BPS Spyware Removal

[Decorte]

"BPS Spyware Removal"
Does anybody know exactly what this is?
It was detected on my system this morning and I successfully removed it, but.......What exactly is it and how did it get on my system?
I read a bit on the net about a stolen database from Spybot?
Thank you in advance,
Decorte

 

[tashi]

Hello

Please see:
http://www.safer-networking.org/en/compatibility/bps.html

Spyware Remover is a copyright infringement, using a stolen copy of the Spybot-S&D database.
Please do NOT use BPS Spyware Remover!
(related article February 12th 2003)

Also:
Open letter to BulletProofSoft

I am not sure how it got on your system if you did not install it.

 

[Decorte]

Bps

I can guarantee you that I most definetly did not install BPS Spyware Remover. In fact I never even heard of it until it was in my registry.
I have done a few more scans since this morning and I think it is gone for good.
I sure would like to know where it came from and how it got on my computer!
Thanks again for your response tashi.
Decorte

 

[tashi]

I can guarantee you that I most definetly did not install BPS Spyware Remover. In fact I never even heard of it until it was in my registry.

Interesting.

Have you seen this list:
Rogue/Suspect Anti-Spyware Products & Web Sites

Adware Cops adwarecops.com
bulletproofsoft.com front end for BPS Spyware & Adware Remover [A: 3-26-05 / U: 3-26-05]

Note on BPS Spyware & Adware Remover: Sometime in early 2005 Bulletproofsoft released a new version of BPS Spyware & Adware Remover (version 9). This new version sports a fresh interface as well as a firewall. It also carries the alternate names Adware Cops (downloadable from adwarecops.com), Adware Striker (downloadable from adwarestriker.com),Spyware Cops (downloadable from spywarecops.com), or Spy Striker (downloadable from spystriker.com). Although the Adware Cops, Adware Striker, Spyware Cops, and Spy Striker applications might initially appear to be separate applications, in fact they are just the latest version of BPS Spyware & Adware Remover, only re-skinned. The Adware Cops, Adware Striker, Spyware Cops, and Spy Striker installers even download and install the full BPS applications from Bulletproofsoft.

If you would like us to take a look at a log to see if the System is clean please do the following:

• Open SpyBot, check for and get any updates available.
• Close all browsers, check for problems and fix everything found in red
• Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
  
• Uncheck[ ] do not report disabled or known legitimate Items.
• uncheck[ ] Include a list of services in report.
• Uncheck[ ] Include uninstall list in report.
  
• Now select (near the top) view report.
• Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

OR:
Post a HJT log in the forum here:
Malware Removal Forum
Instructions:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D

Cheers.

 

[Decorte]

A Spybot Report for you to review!

I will take you up on your offer to view a Spybot scan report.
I have attached it for your viewing pleasure???
Looking forward to hearing back from you.
Thanks again,
Decorte

 

[tashi]

Oops it did not attach, you can copy paste it if you'd like.

If too long for one post just keep adding posts into this topic; although if you uncheck the items the way I posted above, the log shouldn't be 'too' long. :

 

[Decorte]

I copied from the text file.

--- Search result list ---
Congratulations!: No immediate threats were found. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-24 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-18 Includes\Cookies.sbi (*)
2006-08-18 Includes\Dialer.sbi (*)
2006-08-18 Includes\Hijackers.sbi (*)
2006-08-18 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-08-18 Includes\Malware.sbi (*)
2006-08-18 Includes\PUPS.sbi (*)
2006-08-18 Includes\Revision.sbi (*)
2006-08-18 Includes\Security.sbi (*)
2006-08-18 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-08-18 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886904)
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)


--- Startup entries list ---
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 369664
MD5: 32e0d24ead2a5c7ee7b6ad516eafe8ee

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 968696
MD5: d1d3726a8508b6183c620b4f6ce82f70

Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~2.EXE
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~2.EXE
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (disabled), PowerReg Scheduler V3 (DISABLED)
command: C:\Documents and Settings\Drew\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
file:

