-
Possible False Positive - Win32.ZAccess.ewjg
Spybot 1.6.2.46 with definitions from Dec 28, 2013
Windows 7 Pro, IE 11.0.9600.16476 with update version 11.0.2 & FF 26.0
Win32.Zaccess.ewjg reported by scan (ran as administrator in normal mode as well as safe mode)
Spybot reported registry problem but could not repair. Regedit can not find any occurrence of "etadpug" in HLM\System\ControlSet001āServices\ or any where else in the registry.
Problem not detected in scans by Malware Byte or Windows Essentials
Let me know what else you need from me.
Thanks
Steve
-------------------------------------------------------- log --------------------------------------------------------------
--- Search result list ---
Win32.ZAccess.ewjg: [SBI $20E69783] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\?etadpug
Win32.ZAccess.ewjg: [SBI $20E69783] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\?etadpug
Win32.ZAccess.ewjg: [SBI $5603AEBE] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\?etadpug
Win32.ZAccess.ewjg: [SBI $5603AEBE] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\?etadpug
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-09-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-11-06 Includes\Adware.sbi (*)
2013-12-23 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-10-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-12-23 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-10-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-09-17 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-12-11 Includes\TrojansC-02.sbi (*)
2013-12-10 Includes\TrojansC-03.sbi (*)
2013-12-23 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run, BrStsMon00
command: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
file: C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
size: 2621440
MD5: 7F42FFCD6FF7CA558C2D95DADCD5EFA9
Located: HK_LM:Run, NUSB3MON
command: "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
file: C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
size: 113288
MD5: 51C8885B6A00904C0252704C9FB0F43A
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:Run, Sidebar (DISABLED)
where: S-1-5-21-2256770228-2703759153-3824626566-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1475584
MD5: E3BF29CED96790CDAAFA981FFDDF53A3
Located: Startup (common), Mail.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
file: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
size: 92024
MD5: 77BD0166102F3B9BB9499B2952C3BCFA
Located: Startup (common), WampServer.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Windows\System32\schtasks.exe
file: C:\Windows\System32\schtasks.exe
size: 179712
MD5: 2003E9B15E1C502B146DAD2E383AC1E3
--- Browser helper object list ---
AutorunsDisabled ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 9/20/2009 11:15:26 AM
Date (last access): 5/1/2012 2:56:04 PM
Date (last write): 9/20/2009 11:15:26 AM
Filesize: 328248
Attributes: archive
MD5: C05A0B625DFE1F6D25E5430746A180D1
CRC32: 4F156357
Version: 131.1.35898.0
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/19/2011 10:12:16 AM
Date (last access): 9/19/2011 10:12:16 AM
Date (last write): 1/26/2009 2:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: ssv.dll
Short name:
Date (created): 2/13/2013 6:25:46 PM
Date (last access): 2/13/2013 6:25:46 PM
Date (last write): 2/13/2013 6:25:46 PM
Filesize: 461216
Attributes: archive
MD5: 14728086710D0416329EE84E3A9438ED
CRC32: 4E3CB2A2
Version: 10.13.2.20
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 3/28/2011 7:35:06 PM
Date (last access): 8/15/2011 8:17:28 PM
Date (last write): 3/28/2011 7:35:06 PM
Filesize: 441216
Attributes: archive
MD5: CF39A105CD553EED31E2255AFF4C6742
CRC32: 3D1149C5
Version: 7.250.4232.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 2/13/2013 6:25:44 PM
Date (last access): 2/13/2013 6:25:44 PM
Date (last write): 2/13/2013 6:25:44 PM
Filesize: 170912
Attributes: archive
MD5: CADEE0EC4341755344540477599F08A8
CRC32: A9D70180
Version: 10.13.2.20
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 9/20/2009 11:15:26 AM
Date (last access): 5/1/2012 2:56:04 PM
Date (last write): 9/20/2009 11:15:26 AM
