PDA

View Full Version : how to remove FakeMSN8Beta


haeffnkr
2006-02-03, 02:53
Spybot can not remove FakeMSN8Beta on my PC?

I just installed the latest verison of sypbot and got the latest update.
Spybot finds FakeMSN8Beta and says it removes it but I reboot and it comes back....
Also the registry confirms pop up but I can not click the OK buttons because the buttons are garbled on the popup?
When I try to open windows regedit it fails and task manager will not come up at all.

Not sure what else is wrong/on my PC but I installed several applications regarding video editting and it has been hosed up since.
Please help if you can.
thanks Kevin
tashi
2006-02-03, 03:05
Hello Kevin. :)

What Security programs do you have installed.

Operating System. (ie: XP, 98 etc)

See here: Solution to fix the pop-ups in TeaTimer. (Spybot-S&D V 1.4) (http://forums.spybot.info/showthread.php?t=122)

Can you provide a log, if so:

Open SpyBot, check for and get any updates available.
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.

Cheers.
haeffnkr
2006-02-03, 03:40
The tea timer fix worked
I have XP


--- Search result list ---


--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP1: Windows XP Service Pack 1a
/ Windows XP / SP2: Windows XP Hotfix - KB810217
/ Windows XP / SP2: Advanced Networking Pack for Windows XP
/ Windows XP / SP2: Windows XP Hotfix - KB820291
/ Windows XP / SP2: Windows XP Hotfix - KB821253
/ Windows XP / SP2: Windows XP Hotfix - KB822603
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB824151
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB826939
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833987
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB840987
/ Windows XP / SP2: Windows XP Hotfix - KB841356
/ Windows XP / SP2: Windows XP Hotfix - KB841533
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix - KB871250
/ Windows XP / SP2: Windows XP Hotfix - KB873376
/ Windows XP / SP2: Windows XP Hotfix - KB891711
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB898461)


--- Startup entries list ---
Located: HK_LM:Run, DataLayer
command: C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
file: C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
size: 1106944
MD5: c53e07cd089a300ca2c78816e4781b61

Located: HK_LM:Run, InCD
command: C:\Program Files\Ahead\InCD\InCD.exe
file: C:\Program Files\Ahead\InCD\InCD.exe
size: 1101824
MD5: 10123e660a81f92c7827d2474299f20a

Located: HK_LM:Run, PCSuiteTrayApplication
command: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
file:

Located: HK_LM:Run, VideoraiPodConverter
command: C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
file:

Located: HK_LM:Run, WinampAgent
command: C:\Program Files\Winamp\winampa.exe
file: C:\Program Files\Winamp\winampa.exe
size: 33792
MD5: 11aa6662a1be30375afd1a8407811e7e

Located: HK_LM:Run, winupdates
command: C:\Program Files\winupdates\winupdates.exe /auto
file:

Located: HK_LM:Run, KernelFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 9216
MD5: 62dd404c8e46b76089a3d1fa6bd96739

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: f8dbb32041336a94c676e6b70f759993

Located: HK_LM:Run, VideoraiPodConverter (DISABLED)
command: C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
file:

Located: HK_CU:Run, PcSync
command: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
file:

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 8f1862afc3c79c0ea37621e87cc2fe6e

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/3/2003 1:17:44 PM
Date (last access): 2/2/2006 8:31:38 PM
Date (last write): 11/3/2003 1:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 2/2/2006 5:35:00 PM
Date (last access): 2/2/2006 8:03:24 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 12/24/2005 11:11:32 PM
Date (last access): 2/2/2006 7:35:10 PM
Date (last write): 11/8/2005 6:43:56 PM
Filesize: 1164800
Attributes: readonly archive
MD5: 238E278572C5CF68BA02FCE1CC26E10E
CRC32: 0FDA8451
Version: 3.0.128.1



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

Yahoo! Dominoes (Yahoo! Dominoes)
DPF name: Yahoo! Dominoes
CLSID name:
Installer:
Codebase: http://download.games.yahoo.com/games/clients/y/dot8_x.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 2/1/2006 10:25:12 PM
Date (last access): 2/2/2006 8:28:16 PM
Date (last write): 2/1/2006 10:25:12 PM
Filesize: 323640
Attributes: archive
MD5: F400DF784E2C6718809F3A105B5535DB
CRC32: 9BE5B648
Version: 6.0.0.71