Located: Startup (disabled), PowerReg Scheduler V3 (DISABLED)
command: C:\Documents and Settings\Mom.MACHINENAME\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
file:

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~2.DLL
Date (created): 9/23/2005 9:12:08 PM
Date (last access): 6/2/2006 9:43:30 PM
Date (last write): 1/12/2006 9:38:22 PM
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 7/24/2005 7:46:36 PM
Date (last access): 5/23/2006 8:47:30 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes:
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
BHO name:
CLSID name:

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 5/23/2006 9:02:00 PM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

 

[Decorte]

Second Half

{BDF3E430-B101-42AD-A544-FADC6B084872} ()
BHO name:
CLSID name:
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein



--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 5/12/2006 2:54:10 PM
Date (last access): 7/6/2006 4:40:02 PM
Date (last write): 6/26/2006 10:10:34 AM
Filesize: 54960
Attributes: archive
MD5: 7E8A1C5DC0F1372BB2D170B0A88ED0C3
CRC32: 0DEDE8C7
Version: 10.1.3.18

{193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control)
DPF name:
CLSID name: ewidoOnlineScan Control
Installer:
Codebase: http://download.ewido.net/ewidoOnlineScan.cab
description:
classification: Legitimate
known filename: EWIDOO~1.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: ewidoOnlineScan.dll
Short name: EWIDOO~1.DLL
Date (created): 7/11/2006 9:41:36 AM
Date (last access): 7/11/2006 9:41:36 AM
Date (last write): 7/11/2006 9:41:36 AM
Filesize: 345656
Attributes: archive
MD5: B284992540E0FA2B76DEA56F93D49A16
CRC32: FD2E709C
Version: 1.0.0.4

{6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
DPF name:
CLSID name: ExentInf Class
Installer:
Codebase:
description: Yahoo games?
classification: Legitimate
known filename: EXENTCTL_0_0_0_0.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ExentCtl.ocx
Short name:
Date (created): 6/25/2006 1:12:44 PM
Date (last access): 6/25/2006 1:12:44 PM
Date (last write): 7/19/2005 4:35:04 PM
Filesize: 247416
Attributes: archive
MD5: CD2EF2E6949E439940444B2D192AA408
CRC32: 1E24AEDE
Version: 5.2.0.11

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer:
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38848.3279513889
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla



--- Process list ---
PID: 0 ( 0) [System]
PID: 660 ( 4) \SystemRoot\System32\smss.exe
PID: 732 ( 660) \??\C:\WINDOWS\system32\csrss.exe
PID: 756 ( 660) \??\C:\WINDOWS\system32\winlogon.exe
PID: 800 ( 756) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 812 ( 756) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 968 ( 800) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1048 ( 800) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1164 ( 800) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1460 ( 800) C:\WINDOWS\system32\LEXBCES.EXE
size: 303104
MD5: 027D03D9D8AB95194A115A999E960AC0
PID: 1500 ( 800) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1808 ( 800) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 336896
MD5: 9BF46D959F713D64C8FF3DE2B2437863
PID: 1824 ( 800) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 84480
MD5: 66093610FA61142F6BCFD83AFB7E8A29
PID: 1848 ( 800) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 281088
MD5: 07C595396C6F4631E88F9792E1BECD7E
PID: 1916 ( 800) C:\Program Files\Shavlik Technologies\NetChk\5.6.0.446\HfNetChkProService.exe
size: 730736
MD5: D7F78993CE9C524C6764B83C2579597B
PID: 1948 ( 800) C:\WINDOWS\system32\nvsvc32.exe
size: 143436
MD5: AA78C4677E06CFD4FE048718EE7F6332
PID: 244 ( 800) C:\WINDOWS\ProPatches\Scheduler\stSchedEx.exe
size: 181872
MD5: 7EC837F1896475BE7B4B857BDFFBAC5B
PID: 304 ( 800) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 532 ( 800) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 604 ( 800) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75768
MD5: ACE93FFFFD1F6B2C3E9F9C996BDEC6DB
PID: 2300 (2452) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 2444 (2300) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 369664
MD5: 32E0D24EAD2A5C7EE7B6AD516EAFE8EE
PID: 2932 (2300) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 968696
MD5: D1D3726A8508B6183C620B4F6CE82F70
PID: 1692 (2300) C:\WINDOWS\system32\lexpps.exe
size: 174592
MD5: 8D836E60877ED79C409712B9BE2DFC3B
PID: 1244 ( 968) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 2540 (2300) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/24/2006 3:46:57 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.ca/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BDA3C356-F90E-4A21-A450-4AE377DF9EE9}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BDA3C356-F90E-4A21-A450-4AE377DF9EE9}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A8C8E67-98A0-4441-8184-A021D131E944}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A8C8E67-98A0-4441-8184-A021D131E944}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{879D2174-83F6-4EE0-AF06-F6AF21C07060}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{879D2174-83F6-4EE0-AF06-F6AF21C07060}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{75791F15-E760-426E-A7D5-531593CADE6B}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{75791F15-E760-426E-A7D5-531593CADE6B}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{85976A40-1147-4BF3-8297-E010D356A1FA}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{85976A40-1147-4BF3-8297-E010D356A1FA}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9BEBC8C5-7253-45F4-886E-F7BF9FD3C889}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9BEBC8C5-7253-45F4-886E-F7BF9FD3C889}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