Filesize: 509496
Attributes: archive
MD5: 67A7E5DACA78544C826B16CD8C816A5C
CRC32: 2EEE8ABA
Version: 131.1.35898.0
--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\Windows\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.microsoft.com/sites/pr.../ieawsdc32.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~2\MICROS~2\Office12\
Long name: IEAWSDC.DLL
Short name:
Date (created): 2/18/2011 9:53:28 AM
Date (last access): 2/18/2011 9:53:28 AM
Date (last write): 2/18/2011 9:53:28 AM
Filesize: 190464
Attributes: archive
MD5: 9C46617BC4104E57391CB79A8F8C3912
CRC32: 41FC9B36
Version: 14.0.6100.0
{12193C65-F0E1-4DD1-AD4E-DB73C6911011} (DCPForm Control 1.0.1.1)
DPF name:
CLSID name: DCPForm Control 1.0.1.1
Installer: C:\Windows\Downloaded Program Files\DCP.inf
Codebase: file:///D:/activeX/DCP.cab
Path: C:\Windows\DOWNLO~1\
Long name: DCP.ocx
Short name:
Date (created): 7/8/2010 10:07:12 AM
Date (last access): 7/8/2010 10:07:12 AM
Date (last write): 7/8/2010 10:07:12 AM
Filesize: 1415680
Attributes: archive
MD5: 3FA41423A0A7C082CA5D7213514F1094
CRC32: 06305743
Version: 1.0.1.1
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/downlo...eckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\SysWow64\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 6/25/2009 12:20:28 PM
Date (last access): 6/25/2009 12:20:28 PM
Date (last write): 6/25/2009 12:20:28 PM
Filesize: 1485176
Attributes: archive
MD5: 3307A07B81206F354F0D4BEFEE922437
CRC32: 58E4DC38
Version: 1.9.42.0
{57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control)
DPF name:
CLSID name: TunnelX Control
Installer:
Codebase: https://www.mydlink.com/8D/activeX//TunnelX.ocx
Path: C:\Windows\DOWNLO~1\
Long name: TunnelX.ocx
Short name:
Date (created): 7/11/2012 2:32:04 PM
Date (last access): 7/11/2012 2:32:04 PM
Date (last write): 7/11/2012 2:32:04 PM
Filesize: 925056
Attributes: archive
MD5: 611A2A1559823B23ED3E1C8ED551FEAB
CRC32: A86D3354
Version: 2.2.6.0
{7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class)
DPF name:
CLSID name: Gif89 Lite +Audio Class
Installer: C:\Windows\Downloaded Program Files\aplugLiteDL.inf
Codebase: https://ca.mydlink.com/8D/activeX//aplugLiteDL.cab
Path: C:\Windows\Downloaded Program Files\
Long name: aplugLiteDL.ocx
Short name: APLUGL~1.OCX
Date (created): 5/4/2012 12:59:48 PM
Date (last access): 5/4/2012 12:59:48 PM
Date (last write): 5/4/2012 12:59:48 PM
Filesize: 528104
Attributes: archive
MD5: B3A5F190D27FC80205DDF1CDC2537182
CRC32: 0C8700EF
Version: 2.3.2.26
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\CONFLICT.1\swflash.inf
Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWOW64\Macromed\Flash\
Long name: Flash32_11_9_900_117.ocx
Short name: FLASH3~1.OCX
Date (created): 10/22/2013 8:25:58 AM
Date (last access): 10/22/2013 8:25:58 AM
Date (last write): 10/22/2013 8:25:58 AM
Filesize: 16304520
Attributes: readonly archive
MD5: 01D09C1B51B74590FBFAC5ED908E5E95
CRC32: 9C027B68
Version: 11.9.900.117
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 1460 (1348) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
size: 10240
MD5: 2DC64A3446C8C6E020E781456B46573D
PID: 2756 (2480) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
size: 113288
MD5: 51C8885B6A00904C0252704C9FB0F43A
PID: 2712 (2656) C:\wamp\wampmanager.exe
size: 1169920
MD5: 663392E75FD426EA94C75CDBF1916251
PID: 3192 (2744) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
size: 532040
MD5: D1D5DAB39DCB4BE0359943738D87409B
PID: 5132 (1452) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 324 ( 4) smss.exe
PID: 520 ( 500) csrss.exe
PID: 588 ( 500) wininit.exe
size: 96256
PID: 608 ( 596) csrss.exe
PID: 656 ( 588) services.exe
PID: 672 ( 588) lsass.exe
PID: 680 ( 588) lsm.exe
PID: 808 ( 596) winlogon.exe
PID: 840 ( 656) svchost.exe
size: 20992
PID: 904 ( 656) nvvsvc.exe
PID: 928 ( 656) nvSCPAPISvr.exe
PID: 964 ( 656) svchost.exe
size: 20992
PID: 264 ( 656) cmdagent.exe
PID: 500 ( 656) MsMpEng.exe
PID: 1040 ( 656) svchost.exe
size: 20992
PID: 1088 ( 656) svchost.exe
size: 20992
PID: 1136 ( 656) svchost.exe
size: 20992
PID: 1168 ( 656) svchost.exe
size: 20992
PID: 1272 ( 656) svchost.exe
size: 20992
