Terminator
New member
I've just run a Scan with Spybot 1.6.1.37 with todays updates and everything was going fine until it hit the first lot of SF detections and then it detected 2 Entries, 1 in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ and 1 in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (64bit).
Spybot managed to remove the first entry but couldn't remove the 2nd because it was still in memory so I rebooted in Safe Mode and ran another scan but this time Spybot only found a couple of harmless Log files and no trace of SF. Just to confirm this was a FP I ran Windows Defender and that also failed to find anything.
Here's my log file as requested:
--- Spybot - Search & Destroy version: 1.6.1 (build: 20081026) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-06-18 SDDelFile.exe (1.0.2.5)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-10-28 SpybotSD.exe (1.6.1.37)
2008-10-27 TeaTimer.exe (1.6.4.26)
2008-07-08 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-09-02 Includes\Adware.sbi
2008-10-27 Includes\AdwareC.sbi
2008-10-29 Includes\Beta.sbi
2007-11-06 Includes\Beta.uti
2008-06-03 Includes\Cookies.sbi
2008-09-02 Includes\Dialer.sbi
2008-09-09 Includes\DialerC.sbi
2008-07-23 Includes\HeavyDuty.sbi
2008-09-02 Includes\Hijackers.sbi
2008-10-28 Includes\HijackersC.sbi
2008-09-09 Includes\Keyloggers.sbi
2008-10-28 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-10-28 Includes\Malware.sbi
2008-10-28 Includes\MalwareC.sbi
2008-09-02 Includes\PUPS.sbi
2008-10-28 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-10-23 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-10-28 Includes\Spyware.sbi
2008-10-29 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-10-29 Includes\Trojans.sbi
2008-10-29 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
--- Startup entries list ---
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 78008
MD5: 66893067C2FB0505F151D3FCB8EA92B5
Located: HK_LM:Run, COMODO Firewall Pro
command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
file: C:\Program Files\COMODO\Firewall\cfp.exe
size: 1655552
MD5: 7539877B69A4931E455D77D9A53E2E20
Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 166424
MD5: E0913BFFE047972BAA72AC3AE608E24D
Located: HK_LM:Run, HP Metrics
command: C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe a
file: C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
size: 368640
MD5: 36BA55D14C3F78C2F137D741EB99E3C0
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220
Located: HK_LM:Run, hpsysdrv
command: c:\hp\support\hpsysdrv.exe
file: c:\hp\support\hpsysdrv.exe
size: 65536
MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 141848
MD5: EF4FF93786AE65DD307FCADABCD087CA
Located: HK_LM:Run, KBD
command: C:\HP\KBD\KbdStub.EXE
file: C:\HP\KBD\KbdStub.EXE
size: 65536
MD5: 7088B136BB58A5F95CF0DE8386CA6C0F
Located: HK_LM:Run, OsdMaestro
command: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
file: C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
size: 118784
MD5: B1361669BDC6ED612C35B7C67ADA2240
Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 133656
MD5: 83591BC9E3328F5BACCF487CD12414EB
Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4874240
MD5: 361CD47DC5BD83EE24407903233B0D9A
Located: HK_LM:Run, SunJavaUpdateReg
command: "C:\Windows\system32\jureg.exe" -delete
file: C:\Windows\system32\jureg.exe
size: 54936
MD5: 4F89DD4EA74C66916E15A6E7D74A50B5
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-16169106-2878052200-2811833100-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-16169106-2878052200-2811833100-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: F14219FC767F1383526AB423F278A8E3
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{053F9267-DC04-4294-A72C-58F732D338C0} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 27/03/2008 16:50:26