 

[tashi]

Hi there.

Your log looks fine.

However please do see this topic regarding Sun Java as I see you have an old version installed.
C:\Program Files\Java\jre1.5.0_06\bin\

Sun Microsystems~Java. Security vunerability in older versions left on system

If you don't have any problems you are good to go, but if something is niggling please feel free to post in our malware forum with a HJT log.

"BEFORE you POST" -Preliminary Steps

Cheers.

 

[Decorte]

Thank you Tashi, just one last thing please

First of all, thank you for looking at my log.
I think what happened with this BPS stuff is what is called a False Positive.
Ad-Aware just had a recent update to their definitions and apparently some other people are getting this BPS detection on their systems as well.
I'm glad it is resloved because I couldn't for the life of me figure out where this could have come from!
RE: The Java upgrade.
So if I understand things correctly I need to uninstall my current version and reinstall the most updated version. I looked at the links you provided me and I am a little confused. Can you please post one last reply that will take me to the exact Java download I need.
It doesn't take much to confuse me sometimes!
I am a IT student that has learnt a great deal so far, but it means a LOT of late, late nights in front of the computer!
Thanks again,
Decorte

 

[md usa spybot fan]

So if I understand things correctly I need to uninstall my current version and reinstall the most updated version.

Correct. Uninstall via Control panel > Add/Remove Programs.

Can you please post one last reply that will take me to the exact Java download I need.

There is a link that is less confusing in this thread:

• Alerts
  http://forums.spybot.info/showthread.php?t=867

See this post by AplusWebMaster:

• SunJava v1.5.0_08 released
  http://forums.spybot.info/showpost.php?p=38960&postcount=61

The link:

• JAVA SOFTWARE for Windows
  MANUAL DOWNLOAD
  Java Runtime Environment Version 5.0 Update 8
  http://www.java.com/en/download/windows_xpi.jsp

 

[tashi]

I think what happened with this BPS stuff is what is called a False Positive.
Ad-Aware just had a recent update to their definitions and apparently some other people are getting this BPS detection on their systems as well.
I'm glad it is resloved because I couldn't for the life of me figure out where this could have come from!

Thank you for sharing that, it may be of help to others.

I am a IT student that has learnt a great deal so far, but it means a LOT of late, late nights in front of the computer!

I know that feeling.

Good luck with your studies, it has been nice to meet you. :greeting:

 

[Decorte]

Thanks again!

You have been wonderful! Thank you for the excellent product, Spybot!
Decorte