PID: 1400 ( 656) Pen_TouchService.exe
PID: 1484 ( 656) svchost.exe
size: 20992
PID: 1560 ( 904) NvXDSync.exe
PID: 1568 ( 904) nvvsvc.exe
PID: 1620 (1088) wisptis.exe
PID: 1804 ( 656) spoolsv.exe
PID: 1840 ( 656) svchost.exe
size: 20992
PID: 1956 ( 656) C:\Windows\System32\taskhost.exe
PID: 1132 (1088) C:\Windows\System32\wisptis.exe
PID: 1348 (1088) C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
size: 224256
MD5: 2DC0C4DE960A20BC2840D72E7B98A144
PID: 1384 (1088) C:\Windows\System32\dwm.exe
PID: 1452 (1992) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 1112 (1400) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
size: 3597680
MD5: 24A977FD214EB46FE54431491E33F3DB
PID: 2388 (1452) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
size: 11464296
MD5: 8976AF5FC5B06D46AC126887F4075C77
PID: 2408 (1452) C:\Windows\WindowsMobile\wmdcBase.exe
size: 660360
MD5: 233A10D4B3F6897899112E4EC60F1906
PID: 2432 (1452) C:\Program Files\Microsoft Device Center\itype.exe
size: 1464928
MD5: 9843083FA1E4A655195DF4D7A687C576
PID: 2448 (1452) C:\Program Files\Microsoft Device Center\ipoint.exe
size: 2004584
MD5: 770FF1850E70B98777F5978FC8FD5D57
PID: 2456 (1452) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
size: 1612504
MD5: 64D7403436A4E09923A1C98E333AB4D5
PID: 2464 (1452) C:\Program Files\Microsoft Security Client\msseces.exe
size: 1266912
MD5: 6860E32B7335EC62295673AA2106A407
PID: 2656 (1168) C:\Windows\System32\taskeng.exe
size: 192000
MD5: 4F2659160AFCCA990305816946F69407
PID: 2852 ( 656) armsvc.exe
PID: 2972 ( 656) bratimer.exe
PID: 3008 ( 656) svchost.exe
size: 20992
PID: 3060 ( 656) svchost.exe
size: 20992
PID: 2532 ( 656) mbamscheduler.exe
PID: 2744 ( 656) mbamservice.exe
PID: 1772 ( 656) svchost.exe
size: 20992
PID: 3104 ( 656) svchost.exe
size: 20992
PID: 3164 ( 656) svchost.exe
size: 20992
PID: 3200 ( 656) Pen_Tablet.exe
PID: 3248 ( 656) WLIDSVC.EXE
PID: 3292 (3200) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
size: 1409392
MD5: CA9128F8D13FD5CED32D81FA9C7F0847
PID: 3328 ( 656) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 3440 (3248) WLIDSVCM.EXE
PID: 3780 ( 840) cavwp.exe
PID: 3820 (3200) Pen_Tablet.exe
PID: 3844 ( 656) BrYNSvc.exe
PID: 3928 ( 656) svchost.exe
size: 20992
PID: 4024 ( 656) NisSrv.exe
PID: 3136 ( 656) svchost.exe
size: 20992
PID: 4980 ( 656) SearchIndexer.exe
size: 427520
PID: 4624 ( 656) httpd.exe
PID: 4668 ( 656) mysqld.exe
PID: 4812 (4624) httpd.exe
PID: 3476 (2456) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
size: 8788696
MD5: 1D99AF0B19CDDB7D9E62AF20E675145B
PID: 2184 ( 656) svchost.exe
size: 20992
PID: 6048 ( 656) wmpnetwk.exe
PID: 6120 ( 656) svchost.exe
size: 20992
PID: 4304 ( 840) dllhost.exe
size: 7168
PID: 3068 ( 656) daemonu.exe
PID: 4572 (6060) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
size: 806096
MD5: C8A8321292A459B0A17FB39A782A5C74
PID: 5868 (6060) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
size: 806096
MD5: C8A8321292A459B0A17FB39A782A5C74
PID: 5480 (1452) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
size: 92024
MD5: 77BD0166102F3B9BB9499B2952C3BCFA
PID: 4368 ( 840) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
size: 25456
MD5: A28574E9659180AF96C8178FC1D722D8
PID: 3356 (5844) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
size: 806096
MD5: C8A8321292A459B0A17FB39A782A5C74
PID: 2896 (1452) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 275568
MD5: 1EEA6C1B35191DC177EA83672B9C3FC0
PID: 6060 (5132) C:\Program Files\Internet Explorer\iexplore.exe
size: 804560
MD5: 0685765C0CBE095BA0C6C8790BAE21EF
PID: 2724 ( 656) C:\Windows\System32\taskhost.exe
PID: 5844 (5480) C:\Program Files\Internet Explorer\iexplore.exe
size: 804560
MD5: 0685765C0CBE095BA0C6C8790BAE21EF
PID: 5812 ( 840) C:\Windows\System32\MsSpellCheckingFacility.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/29/2013 1:33:37 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
Preserve
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.google.ca/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 6: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 7: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote