Results 1 to 2 of 2

Thread: Virtumonde, pleeeeease help!

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Posts
    2

    Default Virtumonde, pleeeeease help!

    I have some serious uglies from this thing! I get strings of non stop pop ups that lock down my pc. Here is the report I get after running the fix program. Help? Thank you!!!!!


    --- Search result list ---
    Hint of the Day: Click the bar at the right of this to see more information! ()


    Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

    Virtumonde: [SBI $4D2BC948] Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim

    Virtumonde.dll: [SBI $20ACC89A] Browser helper object (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ae512c3-ac56-475e-8967-7e1fdd63d7e9}

    Virtumonde.dll: [SBI $20ACC89A] Class ID (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ae512c3-ac56-475e-8967-7e1fdd63d7e9}

    Virtumonde.prx: [SBI $BCD343AF] Autorun settings (CPM5ff97515) (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CPM5ff97515

    Virtumonde.prx: [SBI $D9B85025] Autorun settings (zutuwuhulu) (Registry value, fixed)
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zutuwuhulu

    Virtumonde.prx: [SBI $D9B85025] Autorun settings (zutuwuhulu) (Registry value, fixed)
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zutuwuhulu

    Virtumonde.prx: [SBI $D9B85025] Autorun settings (zutuwuhulu) (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zutuwuhulu


    --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

    2008-07-07 blindman.exe (1.0.0.8)
    2008-07-07 SDFiles.exe (1.6.0.4)
    2008-07-07 SDMain.exe (1.0.0.6)
    2008-07-07 SDShred.exe (1.0.2.3)
    2008-07-07 SDUpdate.exe (1.6.0.8)
    2008-07-07 SDWinSec.exe (1.0.0.12)
    2008-07-07 SpybotSD.exe (1.6.0.30)
    2008-09-16 TeaTimer.exe (1.6.3.25)
    2009-01-03 unins000.exe (51.49.0.0)
    2008-07-07 Update.exe (1.6.0.7)
    2008-10-22 advcheck.dll (1.6.2.13)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-07-07 SDHelper.dll (1.6.0.12)
    2008-06-19 sqlite3.dll
    2008-07-07 Tools.dll (2.1.5.7)
    2008-11-04 Includes\Adware.sbi (*)
    2008-12-29 Includes\AdwareC.sbi (*)
    2008-06-03 Includes\Cookies.sbi (*)
    2008-09-02 Includes\Dialer.sbi (*)
    2008-09-09 Includes\DialerC.sbi (*)
    2008-07-23 Includes\HeavyDuty.sbi (*)
    2008-11-18 Includes\Hijackers.sbi (*)
    2008-12-22 Includes\HijackersC.sbi (*)
    2008-12-09 Includes\Keyloggers.sbi (*)
    2008-12-22 Includes\KeyloggersC.sbi (*)
    2008-11-18 Includes\Malware.sbi (*)
    2008-12-29 Includes\MalwareC.sbi (*)
    2008-12-16 Includes\PUPS.sbi (*)
    2008-12-16 Includes\PUPSC.sbi (*)
    2007-11-07 Includes\Revision.sbi (*)
    2008-06-18 Includes\Security.sbi (*)
    2008-12-29 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2008-12-10 Includes\Spyware.sbi (*)
    2008-12-10 Includes\SpywareC.sbi (*)
    2008-06-03 Includes\Tracks.uti
    2008-12-29 Includes\Trojans.sbi (*)
    2008-12-29 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB890629
    / Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB890760
    / Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB895198
    / Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB895678
    / Media Center 2005 / SP3: Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
    / Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player: Security Update for Windows Media Player (KB952069)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
    / Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
    / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
    / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP3: Windows XP Hotfix - KB834707
    / Windows XP / SP3: Windows XP Hotfix - KB867282
    / Windows XP / SP3: Windows XP Hotfix - KB873333
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Windows XP Hotfix - KB885250
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887472
    / Windows XP / SP3: Windows XP Hotfix - KB887742
    / Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
    / Windows XP / SP3: Windows XP Hotfix - KB888113
    / Windows XP / SP3: Windows XP Hotfix - KB888239
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Hotfix for Windows XP (KB888795)
    / Windows XP / SP3: Security Update for Windows XP (KB890046)
    / Windows XP / SP3: Windows XP Hotfix - KB890047
    / Windows XP / SP3: Windows XP Hotfix - KB890175
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB890923
    / Windows XP / SP3: Hotfix for Windows XP (KB891593)
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Security Update for Windows XP (KB893066)
    / Windows XP / SP3: Windows XP Hotfix - KB893086
    / Windows XP / SP3: Security Update for Windows XP (KB893756)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Update for Windows XP (KB894391)
    / Windows XP / SP3: Security Update for Windows XP (KB896358)
    / Windows XP / SP3: Security Update for Windows XP (KB896422)
    / Windows XP / SP3: Security Update for Windows XP (KB896423)
    / Windows XP / SP3: Security Update for Windows XP (KB896424)
    / Windows XP / SP3: Security Update for Windows XP (KB896428)
    / Windows XP / SP3: Security Update for Windows XP (KB896688)
    / Windows XP / SP3: Update for Windows XP (KB896727)
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP3: Hotfix for Windows XP (KB899337)
    / Windows XP / SP3: Hotfix for Windows XP (KB899510)
    / Windows XP / SP3: Security Update for Windows XP (KB899587)
    / Windows XP / SP3: Security Update for Windows XP (KB899588)
    / Windows XP / SP3: Security Update for Windows XP (KB899589)
    / Windows XP / SP3: Security Update for Windows XP (KB899591)
    / Windows XP / SP3: Update for Windows XP (KB900485)
    / Windows XP / SP3: Security Update for Windows XP (KB900725)
    / Windows XP / SP3: Security Update for Windows XP (KB901017)
    / Windows XP / SP3: Security Update for Windows XP (KB901214)
    / Windows XP / SP3: Security Update for Windows XP (KB902400)
    / Windows XP / SP3: Hotfix for Windows XP (KB902841)
    / Windows XP / SP3: Security Update for Windows XP (KB904706)
    / Windows XP / SP3: Security Update for Windows XP (KB905414)
    / Windows XP / SP3: Security Update for Windows XP (KB905749)
    / Windows XP / SP3: Security Update for Windows XP (KB905915)
    / Windows XP / SP3: Security Update for Windows XP (KB908519)
    / Windows XP / SP3: Security Update for Windows XP (KB908531)
    / Windows XP / SP3: Update for Windows XP (KB910437)
    / Windows XP / SP3: Security Update for Windows XP (KB911280)
    / Windows XP / SP3: Security Update for Windows XP (KB911562)
    / Windows XP / SP3: Security Update for Windows XP (KB911567)
    / Windows XP / SP3: Security Update for Windows XP (KB911927)
    / Windows XP / SP3: Security Update for Windows XP (KB912812)
    / Windows XP / SP3: Security Update for Windows XP (KB912919)
    / Windows XP / SP3: Security Update for Windows XP (KB913446)
    / Windows XP / SP3: Security Update for Windows XP (KB913580)
    / Windows XP / SP3: Security Update for Windows XP (KB914388)
    / Windows XP / SP3: Security Update for Windows XP (KB914389)
    / Windows XP / SP3: Security Update for Windows XP (KB916281)
    / Windows XP / SP3: Update for Windows XP (KB916595)
    / Windows XP / SP3: Security Update for Windows XP (KB917159)
    / Windows XP / SP3: Security Update for Windows XP (KB917344)
    / Windows XP / SP3: Security Update for Windows XP (KB917422)
    / Windows XP / SP3: Security Update for Windows XP (KB917953)
    / Windows XP / SP3: Security Update for Windows XP (KB918118)
    / Windows XP / SP3: Security Update for Windows XP (KB918439)
    / Windows XP / SP3: Security Update for Windows XP (KB918899)
    / Windows XP / SP3: Security Update for Windows XP (KB919007)
    / Windows XP / SP3: Security Update for Windows XP (KB920213)
    / Windows XP / SP3: Security Update for Windows XP (KB920214)
    / Windows XP / SP3: Security Update for Windows XP (KB920670)
    / Windows XP / SP3: Security Update for Windows XP (KB920683)
    / Windows XP / SP3: Security Update for Windows XP (KB920685)
    / Windows XP / SP3: Update for Windows XP (KB920872)
    / Windows XP / SP3: Security Update for Windows XP (KB921398)
    / Windows XP / SP3: Security Update for Windows XP (KB921503)
    / Windows XP / SP3: Security Update for Windows XP (KB921883)
    / Windows XP / SP3: Update for Windows XP (KB922582)
    / Windows XP / SP3: Security Update for Windows XP (KB922616)
    / Windows XP / SP3: Security Update for Windows XP (KB922760)
    / Windows XP / SP3: Security Update for Windows XP (KB922819)
    / Windows XP / SP3: Security Update for Windows XP (KB923191)
    / Windows XP / SP3: Security Update for Windows XP (KB923414)
    / Windows XP / SP3: Security Update for Windows XP (KB923694)
    / Windows XP / SP3: Security Update for Windows XP (KB923980)
    / Windows XP / SP3: Security Update for Windows XP (KB924191)
    / Windows XP / SP3: Security Update for Windows XP (KB924270)
    / Windows XP / SP3: Security Update for Windows XP (KB924496)
    / Windows XP / SP3: Security Update for Windows XP (KB924667)
    / Windows XP / SP3: Security Update for Windows XP (KB925454)
    / Windows XP / SP3: Security Update for Windows XP (KB925486)
    / Windows XP / SP3: Security Update for Windows XP (KB925902)
    / Windows XP / SP3: Hotfix for Windows XP (KB926239)
    / Windows XP / SP3: Security Update for Windows XP (KB926255)
    / Windows XP / SP3: Security Update for Windows XP (KB926436)
    / Windows XP / SP3: Security Update for Windows XP (KB927779)
    / Windows XP / SP3: Security Update for Windows XP (KB927802)
    / Windows XP / SP3: Update for Windows XP (KB927891)
    / Windows XP / SP3: Security Update for Windows XP (KB928090)
    / Windows XP / SP3: Security Update for Windows XP (KB928255)
    / Windows XP / SP3: Security Update for Windows XP (KB928843)
    / Windows XP / SP3: Security Update for Windows XP (KB929123)
    / Windows XP / SP3: Update for Windows XP (KB929338)
    / Windows XP / SP3: Security Update for Windows XP (KB929969)
    / Windows XP / SP3: Security Update for Windows XP (KB930178)
    / Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB930494)
    / Windows XP / SP3: Update for Windows XP (KB930916)
    / Windows XP / SP3: Security Update for Windows XP (KB931261)
    / Windows XP / SP3: Security Update for Windows XP (KB931768)
    / Windows XP / SP3: Security Update for Windows XP (KB931784)
    / Windows XP / SP3: Update for Windows XP (KB931836)
    / Windows XP / SP3: Security Update for Windows XP (KB932168)
    / Windows XP / SP3: Update for Windows XP (KB933360)
    / Windows XP / SP3: Security Update for Windows XP (KB933566)
    / Windows XP / SP3: Security Update for Windows XP (KB933729)
    / Windows XP / SP3: Hotfix for Windows XP (KB935448)
    / Windows XP / SP3: Security Update for Windows XP (KB935839)
    / Windows XP / SP3: Security Update for Windows XP (KB935840)
    / Windows XP / SP3: Security Update for Windows XP (KB936021)
    / Windows XP / SP3: Update for Windows XP (KB936357)
    / Windows XP / SP3: Security Update for Windows XP (KB937143)
    / Windows XP / SP3: Security Update for Windows XP (KB937894)
    / Windows XP / SP3: Security Update for Windows XP (KB938127)
    / Windows XP / SP3: Update for Windows XP (KB938828)
    / Windows XP / SP3: Security Update for Windows XP (KB938829)
    / Windows XP / SP3: Security Update for Windows XP (KB939653)
    / Windows XP / SP3: Security Update for Windows XP (KB941202)
    / Windows XP / SP3: Security Update for Windows XP (KB941568)
    / Windows XP / SP3: Security Update for Windows XP (KB941644)
    / Windows XP / SP3: Security Update for Windows XP (KB941693)
    / Windows XP / SP3: Security Update for Windows XP (KB942615)
    / Windows XP / SP3: Update for Windows XP (KB942763)
    / Windows XP / SP3: Update for Windows XP (KB942840)
    / Windows XP / SP3: Security Update for Windows XP (KB943055)
    / Windows XP / SP3: Security Update for Windows XP (KB943460)
    / Windows XP / SP3: Security Update for Windows XP (KB943485)
    / Windows XP / SP3: Security Update for Windows XP (KB944338)
    / Windows XP / SP3: Security Update for Windows XP (KB944533)
    / Windows XP / SP3: Security Update for Windows XP (KB944653)
    / Windows XP / SP3: Security Update for Windows XP (KB945553)
    / Windows XP / SP3: Security Update for Windows XP (KB946026)
    / Windows XP / SP3: Update for Windows XP (KB946627)
    / Windows XP / SP3: Security Update for Windows XP (KB947864)
    / Windows XP / SP3: Security Update for Windows XP (KB948590)
    / Windows XP / SP3: Security Update for Windows XP (KB948881)
    / Windows XP / SP3: Security Update for Windows XP (KB950749)
    / Windows XP / SP4: Security Update for Windows XP (KB938464)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Security Update for Windows XP (KB950759)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Update for Windows XP (KB951072-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951376)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951698)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB953838)
    / Windows XP / SP4: Security Update for Windows XP (KB953839)
    / Windows XP / SP4: Security Update for Windows XP (KB954211)
    / Windows XP / SP4: Security Update for Windows XP (KB954600)
    / Windows XP / SP4: Security Update for Windows XP (KB955069)
    / Windows XP / SP4: Update for Windows XP (KB955839)
    / Windows XP / SP4: Security Update for Windows XP (KB956390)
    / Windows XP / SP4: Security Update for Windows XP (KB956391)
    / Windows XP / SP4: Security Update for Windows XP (KB956802)
    / Windows XP / SP4: Security Update for Windows XP (KB956803)
    / Windows XP / SP4: Security Update for Windows XP (KB956841)
    / Windows XP / SP4: Security Update for Windows XP (KB957095)
    / Windows XP / SP4: Security Update for Windows XP (KB957097)
    / Windows XP / SP4: Security Update for Windows XP (KB958215)
    / Windows XP / SP4: Security Update for Windows XP (KB958644)
    / Windows XP / SP4: Security Update for Windows XP (KB960714)
    / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221


    --- Startup entries list ---
    Located: HK_LM:Run, CPM5ff97515
    command: Rundll32.exe "c:\windows\system32\zavinolo.dll",a
    file: c:\windows\system32\zavinolo.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    file: C:\WINDOWS\system32\NvCpl.dll
    size: 7700480
    MD5: C1EA489DD8B5E57B03E2FD5A1500621B

    Located: HK_LM:Run, TkBellExe
    command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    size: 180269
    MD5: 1AC2C58B587C70DE64582AD41EE79FBA

    Located: HK_LM:Run, zutuwuhulu
    command: Rundll32.exe "C:\WINDOWS\system32\nedenodi.dll",s
    file: C:\WINDOWS\system32\nedenodi.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, Spybot - Search & Destroy
    command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4891472
    MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855

    Located: HK_LM:RunOnce, SpybotDeletingA2991
    command: command /c del "c:\windows\system32\zavinolo.dll_old"
    file: command /c del "c:\windows\system32\zavinolo.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingA3926
    command: command /c del "C:\WINDOWS\system32\bafarobi.dll_old"
    file: command /c del "C:\WINDOWS\system32\bafarobi.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingA4647
    command: command /c del "C:\WINDOWS\system32\nedenodi.dll_old"
    file: command /c del "C:\WINDOWS\system32\nedenodi.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingC4096
    command: cmd /c del "c:\windows\system32\zavinolo.dll_old"
    file: cmd /c del "c:\windows\system32\zavinolo.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingC4995
    command: cmd /c del "C:\WINDOWS\system32\bafarobi.dll_old"
    file: cmd /c del "C:\WINDOWS\system32\bafarobi.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingC7167
    command: cmd /c del "C:\WINDOWS\system32\nedenodi.dll_old"
    file: cmd /c del "C:\WINDOWS\system32\nedenodi.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, MSMSGS
    where: PE_C_ADMINISTRATOR...
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

    Located: HK_CU:Run, zutuwuhulu
    where: S-1-5-19...
    command: Rundll32.exe "C:\WINDOWS\system32\nedenodi.dll",s
    file: C:\WINDOWS\system32\nedenodi.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, zutuwuhulu
    where: S-1-5-20...
    command: Rundll32.exe "C:\WINDOWS\system32\nedenodi.dll",s
    file: C:\WINDOWS\system32\nedenodi.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, ieupdate
    where: S-1-5-21-1385800157-3478035203-3302490641-1006...
    command: "C:\WINDOWS\system32\explorer32.exe"
    file: C:\WINDOWS\system32\explorer32.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, Yahoo! Pager
    where: S-1-5-21-1385800157-3478035203-3302490641-1006...
    command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    size: 4662776
    MD5: 3A756D4066CC3BB8426EB08ABB6B5B10

    Located: HK_CU:RunOnce, SpybotDeletingB127
    where: S-1-5-21-1385800157-3478035203-3302490641-1006...
    command: command /c del "C:\WINDOWS\system32\nedenodi.dll_old"
    file: command /c del "C:\WINDOWS\system32\nedenodi.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:RunOnce, SpybotDeletingB2068
    where: S-1-5-21-1385800157-3478035203-3302490641-1006...
    command: command /c del "c:\windows\system32\zavinolo.dll_old"
    file: command /c del "c:\windows\system32\zavinolo.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:RunOnce, SpybotDeletingB3856
    where: S-1-5-21-1385800157-3478035203-3302490641-1006...
    command: command /c del "C:\WINDOWS\system32\bafarobi.dll_old"
    file: command /c del "C:\WINDOWS\system32\bafarobi.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:RunOnce, SpybotDeletingD5266
    where: S-1-5-21-1385800157-3478035203-3302490641-1006...
    command: cmd /c del "C:\WINDOWS\system32\nedenodi.dll_old"
    file: cmd /c del "C:\WINDOWS\system32\nedenodi.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:RunOnce, SpybotDeletingD6637
    where: S-1-5-21-1385800157-3478035203-3302490641-1006...
    command: cmd /c del "c:\windows\system32\zavinolo.dll_old"
    file: cmd /c del "c:\windows\system32\zavinolo.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:RunOnce, SpybotDeletingD7890
    where: S-1-5-21-1385800157-3478035203-3302490641-1006...
    command: cmd /c del "C:\WINDOWS\system32\bafarobi.dll_old"
    file: cmd /c del "C:\WINDOWS\system32\bafarobi.dll_old"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
    command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: DFCB9ADE94A4F8A7C42EEF41101A30AD

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, igfxcui
    command: igfxsrvc.dll
    file: igfxsrvc.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Yahoo! Toolbar Helper
    description: Yahoo Companion!
    classification: Legitimate
    known filename: Ycomp*_*_*_*.dll
    info link: http://companion.yahoo.com/
    info source: TonyKlein
    Path: C:\Program Files\Yahoo!\Companion\Installs\cpn2\
    Long name: yt.dll
    Short name:
    Date (created): 1/3/2007 8:42:08 PM
    Date (last access): 1/15/2009 5:45:28 PM
    Date (last write): 10/26/2006 10:28:40 AM
    Filesize: 440384
    Attributes: archive
    MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
    CRC32: 9ED93A02
    Version: 2006.10.26.1

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Adobe PDF Reader Link Helper
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
    info link: http://www.adobe.com/products/acrobat/readstep2.html
    info source: TonyKlein
    Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
    Long name: AcroIEHelper.dll
    Short name: ACROIE~1.DLL
    Date (created): 12/14/2004 7:56:50 AM
    Date (last access): 1/15/2009 6:51:50 PM
    Date (last write): 12/18/2006 3:16:42 AM
    Filesize: 59032
    Attributes: archive
    MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20
    CRC32: 7B0A854F
    Version: 7.0.9.50

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 1/3/2009 6:27:34 PM
    Date (last access): 1/15/2009 6:44:38 PM
    Date (last write): 7/7/2008 9:41:58 AM
    Filesize: 1562448
    Attributes:
    MD5: 32981ADE44D01EC2A9EBC2E311291707
    CRC32: C2F522E6
    Version: 1.6.0.12

    {6ae512c3-ac56-475e-8967-7e1fdd63d7e9} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: husaleno.dll
    Short name:
    Date (created): 12/30/1899
    Date (last access): 1/15/2009 6:29:40 PM
    Date (last write): 12/30/1899
    Filesize: 68713
    Attributes: hidden sysfile archive
    MD5: 5BC6AEF6FE751DD6A406C63975B00E5F
    CRC32: 0DB8C7E0

    {d5d671d9-41a4-421e-96d1-1c73beb9050d} ({d0509beb-37c1-1d69-e124-4a149d176d5d})
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: {d0509beb-37c1-1d69-e124-4a149d176d5d}
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: khzqqq.dll
    Short name:
    Date (created): 1/15/2009 5:29:38 PM
    Date (last access): 1/15/2009 6:29:40 PM
    Date (last write): 1/15/2009 5:29:38 PM
    Filesize: 131915
    Attributes: hidden sysfile archive
    MD5: 44F8D1D3BB067DACAB52B813CFD881D2
    CRC32: 37AAD29C



    --- ActiveX list ---
    {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
    DPF name:
    CLSID name: Shockwave ActiveX Control
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://download.macromedia.com/pub/s...irector/sw.cab
    description: Macromedia ShockWave Flash Player 7
    classification: Legitimate
    known filename: SWDIR.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\macromed\Director\
    Long name: SwDir.dll
    Short name:
    Date (created): 9/2/2006 4:25:14 PM
    Date (last access): 1/1/2009 12:28:10 PM
    Date (last write): 7/28/2006 8:06:12 AM
    Filesize: 54960
    Attributes: archive
    MD5: 14115D5C1DE5F3103C169B7F4D1D562A
    CRC32: 819F0513
    Version: 10.1.3.18

    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://go.microsoft.com/fwlink/?linkid=39204
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 10/11/2007 1:12:48 PM
    Date (last access): 1/15/2009 5:57:28 PM
    Date (last write): 10/11/2007 1:12:48 PM
    Filesize: 1468968
    Attributes: archive
    MD5: FC6680B6D4812D017109518AC07DED0E
    CRC32: 4DC7C79C
    Version: 1.7.59.1

    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
    DPF name:
    CLSID name: YInstStarter Class
    Installer: C:\Program Files\Yahoo!\Common\yinst.inf
    Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
    description: Yahoo! Installation helper
    classification: Legitimate
    known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Yahoo!\Common\
    Long name: yinsthelper.dll
    Short name: YINSTH~1.DLL
    Date (created): 8/7/2005 10:35:46 AM
    Date (last access): 1/1/2009 12:28:04 PM
    Date (last write): 11/7/2004 3:29:46 PM
    Filesize: 173168
    Attributes: archive
    MD5: 4C0658E518FA9D08E884DB717A7087AE
    CRC32: FFDA1549
    Version: 2004.11.7.1

    {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object)
    DPF name:
    CLSID name: CPlayFirstDinerDash2Control Object
    Installer: C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48.inf
    Codebase: http://www.bigfishgames.com/online/d...2.1.0.0.48.cab
    description:
    classification: Open for discussion
    known filename: DinerDash2.1.0.0.48.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: DinerDash2.1.0.0.48.dll
    Short name: DINERD~1.DLL
    Date (created): 5/16/2006 10:59:30 AM
    Date (last access): 1/1/2009 12:28:32 PM
    Date (last write): 5/16/2006 10:59:30 AM
    Filesize: 145000
    Attributes: archive
    MD5: BABC013E38E67246FCEE68412314583D
    CRC32: A6828AE6
    Version: 1.0.0.48

    {77E32299-629F-43C6-AB77-6A1E6D7663F6} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase: http://www.nick.com/common/groove/gx/GrooveAX27.cab
    description:
    classification: Open for discussion
    known filename: GROOVEAX.DLL
    info link:
    info source: Safer Networking Ltd.

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_02
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.5.0_02\bin\
    Long name: NPJPI150_02.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/4/2005 9:36:50 AM
    Date (last access): 1/1/2009 12:59:28 PM
    Date (last write): 3/4/2005 9:54:18 AM
    Filesize: 69746
    Attributes: archive
    MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
    CRC32: 55F989EE
    Version: 5.0.20.9

    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_02
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: NPJPI150_02.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_02\bin\
    Long name: NPJPI150_02.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/4/2005 9:36:50 AM
    Date (last access): 1/15/2009 7:14:08 PM
    Date (last write): 3/4/2005 9:54:18 AM
    Filesize: 69746
    Attributes: archive
    MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
    CRC32: 55F989EE
    Version: 5.0.20.9

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://download.macromedia.com/pub/s...sh/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash9f.ocx
    Short name:
    Date (created): 3/24/2008 6:32:42 PM
    Date (last access): 1/15/2009 5:36:44 PM
    Date (last write): 3/24/2008 6:32:42 PM
    Filesize: 2991488
    Attributes: readonly archive
    MD5: 48FDF435B8595604E54125B321924510
    CRC32: 12335E29
    Version: 9.0.124.0



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 456 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 504 ( 456) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 528 ( 456) \??\C:\WINDOWS\system32\winlogon.exe
    size: 502272
    PID: 576 ( 528) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 588 ( 528) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 764 ( 576) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 816 ( 576) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 888 ( 576) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 988 ( 576) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1044 ( 576) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1216 ( 576) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
    PID: 1516 (1488) C:\WINDOWS\Explorer.EXE
    size: 1033216
    MD5: 97BD6515465659FF8F3B7BE375B2EA87
    PID: 1712 ( 576) C:\WINDOWS\eHome\ehRecvr.exe
    size: 237568
    MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
    PID: 1732 ( 576) C:\WINDOWS\eHome\ehSched.exe
    size: 102912
    MD5: A53243709439AC2A4C216B817F8D7411
    PID: 1832 ( 576) C:\WINDOWS\system32\nvsvc32.exe
    size: 159810
    MD5: 0FEBE37DB6650FAA5965C00545009D1D
    PID: 176 ( 576) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    size: 172032
    MD5: 33D7285F12D934268A34206DFC4AD1B3
    PID: 272 ( 576) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 876 ( 576) C:\WINDOWS\system32\dllhost.exe
    size: 5120
    MD5: DD87DB7387B9EB441C5674888A0D840C
    PID: 1376 ( 576) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 1364 (1516) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    size: 180269
    MD5: 1AC2C58B587C70DE64582AD41EE79FBA
    PID: 1472 (1516) C:\WINDOWS\system32\rundll32.exe
    size: 33280
    MD5: DA285490BBD8A1D0CE6623577D5BA1FF
    PID: 1572 (1516) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    size: 4662776
    MD5: 3A756D4066CC3BB8426EB08ABB6B5B10
    PID: 1912 (1516) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4891472
    MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
    PID: 2380 (1516) C:\Program Files\Windows Media Player\wmplayer.exe
    size: 64000
    MD5: D478331FEE85E840F7D89EDD06190DFC
    PID: 2684 (1516) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 7209069
    MD5: B8E1B08FD736DBAB8DBC850CC078E5CE
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 1/15/2009 7:14:08 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    \blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://safesearch.cyberdefender.com/smallsearch.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://home.sweetim.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://red.clientapps.yahoo.com/cust...ch/search.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://home.sweetim.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1DAE90C2-3A04-4BF4-838A-1536F209A6EB}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1DAE90C2-3A04-4BF4-838A-1536F209A6EB}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1647AB6D-425A-44C4-B5F0-4A5B2B38F99D}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1647AB6D-425A-44C4-B5F0-4A5B2B38F99D}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B0A6EF8-3ABD-4C90-B283-2DF0B2A07449}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B0A6EF8-3ABD-4C90-B283-2DF0B2A07449}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2BA1F2AE-E5B0-4AAB-ACC1-F80FFB585A8B}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2BA1F2AE-E5B0-4AAB-ACC1-F80FFB585A8B}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{03947A36-5B8A-43B3-8A41-72B75A842FB1}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{03947A36-5B8A-43B3-8A41-72B75A842FB1}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{464EEA8C-7E5D-4AA8-8A6F-77DFC08C1E50}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{464EEA8C-7E5D-4AA8-8A6F-77DFC08C1E50}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hello Dmorgan

    Please see this next

    Please follow the instructions in the above thread and then start a fresh topic with the logs required.

    Regards.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •