSync.exe
    PID: 1568 ( 904) nvvsvc.exe
    PID: 1620 (1088) wisptis.exe
    PID: 1804 ( 656) spoolsv.exe
    PID: 1840 ( 656) svchost.exe
    size: 20992
    PID: 1956 ( 656) C:\Windows\System32\taskhost.exe
    PID: 1132 (1088) C:\Windows\System32\wisptis.exe
    PID: 1348 (1088) C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
    size: 224256
    MD5: 2DC0C4DE960A20BC2840D72E7B98A144
    PID: 1384 (1088) C:\Windows\System32\dwm.exe
    PID: 1452 (1992) C:\Windows\explorer.exe
    size: 2871808
    MD5: 332FEAB1435662FC6C672E25BEB37BE3
    PID: 1112 (1400) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    size: 3597680
    MD5: 24A977FD214EB46FE54431491E33F3DB
    PID: 2388 (1452) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    size: 11464296
    MD5: 8976AF5FC5B06D46AC126887F4075C77
    PID: 2408 (1452) C:\Windows\WindowsMobile\wmdcBase.exe
    size: 660360
    MD5: 233A10D4B3F6897899112E4EC60F1906
    PID: 2432 (1452) C:\Program Files\Microsoft Device Center\itype.exe
    size: 1464928
    MD5: 9843083FA1E4A655195DF4D7A687C576
    PID: 2448 (1452) C:\Program Files\Microsoft Device Center\ipoint.exe
    size: 2004584
    MD5: 770FF1850E70B98777F5978FC8FD5D57
    PID: 2456 (1452) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    size: 1612504
    MD5: 64D7403436A4E09923A1C98E333AB4D5
    PID: 2464 (1452) C:\Program Files\Microsoft Security Client\msseces.exe
    size: 1266912
    MD5: 6860E32B7335EC62295673AA2106A407
    PID: 2656 (1168) C:\Windows\System32\taskeng.exe
    size: 192000
    MD5: 4F2659160AFCCA990305816946F69407
    PID: 2852 ( 656) armsvc.exe
    PID: 2972 ( 656) bratimer.exe
    PID: 3008 ( 656) svchost.exe
    size: 20992
    PID: 3060 ( 656) svchost.exe
    size: 20992
    PID: 2532 ( 656) mbamscheduler.exe
    PID: 2744 ( 656) mbamservice.exe
    PID: 1772 ( 656) svchost.exe
    size: 20992
    PID: 3104 ( 656) svchost.exe
    size: 20992
    PID: 3164 ( 656) svchost.exe
    size: 20992
    PID: 3200 ( 656) Pen_Tablet.exe
    PID: 3248 ( 656) WLIDSVC.EXE
    PID: 3292 (3200) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    size: 1409392
    MD5: CA9128F8D13FD5CED32D81FA9C7F0847
    PID: 3328 ( 656) SDWinSec.exe
    size: 1153368
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 3440 (3248) WLIDSVCM.EXE
    PID: 3780 ( 840) cavwp.exe
    PID: 3820 (3200) Pen_Tablet.exe
    PID: 3844 ( 656) BrYNSvc.exe
    PID: 3928 ( 656) svchost.exe
    size: 20992
    PID: 4024 ( 656) NisSrv.exe
    PID: 3136 ( 656) svchost.exe
    size: 20992
    PID: 4980 ( 656) SearchIndexer.exe
    size: 427520
    PID: 4624 ( 656) httpd.exe
    PID: 4668 ( 656) mysqld.exe
    PID: 4812 (4624) httpd.exe
    PID: 3476 (2456) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    size: 8788696
    MD5: 1D99AF0B19CDDB7D9E62AF20E675145B
    PID: 2184 ( 656) svchost.exe
    size: 20992
    PID: 6048 ( 656) wmpnetwk.exe
    PID: 6120 ( 656) svchost.exe
    size: 20992
    PID: 4304 ( 840) dllhost.exe
    size: 7168
    PID: 3068 ( 656) daemonu.exe
    PID: 4572 (6060) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    size: 806096
    MD5: C8A8321292A459B0A17FB39A782A5C74
    PID: 5868 (6060) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    size: 806096
    MD5: C8A8321292A459B0A17FB39A782A5C74
    PID: 5480 (1452) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    size: 92024
    MD5: 77BD0166102F3B9BB9499B2952C3BCFA
    PID: 4368 ( 840) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    size: 25456
    MD5: A28574E9659180AF96C8178FC1D722D8
    PID: 3356 (5844) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    size: 806096
    MD5: C8A8321292A459B0A17FB39A782A5C74
    PID: 2896 (1452) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    size: 275568
    MD5: 1EEA6C1B35191DC177EA83672B9C3FC0
    PID: 6060 (5132) C:\Program Files\Internet Explorer\iexplore.exe
    size: 804560
    MD5: 0685765C0CBE095BA0C6C8790BAE21EF
    PID: 2724 ( 656) C:\Windows\System32\taskhost.exe
    PID: 5844 (5480) C:\Program Files\Internet Explorer\iexplore.exe
    size: 804560
    MD5: 0685765C0CBE095BA0C6C8790BAE21EF
    PID: 5812 ( 840) C:\Windows\System32\MsSpellCheckingFacility.exe


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 12/29/2013 1:33:37 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    Preserve
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.google.ca/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\SysWOW64\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/p/?LinkId=255141
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/p/?LinkId=255141
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 4: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 5: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 4: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 5: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 6: WindowsLive NSP
    GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
    Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

    Namespace Provider 7: WindowsLive Local NSP
    GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
    Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

  2. #2
    Member of Team Spybot (m/f)'s Avatar
    Join Date
    Feb 2006
    Posts
    277

    Default

    Thank you for reporting. We are investigating this issue.
    (m/f)

  3. #3
    Member of Team Spybot (m/f)'s Avatar
    Join Date
    Feb 2006
    Posts
    277

    Default

    This issue has been fixed. The updated rules are available now.
    (m/f)

  4. #4
    Junior Member
    Join Date
    Dec 2013
    Posts
    2

    Default fixed

    I just tested the updates and the problem is fixed.

    Thanks

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •