NSIS_SkinCrafter_plugin.dll - is this normal?

Hi. I wasn’t sure whether to post this here or in the Defense+ section.

A few days ago as GeekBuddy was trying to auto-update itself, I noticed a nsa6.tmp folder in windows\system\config\systemprofile\local settings\temp\ directory, with the following files in it:

NSIS_SkinCrafter_plugin.dll

Skincrafter.dll

cservice.dll

Are these related to GeekBuddy update/installation process? I assumed they were, since they were created around the same time as the update took place. However, what I find strange is that Comodo’s Defense+ immediately uploaded & scanned online the file “nsA.tmp” from the folder (found safe), which is also the reason I noticed the folder in the first place. Why would Defense+ need to verify and scan online a file that came from Comodo itself, assuming it was indeed related to GeekBuddy? Googling for “nsA.tmp” gives a lot of references to trojans.

I also saw references to the above mentioned files as well as a mention of GeekBuddy, in my svcpack.log in the Windows folder:

93.860: ---- New Information In The Registry ------
93.860: Source:C:\Program Files\COMODO\COMODO GeekBuddy\Cpa_VA_ErrorLog.txt
93.860: Destination:

and right next to it it had similar entries about the aforementioned files.

Could someone explain why that would be included in a log relating to a Windows Service Pack update?

Sorry if this was posted in the wrong section. Thanks.

As a paying customer of Comodo, I’d appreciate a response to this.

It looks like the first two files are related to Nullsoft Scriptable Install System (Nullsoft Installer).

When the Comodo Cloud deems a file safe you can trust that judgment even though there are various other files with the same name (the cloud lookup checks by Hash code and that assures the identity of the file being checked being the file it is).