My free trial of NoAdware was picking up 2 things
1: LowZone.BB (after about an hour or so i figgered out that all it was finding was the block reg key from the imunizer (yes teh air turned blue =p :mad: ))
2: W32.Reper.D this is in C:\WINDOWS\veiwer.exe how can i either get rid of this trojan or find out weather i really do infact have it or if the $@#% noadware program s picking up on another block and not a trojan at all ?

Hello.

Please see: http://forums.spybot.info/showthread.php?t=9875

If you would like to post a Spybot S&D log so that we can check the System please do the following:
Spybot-S&D Version 1.4 :Systems Supported (http://www.safer-networking.org/en/spybotsd/index.html )

If you do not have version 1.4 please let us know.

Close all browsers
Open SpyBot, check for and get any updates available
Check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
Uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Uncheck[ ] Include list of Winsock LSPs in report
Now select (near the top) view report.
Click export and in the 'save in' box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

If you cannot attach the Spybot-S&D log take as many posts as needed, however the instructions given usually produce manageable logs.

Or:
Follow the instructions in this sticky topic to post a HJT log in malware removal.
"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and copy/paste the HJT log into the topic.

Regards. :)

ok, i have version 1.3 but i see 1.4 dl link, i havent used that hijack thing before either so might take a few tries, ill start dl them now!

wow this is fairly big do i post the sb sd log here or do i put in the smae place as the hijack logs go ?

Hello.

Did you check Version 1.4 :Systems Supported (http://www.safer-networking.org/en/spybotsd/index.html)?

If your system is supported did you remove version 1.3 as shown here: Uninstalling Previous Spybot-S&D (http://www.safer-networking.org/en/faq/27.html)

My instructions for providing a log should produce one that is not too huge. :) However, if you decide to start a topic in the malware forum, please post just the results of the on-line anti virus scan and the HJT log please.

Thanks.

yep I dl and installed 1.4 panda active scan says there is 21 spybots 1 dialer and 1 tool/rootkit i hope this is done right
--- Search result list ---
Congratulations!: No immediate threats were found. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-12-22 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-15 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2006-12-15 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-15 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-15 Includes\KeyloggersC.sbi (*)
2006-12-15 Includes\Malware.sbi (*)
2006-12-15 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-15 Includes\PUPSC.sbi (*)
2006-12-15 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2006-12-15 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-15 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2006-12-15 Includes\TrojansC.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB886906)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)


--- Startup entries list ---
Located: HK_LM:Run, avast!
command: E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 108160
MD5: 264c095d36aa973d9c64909124d0ba60

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 406016
MD5: ed0163acdb2834ac8f53b3265671fb1a

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 67a8dd30af82e412cb4bf1b6d1623809

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 96d2436434d14b99d0edf8a26be76eed

Located: HK_LM:Run, SiSPower
command: Rundll32.exe SiSPower.dll,ModeAgent
file: C:\WINDOWS\system32\Rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, SoundMan
command: soundman.exe
file: C:\WINDOWS\soundman.exe
size: 124416
MD5: 950c46d68ad83ba1c38d1513b8693b81

Located: HK_LM:Run, SoundMAX
command: "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
file: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
size: 860160
MD5: a00684fd9e951546e70a1b74bd62703e

Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
file: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1388544
MD5: c06f1a3ff958a10f828eee828623e193

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, EPSON Stylus C20 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\System32\E_SE.tmp"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
size: 68608
MD5: c9fe2cffc3e5ab9b31a5467eddae803b

Located: HK_CU:Run, Microsoft Works Update Detection
command: C:\Program Files\Microsoft Works\WkDetect.exe
file:

Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 7094272
MD5: b83e12b5341c5dcecc5c217a824ffeb1

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Documents and Settings\All Users\Documents\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Documents and Settings\All Users\Documents\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d

Located: HK_CU:Run, SUPERAntiSpyware
command: E:\SUPERAntiSpyware.exe
file: E:\SUPERAntiSpyware.exe
size: 1294336
MD5: 6b886baa18fb72130da05aac9d09daf4

Located: HK_CU:Run, Window Washer
command: C:\Program Files\Webroot\Washer\wwDisp.exe
file: C:\Program Files\Webroot\Washer\wwDisp.exe
size: 607232
MD5: 7f6886ab7eb84b19315d94f3f989b5fc

Located: HK_CU:Run, Yahoo! Pager
command: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
file:

Located: Startup (common), EPSON Status Monitor 3 Environment Check 2.lnk
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
size: 127488
MD5: 480a4c03fef58af24d840851edd186f9

Located: Startup (common), Utility Tray.lnk
command: C:\WINDOWS\system32\sistray.exe
file: C:\WINDOWS\system32\sistray.exe
size: 266240
MD5: dca1fe63d4f9e35006548b16738dc12f

Located: Startup (user), Xfire.lnk
command: E:\Program Files\Xfire\Xfire.exe
file: E:\Program Files\Xfire\Xfire.exe
size: 2737288
MD5: 6fcf47f6b2738923bec135f4cf2e2112

Located: Startup (disabled), Kaspersky Anti-Virus Monitor (DISABLED)
command: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Lite PC Whiz Edition\AvpM.exe
file:

Located: Win.ini, Run
command: C:\WESTWOOD\REDALERT\INSTICON.EXE
file:

Located: System.ini, !SASWinLogon
command: E:\SASWINLO.dll
file: E:\SASWINLO.dll
size: 258048
MD5: 878bd80fdc51f6074d7b664c253ede4c

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 1/07/2003 3:39:16 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 16/04/2001 5:39:02 p.m.
Filesize: 37808
Attributes: archive
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: E:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/05/2004 1:03:00 a.m.
Date (last access): 22/12/2006 3:23:20 p.m.
Date (last write): 31/05/2005 1:04:00 a.m.
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
BHO name:
CLSID name: ST
Path: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\
Long name: stmain.dll
Short name:
Date (created): 27/05/2005 2:51:38 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 13/08/2004 6:42:00 p.m.
Filesize: 155648
Attributes: archive
MD5: 0DA1349495955CB41A5899047C5A1267
CRC32: C050EECD
Version: 1.2.3000.1001

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
BHO name:
CLSID name: MSNToolBandBHO
Path: C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\
Long name: msntb.dll
Short name:
Date (created): 11/02/2006 6:44:16 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 17/01/2006 4:04:16 p.m.
Filesize: 282624
Attributes: archive
MD5: 6B3B0C6657B3DFEAD7ABC5BFEE45B347
CRC32: 1DF31317
Version: 1.2.5000.1021

--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab
description:
classification: Legitimate
known filename: msgrchkr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 29/05/2003 4:00:18 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 29/05/2003 4:00:18 p.m.
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 7.1.9502.1

{0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control)
DPF name:
CLSID name: TDServer Control
Installer: C:\WINDOWS\Downloaded Program Files\tdserver.inf
Codebase: http://www.kats-korner.com/wfplayer/tdserver.cab
description:
classification: Legitimate
known filename: TDSERVER.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: tdserver.ocx
Short name:
Date (created): 2/08/2000 1:26:58 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 2/08/2000 1:26:58 p.m.
Filesize: 372736
Attributes: archive
MD5: ACABD7A367F26B84BCA35C33376BC19D
CRC32: 16F9FA01
Version: 1.0.0.12

{14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~2.DLL
Date (created): 6/04/2004 7:03:54 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 6/04/2004 7:03:54 p.m.
Filesize: 172072
Attributes: archive
MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
CRC32: 76C3823D
Version: 9.2.7513.1

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 31/01/2003 2:30:14 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 3/09/2006 11:10:30 p.m.
Filesize: 54960
Attributes: archive
MD5: EB271B21EA6104B7C6946EF32D558C91
CRC32: CEC4E0C2
Version: 10.1.4.20

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 12/07/2005 6:04:22 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 19/06/2006 5:19:42 p.m.
Filesize: 571184
Attributes: archive
MD5: 31BF58C9814F840EB10A2B7A410ABEA3
CRC32: DAFAE165
Version: 1.5.540.0

{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 4:00:22 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 29/05/2003 4:00:22 p.m.
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\WINDOWS\Downloaded Program Files\yinst.inf
Codebase: http://download.yahoo.com/dl/installs/yinst.cab
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 11/07/2001 4:55:28 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 11/07/2001 4:55:28 p.m.
Filesize: 81920
Attributes: archive
MD5: F18F29A87DD4F311ED377B54E850DBEF
CRC32: 9C5F5456
Version: 2001.7.11.1

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)
DPF name:
CLSID name: FilePlanet Download Control Class
Installer:
Codebase: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
description:
classification: Legitimate
known filename: FilePlanetDownloadCtrl.dll
info link:
info source: Safer Networking Ltd.
Path: e:\Program Files\IGN\Download Manager\
Long name: FPDC.dll
Short name:
Date (created): 3/05/2006 4:43:42 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 18/05/2006 12:08:08 a.m.
Filesize: 353968
Attributes: archive
MD5: 5605DBE21BEAEB2A737984A8FF8C9C9A
CRC32: 57FE5DA1
Version: 2.2.2.89

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: MsnPUpld.dll
Short name:
Date (created): 8/10/2004 4:01:22 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 14/10/2005 11:02:36 a.m.
Filesize: 372736
Attributes: archive
MD5: C673BDB4BE7D28D36D39181F6183DFA2
CRC32: 18D2F4B2
Version: 10.0.911.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149338463770
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 3/08/2004 2:59:06 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 26/05/2005 5:19:32 a.m.
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5)
DPF name:
CLSID name: Housecall ActiveX 6.5
Installer: C:\WINDOWS\Downloaded Program Files\hcImpl.inf
Codebase: http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
description:
classification: Legitimate
known filename: Housecall_ActiveX.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 26/04/2006 6:51:28 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 26/04/2006 6:51:28 p.m.
Filesize: 359936
Attributes: archive
MD5: 9E964EFD02785E75819941DD486933AB
CRC32: FE48FA14
Version: 6.5.2.9

{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class)
DPF name:
CLSID name: GSDACtl Class
Installer:
Codebase: http://launch.gamespyarcade.com/software/launch/alaunch.cab
description:
classification: Legitimate
known filename: gsda.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: gsda.dll

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_03
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_03\bin\
Long name: NPJPI150_03.dll
Short name: NPJPI1~1.DLL
Date (created): 13/04/2005 4:48:56 a.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 13/04/2005 5:06:32 a.m.
Filesize: 69746
Attributes: archive
MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
CRC32: 868C298F
Version: 5.0.30.7

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 4:00:20 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 29/05/2003 4:00:20 p.m.
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 7/08/2003 10:02:50 a.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 11/04/2006 6:10:10 p.m.
Filesize: 135168
Attributes: archive
MD5: 7267AE9C8DF527C30885DC29687D2A9B
CRC32: 1B1733A3
Version: 58.5.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.8591319444
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 17/03/2005 3:48:34 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 17/03/2005 3:48:34 p.m.
Filesize: 113152
Attributes: archive
MD5: 92D24B6643919005213F60D5B537196A
CRC32: 31684779
Version: 1.0.0.2

{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 17/11/2004 10:44:52 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 17/11/2004 10:44:52 p.m.
Filesize: 114728
Attributes: archive
MD5: F94C4867418A1CA860D784CCD807740B
CRC32: 5DCE6500
Version: 9.3.2846.1

{C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 17/09/2003 3:15:16 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 17/09/2003 3:15:16 p.m.
Filesize: 318032
Attributes: archive
MD5: 8A5CEF5AC81CBA285FFB673CF5FEE5CB
CRC32: 3B8799AA
Version: 9.0.917.0

{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_03
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_03\bin\
Long name: NPJPI150_03.dll
Short name: NPJPI1~1.DLL
Date (created): 13/04/2005 4:48:56 a.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 13/04/2005 5:06:32 a.m.
Filesize: 69746
Attributes: archive
MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
CRC32: 868C298F
Version: 5.0.30.7

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8b.ocx
Short name:
Date (created): 31/03/2006 12:45:12 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 31/03/2006 12:45:12 p.m.
Filesize: 1443464
Attributes: readonly archive
MD5: 12719EDDAAB9CAEEF28C6E58192F594B
CRC32: 680E085C
Version: 8.0.24.0

{E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object)
DPF name:
CLSID name: ZoneChess Object
Installer:
Codebase: http://messenger.zone.msn.com/binary/Chess.cab31267.cab
description:
classification: Legitimate
known filename: Chess.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Chess.ocx
Short name:
Date (created): 5/08/2004 1:41:42 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 5/08/2004 1:41:42 p.m.
Filesize: 288296
Attributes: archive
MD5: 2560A95AF7BE3D5FAE330F4CD6140120
CRC32: D5F7341D
Version: 9.2.9844.1

{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
DPF name:
CLSID name: MSN Chat Control 4.5
Installer: C:\WINDOWS\Downloaded Program Files\MsnChat45.inf
Codebase: http://fdl.msn.com/public/chat/msnchat45.cab
description:
classification: Legitimate
known filename: MSNChat45.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSNChat45.ocx
Short name: MSNCHA~1.OCX
Date (created): 27/10/2003 11:35:44 a.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 27/10/2003 11:35:44 a.m.
Filesize: 510552
Attributes: archive
MD5: 60FED272BDBAFA8214E40AD376C9987E
CRC32: 5EE901FC
Version: 9.2.310.2401

{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
DPF name:
CLSID name: Solitaire Showdown Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
description:
classification: Legitimate
known filename: solitaireshowdown.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: solitaireshowdown.dll
Short name: SOLITA~1.DLL
Date (created): 29/05/2003 4:00:20 p.m.
Date (last access): 22/12/2006 3:14:42 p.m.
Date (last write): 29/05/2003 4:00:20 p.m.
Filesize: 86112
Attributes: archive
MD5: 6E0E81210B17C225AD8DBB86F0C41E32
CRC32: 1C944476
Version: 7.1.9502.1

--- Process list ---
PID: 0 ( 0) [System]
PID: 440 ( 4) \SystemRoot\System32\smss.exe
PID: 496 ( 440) \??\C:\WINDOWS\system32\csrss.exe
PID: 520 ( 440) \??\C:\WINDOWS\system32\winlogon.exe
PID: 564 ( 520) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 576 ( 520) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 716 ( 564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 776 ( 564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 812 ( 564) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 876 ( 564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 916 ( 564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1088 ( 564) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1216 ( 564) E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 59008
MD5: DC995DA2D258C0590C3AE07EC68BFEE6
PID: 1232 ( 564) E:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 108160
MD5: 1CA6D8776D4F615E7861E35221582AE0
PID: 1252 ( 564) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 343552
MD5: DD4DB777D2BA1E475F75015B90557795
PID: 1272 ( 564) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 1284 ( 564) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 323072
MD5: 4BB306AE21B59085D49CCA16EA7DAD18
PID: 1336 ( 564) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 1360 ( 564) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
size: 114688
MD5: 8AB495F0D82F81458BC9AC85E018FBBF
PID: 1476 ( 564) C:\WINDOWS\system32\nvsvc32.exe
size: 143436
MD5: AA78C4677E06CFD4FE048718EE7F6332
PID: 1544 ( 564) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
size: 45056

MD5: 3978F082274F723AD5A0A8058C2417DD
PID: 1572 ( 564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1936 ( 564) E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 251520
MD5: 30020C9FD8754F4099F9D868C6C87051
PID: 1996 ( 564) E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 370304
MD5: 165408DD1BB1CC1AC41115F906FCFACB
PID: 2016 ( 564) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2176 (2140) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 2396 (2176) C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 96D2436434D14B99D0EDF8A26BE76EED
PID: 2436 (2176) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1388544
MD5: C06F1A3FF958A10F828EEE828623E193
PID: 2444 (2176) C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
size: 860160
MD5: A00684FD9E951546E70A1B74BD62703E
PID: 2484 (2176) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 406016
MD5: ED0163ACDB2834AC8F53B3265671FB1A
PID: 2516 (2176) E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 108160
MD5: 264C095D36AA973D9C64909124D0BA60
PID: 2524 (2176) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
size: 68608
MD5: C9FE2CFFC3E5AB9B31A5467EDDAE803B
PID: 2536 (2176) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2544 (2176) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 7094272
MD5: B83E12B5341C5DCECC5C217A824FFEB1
PID: 2552 (2176) C:\Program Files\Webroot\Washer\wwDisp.exe
size: 607232
MD5: 7F6886AB7EB84B19315D94F3F989B5FC
PID: 2568 (2176) E:\SUPERAntiSpyware.exe
size: 1294336
MD5: 6B886BAA18FB72130DA05AAC9D09DAF4
PID: 2704 (2176) C:\WINDOWS\system32\sistray.exe
size: 266240
MD5: DCA1FE63D4F9E35006548B16738DC12F
PID: 3620 (1336) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 3464 (2176) E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4020 (3464) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 22/12/2006 3:34:23 p.m.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.xtramsn.co.nz/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.neopets.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

hope that isnt too long if it is i can try that HJT option, i appreciate the help ive been at this for hours but have to rely on av programs (about the most advance i can do is delete reg entries that scans show) i dont really have the knowledge oof what to look for.