{08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM)
DPF name:
CLSID name: Microsoft VM
Installer:
Codebase: http://www.wildtangent.com/install/jvm/msjavx86_3805.exe

{31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class)
DPF name:
CLSID name: Gif89 Class
Installer:
Codebase: http://tclark.com/Files/xplug.ocx
Path: C:\WINDOWS\Downloaded Program Files\
Long name: xplug.ocx
Short name:
Date (created): 5/10/2005 8:17:48 PM
Date (last access): 2/2/2006 8:31:38 PM
Date (last write): 5/10/2005 8:17:56 PM
Filesize: 509072
Attributes: archive
MD5: DEE7595756F55342486602A7D6E5CC20
CRC32: A48FD777
Version: 4.4.0.0

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38139.4614814815
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wtinst.inf
Codebase: http://install.wildtangent.com/bgn/partners/shockwave/orbital/install.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash.ocx
Short name:
Date (created): 6/9/2004 3:59:26 PM
Date (last access): 2/2/2006 7:35:10 PM
Date (last write): 6/9/2004 3:59:26 PM
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 7.0.19.0

CONTINUED ________XXXXXXXXXXXXX



thanks for your help - Kevin
haeffnkr
2006-02-03, 03:40
CONTI UED FROM PREVIOUS POST ____________XXXXXXXXXx




--- Process list ---
PID: 0 ( 0) [System]
PID: 380 ( 4) \SystemRoot\System32\smss.exe
PID: 428 ( 380) \??\C:\WINDOWS\system32\csrss.exe
PID: 452 ( 380) \??\C:\WINDOWS\system32\winlogon.exe
PID: 496 ( 452) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 508 ( 452) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 756 ( 496) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 780 ( 496) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 872 ( 496) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 908 ( 496) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1016 ( 496) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1160 ( 496) C:\WINDOWS\System32\inetsrv\inetinfo.exe
size: 13824
MD5: B2B2114713F6672D03232383E6E0DF73
PID: 1236 ( 496) C:\WINDOWS\System32\snmp.exe
size: 29696
MD5: E86706550AB94DCF7D2E8CFA8683C285
PID: 1260 ( 496) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 232 ( 196) C:\WINDOWS\Explorer.EXE
size: 996352
MD5: A73BC66A95CF4F7B597FC8975778A889
PID: 408 ( 232) C:\Program Files\Winamp\winampa.exe
size: 33792
MD5: 11AA6662A1BE30375AFD1A8407811E7E
PID: 424 ( 232) C:\Program Files\Ahead\InCD\InCD.exe
size: 1101824
MD5: 10123E660A81F92C7827D2474299F20A
PID: 412 ( 232) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
size: 167936
MD5: C26C12989E5C76440DF928605037CC30
PID: 472 ( 232) C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
size: 1106944
MD5: C53E07CD089A300CA2C78816E4781B61
PID: 612 ( 232) C:\Program Files\winupdates\winupdates.exe
size: 2379776
MD5: B70A0BD6E45135566A7AA9FAA196E615
PID: 1056 ( 232) C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: F8DBB32041336A94C676E6B70F759993
PID: 1064 ( 756) C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
size: 97792
MD5: 69EAC89D4EBDE2AD42F52058BEDB71D2
PID: 1392 ( 232) C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
size: 847872
MD5: 973C5533C9A7941C31375265ABEEA405
PID: 1088 ( 756) C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
size: 468992
MD5: 2BB50C47D34AEF5DF589A5409D232C8E
PID: 2232 ( 780) C:\WINDOWS\System32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 2924 (2360) C:\PROGRA~1\WINZIP\winzip32.exe
size: 2076739
MD5: 3D1982931D98CB24D40FD023B5DDB6F5
PID: 3248 (3216) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 8F1862AFC3C79C0EA37621E87CC2FE6E
PID: 3816 ( 232) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 3992 ( 232) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2/2/2006 8:36:09 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{56B299FF-375D-466C-B4FD-3284EDAE5908}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{56B299FF-375D-466C-B4FD-3284EDAE5908}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC45913C-CB37-4E3C-8B37-8650732DB611}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC45913C-CB37-4E3C-8B37-8650732DB611}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4BE21912-6137-46DA-8D7F-B5C406BCBC96}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4BE21912-6137-46DA-8D7F-B5C406BCBC96}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{64C51549-47FF-4537-9931-E713436A1919}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{64C51549-47FF-4537-9931-E713436A1919}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

thanks again - Kevin
haeffnkr
2006-02-05, 18:23
I have installed mcafee and it removed several things.

I have re-run spybot and I still get this FakeMSN8Beta entry.
Regedit will not open.

I still have something wrong with this PC - any ideas would be appreciated.

thanks Kevin
tashi
2006-02-17, 08:14
Hi haeffnkr.

Sorry, my email notifier missed this one, I have asked Lonny to take a look.
LonnyRJones
2006-02-17, 08:53
Hi Kevin
If your still in need of assistance
Please go here and follow instructions.
http://forums.spybot.info/showthread.php?t=288
Start a topic in our malware section, then let me know.
tanzy
2006-02-18, 16:44
i have the same problem.........
here is my log......help!
369















Spybot can not remove FakeMSN8Beta on my PC?

I just installed the latest verison of sypbot and got the latest update.
Spybot finds FakeMSN8Beta and says it removes it but I reboot and it comes back....
Also the registry confirms pop up but I can not click the OK buttons because the buttons are garbled on the popup?
When I try to open windows regedit it fails and task manager will not come up at all.

Not sure what else is wrong/on my PC but I installed several applications regarding video editting and it has been hosed up since.
Please help if you can.
thanks Kevin
LonnyRJones
2006-02-18, 17:53
Welcome to the forum tanzy

Please go here and follow instructions.
"Before you post a log"
http://forums.spybot.info/showthread.php?t=288
Start a new topic in our malware area
Someone will then take a look at the system and advise you.
Alexsyd
2007-06-10, 16:47
So how exactly can I remove FakeMSN8Beta?????
tashi
2007-06-10, 17:15
Hello.

Is this item flagged after running Spybot-S&D? If so, first let us see the detection:

Open SpyBot.
Check for problems.
When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.


We may ask you to follow the procedure in this link: "BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288) and start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Regards.
md usa spybot fan
2007-06-10, 17:19
Post deleted
craigergarten
2008-05-27, 06:31
im having the same problem here is my report
--- Search result list ---
FakeMSN8Beta: [SBI $8EDD7C9D] Executable (File, fixed)
C:\WINDOWS\system32\netstat.com

FakeMSN8Beta: [SBI $E9095CE2] Executable (File, fixed)
C:\WINDOWS\system32\taskkill.com


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-05-12 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-21 Includes\AdwareC.sbi (*)
2008-05-21 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-21 Includes\DialerC.sbi (*)
2008-05-21 Includes\HeavyDuty.sbi (*)
2008-04-30 Includes\Hijackers.sbi (*)
2008-05-21 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-21 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-05-21 Includes\Malware.sbi (*)
2008-05-21 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-21 Includes\PUPSC.sbi (*)
2008-05-21 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-21 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-21 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-21 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-05-21 Includes\Trojans.sbi (*)
2008-05-21 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB867282
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933566)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937143)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB939653)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Security Update for Windows XP (KB942615)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Update for Windows XP (KB942840)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Update for Windows XP (KB946627)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40048
MD5: 66D4456C920E21BD2188F8CC33680DF5

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 315392
MD5: C73FF76885EB1C95B43A4610CBFBE2FC

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 52896
MD5: 1918A1D8E67A6452720797919FA520C9

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 04A9F0C58B170F30445BCC0683EF9FFC

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 385024
MD5: F89DA660C511652EE511FE3AB2F04BFC

Located: HK_LM:Run, services
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, SetIcon
command: C:\Program Files\Generic\Seticon.exe
file: C:\Program Files\Generic\Seticon.exe
size: 40960
MD5: 2805580429081F9C2B8217F6087C4EE8

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
size: 144784
MD5: 9CC69118FDCBF17119F814FC0A65CA06

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 125168
MD5: A1307C939E5216317E363D06A5473C7D

Located: HK_LM:Run, WinampAgent
command: C:\Program Files\Winamp\winampa.exe
file: C:\Program Files\Winamp\winampa.exe
size: 35328
MD5: EA7B08147C0CB85EEB4E48DC3444208E

Located: HK_LM:Run, wltray.exe
command: C:\WINDOWS\system32\wltray.exe
file: C:\WINDOWS\system32\wltray.exe
size: 778348
MD5: 186D4E58EA61D6D209C00A98CFD6C7CE

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-2760881593-2787157223-2369146164-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, H/PC Connection Agent
where: S-1-5-21-2760881593-2787157223-2369146164-1005...
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 401496
MD5: 1F665588D5C4AC40D9BB2AD31B20D49F

Located: HK_CU:Run, services
where: S-1-5-21-2760881593-2787157223-2369146164-1005...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-2760881593-2787157223-2369146164-1005...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: 7EAED08CCCA4DDDE61A388C82598CFA9

Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-2760881593-2787157223-2369146164-1005...
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F

Located: Startup (user), services.lnk
where: C:\Documents and Settings\Ben\Start Menu\Programs\Startup...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
file: C:\PROGRA~1\MICROS~2\Office\OSA9.EXE
size: 65588
MD5: FFDC3BCBA32D5947CB628086193EBA19

Located: Startup (disabled), HOTLLAMA Update Check (DISABLED)
command: C:\PROGRA~1\HOTLLA~1\Player\WiseUpdt.exe /C
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), LimeWire On Startup (DISABLED)
command: C:\PROGRA~1\LimeWire\LimeWire.exe -startup
file: C:\PROGRA~1\LimeWire\LimeWire.exe
size: 81920
MD5: 97918093DD905F51B2985EA597160B9E

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, mljhhef
command: mljhhef.dll
file: mljhhef.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
SOFTWARE ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 9/5/2007 3:48:58 PM
Date (last access): 5/26/2008 10:33:14 AM
Date (last write): 9/5/2007 3:48:58 PM
Filesize: 816400
Attributes: archive
MD5: C1B2B3EF8AC5C8C32670D4EC7D524964
CRC32: AB11046B
Version: 2007.9.5.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 5/26/2008 11:00:56 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{598F4775-6FB6-477B-9842-E0426824E077} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 10/31/2006 2:33:52 PM
Date (last access): 5/26/2008 10:57:42 PM
Date (last write): 10/31/2006 2:33:52 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3

{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 3/11/2004 9:18:10 PM
Date (last access): 5/26/2008 10:27:56 PM
Date (last write): 11/8/2002 5:50:00 AM
Filesize: 94262
Attributes: archive
MD5: 5827F118BE2E058DA19E9D8B3F17593D
CRC32: F822EB29
Version: 3.50.21.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_04\bin\
Long name: ssv.dll
Short name:
Date (created): 5/10/2008 1:33:22 AM
Date (last access): 5/26/2008 11:09:32 PM
Date (last write): 12/14/2007 3:42:36 AM
Filesize: 509328
Attributes: archive
MD5: F10499962C264BB9E7CBBB9C4A428567
CRC32: DAE43815
Version: 6.0.40.12

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar4.dll
Short name: GOOGLE~4.DLL
Date (created): 2/6/2007 10:38:08 PM
Date (last access): 5/26/2008 10:33:14 AM
Date (last write): 1/19/2007 11:55:32 PM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{0000000A-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmsp9dmo.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer: C:\WINDOWS\Downloaded Program Files\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: YInstHelper.dll
Short name: YINSTH~1.DLL
Date (created): 3/15/2007 8:13:06 PM
Date (last access): 5/22/2008 1:00:54 AM
Date (last write): 3/15/2007 8:13:06 PM
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_04
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_04\bin\
Long name: npjpi160_04.dll
Short name: NPJPI1~1.DLL
Date (created): 12/14/2007 1:59:16 AM
Date (last access): 5/14/2008 12:43:46 AM
Date (last write): 12/14/2007 3:42:38 AM
Filesize: 132496
Attributes: archive
MD5: 58A1C3B13CC79E76F66CA6F8FED3B36A
CRC32: A4EACB48
Version: 6.0.40.12

{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_04
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_04\bin\
Long name: npjpi160_04.dll
Short name: NPJPI1~1.DLL
Date (created): 12/14/2007 1:59:16 AM
Date (last access): 5/26/2008 11:23:38 PM
Date (last write): 12/14/2007 3:42:38 AM
Filesize: 132496
Attributes: archive
MD5: 58A1C3B13CC79E76F66CA6F8FED3B36A
CRC32: A4EACB48
Version: 6.0.40.12

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_04
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_04\bin\
Long name: npjpi160_04.dll
Short name: NPJPI1~1.DLL
Date (created): 12/14/2007 1:59:16 AM
Date (last access): 5/26/2008 11:23:38 PM
Date (last write): 12/14/2007 3:42:38 AM
Filesize: 132496
Attributes: archive
MD5: 58A1C3B13CC79E76F66CA6F8FED3B36A
CRC32: A4EACB48
Version: 6.0.40.12

{D27CDB6E-AE6D-11CF-96B8-444553540000} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla



--- Process list ---
PID: 0 ( 0) [System]
PID: 696 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 744 ( 696) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 768 ( 696) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 812 ( 768) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 824 ( 768) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1004 ( 812) C:\WINDOWS\system32\ibmpmsvc.exe
size: 73782
MD5: 21ABD7E16659602723F984F512C65E02
PID: 1036 ( 812) C:\WINDOWS\system32\Ati2evxx.exe
size: 360448
MD5: 6633CBF0D658440F0962D90E5BD20DDE
PID: 1060 ( 812) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1136 ( 812) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1232 ( 812) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1460 ( 812) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1540 ( 812) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1760 ( 812) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169632
MD5: 3B4898CF051BB04FB76E94361E336A83
PID: 416 ( 812) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 192160
MD5: 0A6786C95A6F8715AA4285E3C27F201F
PID: 652 ( 768) C:\WINDOWS\system32\Ati2evxx.exe
size: 360448
MD5: 6633CBF0D658440F0962D90E5BD20DDE
PID: 1096 ( 740) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1316 ( 812) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 1160848
MD5: C830007369E18A54AED23B5BB3AFA2BA
PID: 1472 ( 812) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1174152
MD5: C1C706751F0499747DA9442C2679A0B7
PID: 1716 ( 812) C:\WINDOWS\System32\wltrysvc.exe
size: 65536
MD5: 3B2122844B8A31F16E786FC8EC4EF8E0
PID: 1728 (1716) C:\WINDOWS\System32\bcmwltry.exe
size: 962671
MD5: CAA073063BABB9321D1AD8BA0BACA816
PID: 1868 ( 812) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1564 ( 812) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 110592
MD5: 1961CB10BB48EB4D97E37DB6373E9E63
PID: 1780 ( 812) C:\Program Files\Symantec AntiVirus\DefWatch.exe
size: 31472
MD5: 1F709C66D8AADFF35530C56EE261C462
PID: 1920 ( 812) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2004 ( 812) C:\WINDOWS\System32\QCONSVC.EXE
size: 49152
MD5: CCA272FC46330EE13CC462E46AD4EC20
PID: 2040 ( 812) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 612 ( 812) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
size: 1813232
MD5: 8FDAADF204A4F29214DA1B03342E2735
PID: 1956 ( 812) C:\WINDOWS\system32\TpKmpSVC.exe
size: 32768
MD5: DFB268FF0A6DCB9280015FF527F892FF
PID: 1264 ( 812) C:\Program Files\Windows Media Player\WMPNetwk.exe
size: 913408
MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
PID: 3048 ( 812) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 352 (1096) C:\WINDOWS\Help\fmnljycky\services.exe
size: 102984
MD5: 267F3144E0A056A9F92AA99BDE27B024
PID: 2068 (1096) C:\Program Files\Generic\Seticon.exe
size: 40960
MD5: 2805580429081F9C2B8217F6087C4EE8
PID: 2168 (1096) C:\Program Files\Winamp\winampa.exe
size: 35328
MD5: EA7B08147C0CB85EEB4E48DC3444208E
PID: 2280 (1096) C:\WINDOWS\system32\wltray.exe
size: 778348
MD5: 186D4E58EA61D6D209C00A98CFD6C7CE
PID: 2928 (1096) C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 04A9F0C58B170F30445BCC0683EF9FFC
PID: 3404 (1096) C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
size: 144784
MD5: 9CC69118FDCBF17119F814FC0A65CA06
PID: 2484 (1096) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 52896
MD5: 1918A1D8E67A6452720797919FA520C9
PID: 3228 (1096) C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 125168
MD5: A1307C939E5216317E363D06A5473C7D
PID: 3464 (1096) C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 401496
MD5: 1F665588D5C4AC40D9BB2AD31B20D49F
PID: 3504 (1096) C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: 7EAED08CCCA4DDDE61A388C82598CFA9
PID: 1948 (1096) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2788 ( 812) C:\Program Files\iPod\bin\iPodService.exe
size: 504104
MD5: 1CB96E83FD76EB5580451CEF29E24303
PID: 3840 ( 348) C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
size: 103664
MD5: 708BEC2CAF30278A97EEEC84F32CE4A7
PID: 3696 (1096) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/26/2008 11:23:42 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://startzone.info/g
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page_bak
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Protocol 6: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *

Protocol 7: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 8: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 9: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 10: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 11: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 12: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 13: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 14: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5D4DAF22-5212-470C-A73A-7E4BA79493F3}] SEQPACKET 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5D4DAF22-5212-470C-A73A-7E4BA79493F3}] DATAGRAM 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BF3D5C47-D0A6-4909-B674-45CCE522CC10}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BF3D5C47-D0A6-4909-B674-45CCE522CC10}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{38B4229C-D733-4DE4-9C22-19CF43313032}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{38B4229C-D733-4DE4-9C22-19CF43313032}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{66ACD920-CFB2-42A3-83A5-731BEC73EF2D}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{66ACD920-CFB2-42A3-83A5-731BEC73EF2D}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DB6889B2-E5E2-491B-AD9D-66AF95E9C888}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DB6889B2-E5E2-491B-AD9D-66AF95E9C888}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5D4DAF22-5212-470C-A73A-7E4BA79493F3}] SEQPACKET 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5D4DAF22-5212-470C-A73A-7E4BA79493F3}] DATAGRAM 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{66ACD920-CFB2-42A3-83A5-731BEC73EF2D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip_{66ACD920-CFB2-42A3-83A5-731BEC73EF2D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38B4229C-D733-4DE4-9C22-19CF43313032}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38B4229C-D733-4DE4-9C22-19CF43313032}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6ACC0484-7B4A-4113-8D37-2E5EBD91F49D}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6ACC0484-7B4A-4113-8D37-2E5EBD91F49D}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF3D5C47-D0A6-4909-B674-45CCE522CC10}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF3D5C47-D0A6-4909-B674-45CCE522CC10}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 36: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C160E4E-5949-4C82-AC5A-042A12779579}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 37: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C160E4E-5949-4C82-AC5A-042A12779579}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 38: MSAFD NetBIOS [\Device\NetBT_Tcpip_{796C474E-A36A-4E11-96F5-9A1A660E1681}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 39: MSAFD NetBIOS [\Device\NetBT_Tcpip_{796C474E-A36A-4E11-96F5-9A1A660E1681}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 40: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3CCBB4F-5ED5-42BD-AB34-316F0501D99A}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 41: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3CCBB4F-5ED5-42BD-AB34-316F0501D99A}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 42: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BFBCC32-9338-4908-B4FD-00CA635DABFB}] SEQPACKET 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 43: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BFBCC32-9338-4908-B4FD-00CA635DABFB}] DATAGRAM 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*

please help i have been try to get rid of this thing for weeks
spybotsandra
2008-05-27, 09:49
Hello,

Please follow the procedure in this link: "BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288) and start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a helper will advise you when available.

Best regards
Sandra
Team Spybot