Date (last access): 18/09/2008 20:08:00
Date (last write): 15/09/2008 13:25:44
Filesize: 1562960
Attributes:
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 28/10/2008 14:40:42
Date (last access): 28/10/2008 14:40:42
Date (last write): 28/10/2008 14:40:42
Filesize: 320920
Attributes: archive
MD5: DC090E320775F1B1FE896F6E1D393D7F
CRC32: 068B5AFC
Version: 6.0.100.33
{AA58ED58-01DD-4d91-8333-CF10577473F7} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 34816
Attributes: archive
MD5: 27771CDC5D464818C8F92356AE840A6F
CRC32: B0BC1BD4
Version: 6.0.100.33
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control)
DPF name:
CLSID name: QuickTime Plugin Control
Installer: C:\Windows\Downloaded Program Files\QTPlugin.inf
Codebase: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 15/06/2008 19:07:24
Date (last access): 15/06/2008 19:07:24
Date (last write): 15/06/2008 19:07:24
Filesize: 779568
Attributes: archive
MD5: 2895E4DA45C169531EA5DF01E3829B23
CRC32: 95147D29
Version: 7.50.61.0
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 20/03/2008 17:06:36
Date (last access): 20/03/2008 17:06:36
Date (last write): 20/03/2008 17:06:36
Filesize: 1480232
Attributes: archive
MD5: E058C4821D48E0A67F6069CB50818D44
CRC32: 3513AE02
Version: 1.7.69.2
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
Codebase: http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 20/11/2006 11:04:16
Date (last access): 20/11/2006 11:04:16
Date (last write): 20/11/2006 11:04:16
Filesize: 543544
Attributes: archive
MD5: A0F541D9D2CACEEC7A4A378CD0C31626
CRC32: 035C591F
Version: 10.0.914.0
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class)
DPF name:
CLSID name: GMNRev Class
Installer: C:\Windows\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
Path: C:\Program Files\HP\Common\
Long name: HPGMNRev.dll
Short name:
Date (created): 29/07/2008 13:47:04
Date (last access): 27/08/2008 19:53:18
Date (last write): 29/07/2008 13:47:04
Filesize: 198448
Attributes: archive
MD5: D118AAAB43BFAB719B2F185C3D556E54
CRC32: 4FA69970
Version: 8.7.13.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01)
DPF name:
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05)
DPF name:
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase:
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06)
DPF name:
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase:
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07)
DPF name:
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase:
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 28/10/2008 14:40:42
Date (last access): 28/10/2008 14:40:42
Date (last write): 28/10/2008 14:40:42
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33
--- Process list ---
PID: 1828 (1136) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 1964 (1124) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 2000 (1948) C:\Windows\Explorer.EXE
size: 2927104
MD5: FFA764631CB70A30065C12EF8E174F9F
PID: 1772 (2000) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 1816 (2000) C:\hp\support\hpsysdrv.exe
size: 65536
MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
PID: 1848 (2000) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
size: 118784
MD5: B1361669BDC6ED612C35B7C67ADA2240
PID: 1356 (2000) C:\Windows\RtHDVCpl.exe
size: 4874240
MD5: 361CD47DC5BD83EE24407903233B0D9A
PID: 1928 (2000) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
size: 49152
MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220
PID: 1596 (2000) C:\Windows\System32\hkcmd.exe
size: 166424
MD5: E0913BFFE047972BAA72AC3AE608E24D
PID: 1552 (2000) C:\Windows\System32\igfxpers.exe
size: 133656
MD5: 83591BC9E3328F5BACCF487CD12414EB
PID: 1500 (2000) C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
size: 368640
MD5: 36BA55D14C3F78C2F137D741EB99E3C0
PID: 1440 (2000) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
size: 78008
MD5: 66893067C2FB0505F151D3FCB8EA92B5
PID: 1244 (2000) C:\Program Files\COMODO\Firewall\cfp.exe
size: 1655552
MD5: 7539877B69A4931E455D77D9A53E2E20
PID: 1176 (2000) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D
PID: 1236 (2000) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 1448 (2000) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: F14219FC767F1383526AB423F278A8E3
PID: 2132 ( 892) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 2548 ( 892) C:\Windows\system32\igfxsrvc.exe
size: 256536
MD5: E604D80346076DDD1B9F214678A35A38
PID: 1188 (2000) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 3552 ( 892) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 2100 (1448) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
size: 151552
MD5: FEDDD3579FEE51A9873D856DF3933C68
PID: 5092 (1796) C:\hp\kbd\kbd.exe
size: 67128
MD5: 7CAC10A1C258DFCB5ADE563BAE6D2F15
PID: 6132 (6124) C:\Program Files\Internet Explorer\IEUser.exe
size: 299520
MD5: 5B2E1C16A2C420F60CD391B666003F14
PID: 5956 (5964) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 5B92133D3E7FB2644677686305E29E81
PID: 4388 (3012) C:\Windows\system32\SearchFilterHost.exe
size: 87552
MD5: 87889A983C015080FA813D7E32910D1E
PID: 2508 (2000) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5195096
MD5: A22891D2506DCE1D0F0A03C1EA1ACF69
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 448 ( 4) smss.exe
size: 64000
PID: 596 ( 584) csrss.exe
size: 6144
PID: 640 ( 584) wininit.exe
size: 96768
PID: 652 ( 632) csrss.exe
size: 6144
PID: 684 ( 640) services.exe
size: 279040
PID: 712 ( 632) winlogon.exe
size: 314880
PID: 728 ( 640) lsass.exe
size: 9728
PID: 740 ( 640) lsm.exe
size: 229888
PID: 892 ( 684) svchost.exe
size: 21504
PID: 956 ( 684) svchost.exe
size: 21504
PID: 992 ( 684) svchost.exe
size: 21504
PID: 1092 ( 684) svchost.exe
size: 21504
PID: 1124 ( 684) svchost.exe
size: 21504
PID: 1136 ( 684) svchost.exe
size: 21504
PID: 1260 (1092) audiodg.exe
size: 88064
PID: 1292 ( 684) SLsvc.exe
size: 2623488
PID: 1360 ( 684) svchost.exe
size: 21504
PID: 1516 ( 684) svchost.exe
size: 21504
PID: 1744 ( 684) spoolsv.exe
size: 125952
PID: 1784 ( 684) svchost.exe
size: 21504
PID: 2028 (1136) taskeng.exe
size: 169472
PID: 2064 ( 684) aswUpdSv.exe
PID: 2088 ( 684) ashServ.exe
PID: 2156 ( 684) cmdagent.exe
PID: 2200 ( 684) svchost.exe
size: 21504
PID: 2216 ( 684) LSSrvc.exe
PID: 2664 ( 684) svchost.exe
size: 21504
PID: 2784 ( 684) svchost.exe
size: 21504
PID: 2800 ( 684) svchost.exe
size: 21504
PID: 2832 ( 684) svchost.exe
size: 21504
PID: 2920 ( 684) svchost.exe
size: 21504
PID: 3012 ( 684) SearchIndexer.exe
size: 439808
PID: 3132 ( 684) SDWinSec.exe
size: 809296
MD5: 55C1E4FDFD62A48FB5A2CE25F3AA8AE8
PID: 3212 (1124) WUDFHost.exe
size: 142336
PID: 3940 ( 684) ashMaiSv.exe
PID: 4084 ( 684) ashWebSv.exe
PID: 3464 ( 684) wmpnetwk.exe
PID: 3288 ( 892) WmiPrvSE.exe
PID: 4616 (3012) SearchProtocolHost.exe
size: 184832
PID: 5264 ( 684) HPHC_Service.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 29/10/2008 23:05:43
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.co.uk/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39C42534-2708-497A-9082-659CBCC7CD75}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39C42534-2708-497A-9082-659CBCC7CD75}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
I'm Running Windows Vista SP1 with all current Updates with IE 7, Comodo Pro Free (Latest Version) Avast! Free 4.8.1229 and SpywareBlaster 4.1.
PS: I think this may be a problem with todays Beta Detections as under "Kind" colum and beneath "2 entries" was , in brackets, the word "Beta"
PPS: I'm not showing any sings of a genuine infection.
Spybot managed to remove the first entry but couldn't remove the 2nd because it was still in memory so I rebooted in Safe Mode and ran another scan but this time Spybot only found a couple of harmless Log files and no trace of SF. Just to confirm this was a FP I ran Windows Defender and that also failed to find anything.
Here's my log file as requested:
--- Spybot - Search & Destroy version: 1.6.1 (build: 20081026) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-06-18 SDDelFile.exe (1.0.2.5)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-10-28 SpybotSD.exe (1.6.1.37)
2008-10-27 TeaTimer.exe (1.6.4.26)
2008-07-08 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-09-02 Includes\Adware.sbi
2008-10-27 Includes\AdwareC.sbi
2008-10-29 Includes\Beta.sbi
2007-11-06 Includes\Beta.uti
2008-06-03 Includes\Cookies.sbi
2008-09-02 Includes\Dialer.sbi
2008-09-09 Includes\DialerC.sbi
2008-07-23 Includes\HeavyDuty.sbi
2008-09-02 Includes\Hijackers.sbi
2008-10-28 Includes\HijackersC.sbi
2008-09-09 Includes\Keyloggers.sbi
2008-10-28 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-10-28 Includes\Malware.sbi
2008-10-28 Includes\MalwareC.sbi
2008-09-02 Includes\PUPS.sbi
2008-10-28 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-10-23 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-10-28 Includes\Spyware.sbi
2008-10-29 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-10-29 Includes\Trojans.sbi
2008-10-29 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
--- Startup entries list ---
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 78008
MD5: 66893067C2FB0505F151D3FCB8EA92B5
Located: HK_LM:Run, COMODO Firewall Pro
command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
file: C:\Program Files\COMODO\Firewall\cfp.exe
size: 1655552
MD5: 7539877B69A4931E455D77D9A53E2E20
Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 166424
MD5: E0913BFFE047972BAA72AC3AE608E24D
Located: HK_LM:Run, HP Metrics
command: C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe a
file: C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
size: 368640
MD5: 36BA55D14C3F78C2F137D741EB99E3C0
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220
Located: HK_LM:Run, hpsysdrv
command: c:\hp\support\hpsysdrv.exe
file: c:\hp\support\hpsysdrv.exe
size: 65536
MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 141848
MD5: EF4FF93786AE65DD307FCADABCD087CA
Located: HK_LM:Run, KBD
command: C:\HP\KBD\KbdStub.EXE
file: C:\HP\KBD\KbdStub.EXE
size: 65536
MD5: 7088B136BB58A5F95CF0DE8386CA6C0F
Located: HK_LM:Run, OsdMaestro
command: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
file: C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
size: 118784
MD5: B1361669BDC6ED612C35B7C67ADA2240
Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 133656
MD5: 83591BC9E3328F5BACCF487CD12414EB
Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4874240
MD5: 361CD47DC5BD83EE24407903233B0D9A
Located: HK_LM:Run, SunJavaUpdateReg
command: "C:\Windows\system32\jureg.exe" -delete
file: C:\Windows\system32\jureg.exe
size: 54936
MD5: 4F89DD4EA74C66916E15A6E7D74A50B5
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-16169106-2878052200-2811833100-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-16169106-2878052200-2811833100-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: F14219FC767F1383526AB423F278A8E3
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{053F9267-DC04-4294-A72C-58F732D338C0} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 27/03/2008 16:50:26
Date (last access): 18/09/2008 20:08:00
Date (last write): 15/09/2008 13:25:44
Filesize: 1562960
Attributes:
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 28/10/2008 14:40:42
Date (last access): 28/10/2008 14:40:42
Date (last write): 28/10/2008 14:40:42
Filesize: 320920
Attributes: archive
MD5: DC090E320775F1B1FE896F6E1D393D7F
CRC32: 068B5AFC
Version: 6.0.100.33
{AA58ED58-01DD-4d91-8333-CF10577473F7} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 34816
Attributes: archive
MD5: 27771CDC5D464818C8F92356AE840A6F
CRC32: B0BC1BD4
Version: 6.0.100.33
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control)
DPF name:
CLSID name: QuickTime Plugin Control
Installer: C:\Windows\Downloaded Program Files\QTPlugin.inf
Codebase: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 15/06/2008 19:07:24
Date (last access): 15/06/2008 19:07:24
Date (last write): 15/06/2008 19:07:24
Filesize: 779568
Attributes: archive
MD5: 2895E4DA45C169531EA5DF01E3829B23
CRC32: 95147D29
Version: 7.50.61.0
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 20/03/2008 17:06:36
Date (last access): 20/03/2008 17:06:36
Date (last write): 20/03/2008 17:06:36
Filesize: 1480232
Attributes: archive
MD5: E058C4821D48E0A67F6069CB50818D44
CRC32: 3513AE02
Version: 1.7.69.2
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
Codebase: http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 20/11/2006 11:04:16
Date (last access): 20/11/2006 11:04:16
Date (last write): 20/11/2006 11:04:16
Filesize: 543544
Attributes: archive
MD5: A0F541D9D2CACEEC7A4A378CD0C31626
CRC32: 035C591F
Version: 10.0.914.0
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class)
DPF name:
CLSID name: GMNRev Class
Installer: C:\Windows\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
Path: C:\Program Files\HP\Common\
Long name: HPGMNRev.dll
Short name:
Date (created): 29/07/2008 13:47:04
Date (last access): 27/08/2008 19:53:18
Date (last write): 29/07/2008 13:47:04
Filesize: 198448
Attributes: archive
MD5: D118AAAB43BFAB719B2F185C3D556E54
CRC32: 4FA69970
Version: 8.7.13.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01)
DPF name:
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05)
DPF name:
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase:
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06)
DPF name:
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase:
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07)
DPF name:
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase:
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 28/10/2008 14:40:40
Date (last access): 28/10/2008 14:40:40
Date (last write): 28/10/2008 14:40:40
Filesize: 94208
Attributes: archive
MD5: 9FB23124A9533D08D36F5E5C252BFF16
CRC32: 20944F62
Version: 6.0.100.33
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 28/10/2008 14:40:42
Date (last access): 28/10/2008 14:40:42
Date (last write): 28/10/2008 14:40:42
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33
--- Process list ---
PID: 1828 (1136) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 1964 (1124) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 2000 (1948) C:\Windows\Explorer.EXE
size: 2927104
MD5: FFA764631CB70A30065C12EF8E174F9F
PID: 1772 (2000) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 1816 (2000) C:\hp\support\hpsysdrv.exe
size: 65536
MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
PID: 1848 (2000) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
size: 118784
MD5: B1361669BDC6ED612C35B7C67ADA2240
PID: 1356 (2000) C:\Windows\RtHDVCpl.exe
size: 4874240
MD5: 361CD47DC5BD83EE24407903233B0D9A
PID: 1928 (2000) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
size: 49152
MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220
PID: 1596 (2000) C:\Windows\System32\hkcmd.exe
size: 166424
MD5: E0913BFFE047972BAA72AC3AE608E24D
PID: 1552 (2000) C:\Windows\System32\igfxpers.exe
size: 133656
MD5: 83591BC9E3328F5BACCF487CD12414EB
PID: 1500 (2000) C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe
size: 368640
MD5: 36BA55D14C3F78C2F137D741EB99E3C0
PID: 1440 (2000) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
size: 78008
MD5: 66893067C2FB0505F151D3FCB8EA92B5
PID: 1244 (2000) C:\Program Files\COMODO\Firewall\cfp.exe
size: 1655552
MD5: 7539877B69A4931E455D77D9A53E2E20
PID: 1176 (2000) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D
PID: 1236 (2000) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 1448 (2000) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: F14219FC767F1383526AB423F278A8E3
PID: 2132 ( 892) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 2548 ( 892) C:\Windows\system32\igfxsrvc.exe
size: 256536
MD5: E604D80346076DDD1B9F214678A35A38
PID: 1188 (2000) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 3552 ( 892) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 2100 (1448) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
size: 151552
MD5: FEDDD3579FEE51A9873D856DF3933C68
PID: 5092 (1796) C:\hp\kbd\kbd.exe
size: 67128
MD5: 7CAC10A1C258DFCB5ADE563BAE6D2F15
PID: 6132 (6124) C:\Program Files\Internet Explorer\IEUser.exe
size: 299520
MD5: 5B2E1C16A2C420F60CD391B666003F14
PID: 5956 (5964) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 5B92133D3E7FB2644677686305E29E81
PID: 4388 (3012) C:\Windows\system32\SearchFilterHost.exe
size: 87552
MD5: 87889A983C015080FA813D7E32910D1E
PID: 2508 (2000) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5195096
MD5: A22891D2506DCE1D0F0A03C1EA1ACF69
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 448 ( 4) smss.exe
size: 64000
PID: 596 ( 584) csrss.exe
size: 6144
PID: 640 ( 584) wininit.exe
size: 96768
PID: 652 ( 632) csrss.exe
size: 6144
PID: 684 ( 640) services.exe
size: 279040
PID: 712 ( 632) winlogon.exe
size: 314880
PID: 728 ( 640) lsass.exe
size: 9728
PID: 740 ( 640) lsm.exe
size: 229888
PID: 892 ( 684) svchost.exe
size: 21504
PID: 956 ( 684) svchost.exe
size: 21504
PID: 992 ( 684) svchost.exe
size: 21504
PID: 1092 ( 684) svchost.exe
size: 21504
PID: 1124 ( 684) svchost.exe
size: 21504
PID: 1136 ( 684) svchost.exe
size: 21504
PID: 1260 (1092) audiodg.exe
size: 88064
PID: 1292 ( 684) SLsvc.exe
size: 2623488
PID: 1360 ( 684) svchost.exe
size: 21504
PID: 1516 ( 684) svchost.exe
size: 21504
PID: 1744 ( 684) spoolsv.exe
size: 125952
PID: 1784 ( 684) svchost.exe
size: 21504
PID: 2028 (1136) taskeng.exe
size: 169472
PID: 2064 ( 684) aswUpdSv.exe
PID: 2088 ( 684) ashServ.exe
PID: 2156 ( 684) cmdagent.exe
PID: 2200 ( 684) svchost.exe
size: 21504
PID: 2216 ( 684) LSSrvc.exe
PID: 2664 ( 684) svchost.exe
size: 21504
PID: 2784 ( 684) svchost.exe
size: 21504
PID: 2800 ( 684) svchost.exe
size: 21504
PID: 2832 ( 684) svchost.exe
size: 21504
PID: 2920 ( 684) svchost.exe
size: 21504
PID: 3012 ( 684) SearchIndexer.exe
size: 439808
PID: 3132 ( 684) SDWinSec.exe
size: 809296
MD5: 55C1E4FDFD62A48FB5A2CE25F3AA8AE8
PID: 3212 (1124) WUDFHost.exe
size: 142336
PID: 3940 ( 684) ashMaiSv.exe
PID: 4084 ( 684) ashWebSv.exe
PID: 3464 ( 684) wmpnetwk.exe
PID: 3288 ( 892) WmiPrvSE.exe
PID: 4616 (3012) SearchProtocolHost.exe
size: 184832
PID: 5264 ( 684) HPHC_Service.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 29/10/2008 23:05:43
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.co.uk/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39C42534-2708-497A-9082-659CBCC7CD75}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{39C42534-2708-497A-9082-659CBCC7CD75}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{114E311E-6CE2-404C-9BC3-B537B8F2651C}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
I'm Running Windows Vista SP1 with all current Updates with IE 7, Comodo Pro Free (Latest Version) Avast! Free 4.8.1229 and SpywareBlaster 4.1.
PS: I think this may be a problem with todays Beta Detections as under "Kind" colum and beneath "2 entries" was , in brackets, the word "Beta"
PPS: I'm not showing any sings of a genuine infection.
Last edited:
resent:.