Major problems!!!

Dave Thompson · Aug 27, 2005

On running a scan for spyware I found that the microsoft
anti spyware has removed essential files....especially my
XP restore function. Below is a list of the items it
removed.........can anybody assist me in what I have to do?
I have no email or internet access as my Nortons and
Firewall are all messed up.
Please help
Dave
Spyware Scan Details
Start Date: 24/08/2005 19:04:27
End Date: 24/08/2005 19:20:28
Total Time: 16 mins 1 secs

Detected Threats

Possible Hosts File Hijack Spyware more information...
Details: Possible Hosts File Hijack changes your Windows
hosts file.
Status: Removed
High threat - High-risk items have a large potential for
harm, such as loss of computer control, and should be
removed unless knowingly installed.

Infected files detected
c:\windows\hosts

BHO.Shginas Browser Plug-in more information...
Details: BHO.Shginas is a Browser Helper Object (BHO) for
Internet Explorer that modifies search pages.
Status: Removed
High threat - High-risk items have a large potential for
harm, such as loss of computer control, and should be
removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{98e46f0a-9da1-4258-
92c4-7ccae5d21e6e}\rp143\a0026760.dll

IPInsight Browser Plug-in more information...
Details: IPInsight is a process or Internet Explorer
browser helper object that monitors addresses entered into
web forms to compile a database of physical locations of
IP addresses.
Status: Removed
High threat - High-risk items have a large potential for
harm, such as loss of computer control, and should be
removed unless knowingly installed.

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie.1
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie BabeIE
HKEY_LOCAL_MACHINE\software\classes\babeie.handler\clsid
HKEY_LOCAL_MACHINE\software\classes\babeie.handler\clsid
{9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
HKEY_LOCAL_MACHINE\software\classes\babeie.handler\curver
HKEY_LOCAL_MACHINE\software\classes\babeie.handler\curver
BabeIE.Handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.helper\clsid
HKEY_LOCAL_MACHINE\software\classes\babeie.helper\clsid
{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\software\classes\babeie.helper\curver
HKEY_LOCAL_MACHINE\software\classes\babeie.helper\curver
BabeIE.Helper.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{6656b666-992f-
4d74-8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie.1\CLSID
{00000000-0000-0000-0000-000000000000}
HKEY_LOCAL_MACHINE\software\classes\clsid\{6656b666-992f-
4d74-8588-8ca69e97d90c}\InprocServer32 C:\PROGRA~1\COMMON~2
\Toolbar\CNBabe.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{6656b666-992f-
4d74-8588-8ca69e97d90c}\InprocServer32 ThreadingModel
Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{6656b666-992f-
4d74-8588-8ca69e97d90c}\ProgID BabeIE.Helper.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{6656b666-992f-
4d74-8588-8ca69e97d90c}\TypeLib {DD0032DF-CEEF-4E0A-8B75-
E4D8861E11E5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{6656b666-992f-
4d74-8588-8ca69e97d90c}\VersionIndependentProgID
BabeIE.Helper
HKEY_LOCAL_MACHINE\software\classes\clsid\{6656b666-992f-
4d74-8588-8ca69e97d90c} Helper
HKEY_LOCAL_MACHINE\software\classes\clsid\{9346a6bb-1ed0-
4174-afb4-13cd4ec0aa40}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9346a6bb-1ed0-
4174-afb4-13cd4ec0aa40}\InprocServer32 C:\PROGRA~1\COMMON~2
\Toolbar\CNBabe.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{9346a6bb-1ed0-
4174-afb4-13cd4ec0aa40}\InprocServer32 ThreadingModel
Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{9346a6bb-1ed0-
4174-afb4-13cd4ec0aa40}\ProgID BabeIE.Handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie.1 BabeIE
HKEY_LOCAL_MACHINE\software\classes\clsid\{9346a6bb-1ed0-
4174-afb4-13cd4ec0aa40}\TypeLib {DD0032DF-CEEF-4E0A-8B75-
E4D8861E11E5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9346a6bb-1ed0-
4174-afb4-13cd4ec0aa40}\VersionIndependentProgID
BabeIE.Handler
HKEY_LOCAL_MACHINE\software\classes\clsid\{9346a6bb-1ed0-
4174-afb4-13cd4ec0aa40} Handler
HKEY_LOCAL_MACHINE\software\classes\interface\{99908473-
1135-4009-be4f-32b921f86ed9}
HKEY_LOCAL_MACHINE\software\classes\interface\{99908473-
1135-4009-be4f-32b921f86ed9}\ProxyStubClsid {00020424-0000-
0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{99908473-
1135-4009-be4f-32b921f86ed9}\ProxyStubClsid32 {00020424-
0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{99908473-
1135-4009-be4f-32b921f86ed9}\TypeLib {D879D743-E2CC-4161-
8034-2234203681C9}
HKEY_LOCAL_MACHINE\software\classes\interface\{99908473-
1135-4009-be4f-32b921f86ed9}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{99908473-
1135-4009-be4f-32b921f86ed9} IAgentIE
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie\clsid
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie\clsid
{00000000-0000-0000-0000-000000000000}
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie\curver
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie\curver
BabeIE.AgentIE.1
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie
HKEY_LOCAL_MACHINE\software\classes\babeie.agentie\CurVer
BabeIE.AgentIE.1

Verticity.IEDriver Adware more information...
Details: Verticity downloads and displays advertisements.
Status: Removed
Elevated threat - Elevated-risk items have some potential
for harm. Users should review such programs and remove
them if unwanted.

Infected files detected
c:\system volume information\_restore{98e46f0a-9da1-4258-
92c4-7ccae5d21e6e}\rp146\a0026931.exe

CommonName Settings Modifier more information...
Details: CommonName is a keywords service that allows you
to enter simple names instead of URLs. The software is a
search redirector and displays advertisements.
Status: Removed
Elevated threat - Elevated-risk items have some potential
for harm. Users should review such programs and remove
them if unwanted.

Infected files detected
c:\program files\commonname\toolbar\babe.dat
c:\program files\commonname\toolbar\cnbabe.dll
c:\program files\commonname\toolbar\cnmib.dll
c:\program files\commonname\toolbar\createbookmark.htm
c:\program files\commonname\toolbar\createnote.htm
c:\program files\commonname\toolbar\emaillink.htm
c:\program files\commonname\toolbar\mib.dat
c:\program files\commonname\toolbar\navigate.htm
c:\program files\commonname\toolbar\unins.exe

Infected folders detected
c:\program files\commonname
c:\program files\commonname\toolbar

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-
0000-0000-000000000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabeIE.Handler.1
HKEY_LOCAL_MACHINE\software\classes\protocols\handler\cn
HKEY_LOCAL_MACHINE\software\classes\protocols\handler\cn
cn: Asychronous Pluggable Protocol Handler
HKEY_LOCAL_MACHINE\software\classes\protocols\handler\cn
CLSID {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-
4161-8034-2234203681c9}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-
4161-8034-2234203681c9}\1.0\0\win32 C:\PROGRA~1\COMMON~2
\Toolbar\CNBabe.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-
4161-8034-2234203681c9}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-
4161-8034-2234203681c9}\1.0\HELPDIR C:\PROGRA~1\COMMON~2
\Toolbar\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-
4161-8034-2234203681c9}\1.0 BabeIE2 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\CommonName\User
HKEY_LOCAL_MACHINE\SOFTWARE\CommonName\User UID {B691EEB0-
A870-496E-B285-9CBA89D11FE4}
HKEY_CLASSES_ROOT\babeie.agentie.1
HKEY_LOCAL_MACHINE\SOFTWARE\CommonName\User UDT 23/08/2005
HKEY_LOCAL_MACHINE\SOFTWARE\CommonName\User VER 3.63
HKEY_LOCAL_MACHINE\SOFTWARE\CommonName\User BAT 4.0
HKEY_LOCAL_MACHINE\SOFTWARE\CommonName\User DSN CN
HKEY_LOCAL_MACHINE\software\commonname
HKEY_LOCAL_MACHINE\software\commonname\BabeIE Version 3.62
HKEY_LOCAL_MACHINE\software\commonname\BabeIE IsReported 1
HKEY_LOCAL_MACHINE\software\commonname\BabeIE
LastHeartbeat 24/08/2005
HKEY_LOCAL_MACHINE\software\commonname\BabeIE LastTimer
07:42:36
HKEY_LOCAL_MACHINE\software\commonname\BabeIE heartbeat 1
HKEY_CLASSES_ROOT\babeie.agentie.1\CLSID {00000000-0000-
0000-0000-000000000000}
HKEY_LOCAL_MACHINE\software\commonname\BabeIE Verion 3.60
HKEY_LOCAL_MACHINE\software\commonname\BabeIE Status 0
HKEY_LOCAL_MACHINE\software\commonname\BabeIE Data 0
HKEY_LOCAL_MACHINE\software\commonname\BabeIE Ctl 0
HKEY_LOCAL_MACHINE\software\commonname\User UID {B691EEB0-
A870-496E-B285-9CBA89D11FE4}
HKEY_LOCAL_MACHINE\software\commonname\User UDT 23/08/2005
HKEY_LOCAL_MACHINE\software\commonname\User VER 3.63
HKEY_LOCAL_MACHINE\software\commonname\User BAT 4.0
HKEY_LOCAL_MACHINE\software\commonname\User DSN CN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\BrowserAgent
HKEY_CLASSES_ROOT\babeie.agentie.1 BabeIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\BrowserAgent Text
Enable CommonName Address Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\BrowserAgent Type
checkbox
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\BrowserAgent
DefaultValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\BrowserAgent
CheckedValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\BrowserAgent
UncheckedValue 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\BrowserAgent RegPath
Software\CommonName\AgentIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\BrowserAgent ValueName
EnableBrowserAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveBookmarkName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveBookmarkName
Text Resolve Browser Favorite Names
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveBookmarkName
Type checkbox
HKEY_CLASSES_ROOT\babeie.agentie
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveBookmarkName
DefaultValue 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveBookmarkName
CheckedValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveBookmarkName
UncheckedValue 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveBookmarkName
RegPath Software\CommonName\AgentIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveBookmarkName
ValueName ResolveBookmarkName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveIntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveIntranetName
Text Resolve Intranet Server Names
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveIntranetName
Type checkbox
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveIntranetName
DefaultValue 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveIntranetName
CheckedValue 1
HKEY_CLASSES_ROOT\babeie.agentie\CLSID {00000000-0000-0000-
0000-000000000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveIntranetName
UncheckedValue 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveIntranetName
RegPath Software\CommonName\AgentIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\ResolveIntranetName
ValueName ResolveIntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\Tooltip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\Tooltip Text Show
Address Bar Tooltip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\Tooltip Type checkbox
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\Tooltip DefaultValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\Tooltip CheckedValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\Tooltip UncheckedValue
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\Tooltip RegPath
Software\CommonName\AgentIE
HKEY_CLASSES_ROOT\babeie.agentie\CurVer BabeIE.AgentIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CommonName\Tooltip ValueName
ShowTooltip
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\BrowserAgent Text
Enable CommonName Address Bar
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\BrowserAgent Type
checkbox
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\BrowserAgent
DefaultValue 1
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\BrowserAgent
CheckedValue 1
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\BrowserAgent
UncheckedValue 0
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\BrowserAgent RegPath
Software\CommonName\AgentIE
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\BrowserAgent ValueName
EnableBrowserAgent
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveBookmarkName
Text Resolve Browser Favorite Names
HKEY_CLASSES_ROOT\babeie.agentie BabeIE
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveBookmarkName
Type checkbox
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveBookmarkName
DefaultValue 0
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveBookmarkName
CheckedValue 1
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveBookmarkName
UncheckedValue 0
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveBookmarkName
RegPath Software\CommonName\AgentIE
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveBookmarkName
ValueName ResolveBookmarkName
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveIntranetName
Text Resolve Intranet Server Names
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveIntranetName
Type checkbox
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveIntranetName
DefaultValue 0
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveIntranetName
CheckedValue 1
HKEY_CLASSES_ROOT\babeie.handler.1
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveIntranetName
UncheckedValue 0
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveIntranetName
RegPath Software\CommonName\AgentIE
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\ResolveIntranetName
ValueName ResolveIntranetName
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\Tooltip Text Show
Address Bar Tooltip
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\Tooltip Type checkbox
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\Tooltip DefaultValue 1
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\Tooltip CheckedValue 1
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\Tooltip UncheckedValue
0
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\Tooltip RegPath
Software\CommonName\AgentIE
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname\Tooltip ValueName
ShowTooltip
HKEY_CLASSES_ROOT\babeie.handler.1\CLSID {9346A6BB-1ED0-
4174-AFB4-13CD4EC0AA40}
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname Text CommonName
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname Type group
HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\commonname Bitmap C:\Program
Files\CommonName\Toolbar\CNBabe.dll,104
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio
n\explorer\browser helper objects\{00000000-0000-0000-0000-
000000000000}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio
n\explorer\browser helper objects\{00000000-0000-0000-0000-
000000000000} BabeIE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio
n\uninstall\commonname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio
n\uninstall\commonname DisplayName CommonName
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio
n\uninstall\commonname UninstallString "C:\Program
Files\CommonName\Toolbar\unins.exe"
HKEY_CLASSES_ROOT\BabeIE.AgentIE.1
HKEY_CLASSES_ROOT\babeie.handler.1 Handler
HKEY_CLASSES_ROOT\babeie.handler
HKEY_CLASSES_ROOT\babeie.handler\CLSID {9346A6BB-1ED0-4174-
AFB4-13CD4EC0AA40}
HKEY_CLASSES_ROOT\babeie.handler\CurVer BabeIE.Handler.1
HKEY_CLASSES_ROOT\babeie.handler Handler
HKEY_CLASSES_ROOT\babeie.helper.1
HKEY_CLASSES_ROOT\babeie.helper.1\CLSID {6656b666-992f-
4d74-8588-8ca69e97d90c}
HKEY_CLASSES_ROOT\babeie.helper.1 Helper
HKEY_CLASSES_ROOT\babeie.helper
HKEY_CLASSES_ROOT\babeie.helper\CLSID {6656b666-992f-4d74-
8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabeIE.AgentIE.1
HKEY_CLASSES_ROOT\babeie.helper\CurVer BabeIE.Helper.1
HKEY_CLASSES_ROOT\babeie.helper Helper
HKEY_CLASSES_ROOT\clsid\{6656b666-992f-4d74-8588-
8ca69e97d90c}
HKEY_CLASSES_ROOT\clsid\{6656b666-992f-4d74-8588-
8ca69e97d90c}\InprocServer32 C:\PROGRA~1\COMMON~2
\Toolbar\CNBabe.dll
HKEY_CLASSES_ROOT\clsid\{6656b666-992f-4d74-8588-
8ca69e97d90c}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{6656b666-992f-4d74-8588-
8ca69e97d90c}\ProgID BabeIE.Helper.1
HKEY_CLASSES_ROOT\clsid\{6656b666-992f-4d74-8588-
8ca69e97d90c}\TypeLib {DD0032DF-CEEF-4E0A-8B75-
E4D8861E11E5}
HKEY_CLASSES_ROOT\clsid\{6656b666-992f-4d74-8588-
8ca69e97d90c}\VersionIndependentProgID BabeIE.Helper
HKEY_CLASSES_ROOT\clsid\{6656b666-992f-4d74-8588-
8ca69e97d90c} Helper
HKEY_CLASSES_ROOT\clsid\{9346a6bb-1ed0-4174-afb4-
13cd4ec0aa40}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-
000000000000}
HKEY_CLASSES_ROOT\clsid\{9346a6bb-1ed0-4174-afb4-
13cd4ec0aa40}\InprocServer32 C:\PROGRA~1\COMMON~2
\Toolbar\CNBabe.dll
HKEY_CLASSES_ROOT\clsid\{9346a6bb-1ed0-4174-afb4-
13cd4ec0aa40}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9346a6bb-1ed0-4174-afb4-
13cd4ec0aa40}\ProgID BabeIE.Handler.1
HKEY_CLASSES_ROOT\clsid\{9346a6bb-1ed0-4174-afb4-
13cd4ec0aa40}\TypeLib {DD0032DF-CEEF-4E0A-8B75-
E4D8861E11E5}
HKEY_CLASSES_ROOT\clsid\{9346a6bb-1ed0-4174-afb4-
13cd4ec0aa40}\VersionIndependentProgID BabeIE.Handler
HKEY_CLASSES_ROOT\clsid\{9346a6bb-1ed0-4174-afb4-
13cd4ec0aa40} Handler
HKEY_CLASSES_ROOT\interface\{2d0f5208-3198-49a4-86a7-
d65e9e582751}
HKEY_CLASSES_ROOT\interface\{2d0f5208-3198-49a4-86a7-
d65e9e582751}\ProxyStubClsid {00020424-0000-0000-C000-
000000000046}
HKEY_CLASSES_ROOT\interface\{2d0f5208-3198-49a4-86a7-
d65e9e582751}\ProxyStubClsid32 {00020424-0000-0000-C000-
000000000046}
HKEY_CLASSES_ROOT\interface\{2d0f5208-3198-49a4-86a7-
d65e9e582751}\TypeLib {D879D743-E2CC-4161-8034-
2234203681C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6656b666-992f-
4d74-8588-8ca69e97d90c}
HKEY_CLASSES_ROOT\interface\{2d0f5208-3198-49a4-86a7-
d65e9e582751}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{2d0f5208-3198-49a4-86a7-
d65e9e582751} IHelper
HKEY_CLASSES_ROOT\interface\{99908473-1135-4009-be4f-
32b921f86ed9}
HKEY_CLASSES_ROOT\interface\{99908473-1135-4009-be4f-
32b921f86ed9}\ProxyStubClsid {00020424-0000-0000-C000-
000000000046}
HKEY_CLASSES_ROOT\interface\{99908473-1135-4009-be4f-
32b921f86ed9}\ProxyStubClsid32 {00020424-0000-0000-C000-
000000000046}
HKEY_CLASSES_ROOT\interface\{99908473-1135-4009-be4f-
32b921f86ed9}\TypeLib {D879D743-E2CC-4161-8034-
2234203681C9}
HKEY_CLASSES_ROOT\interface\{99908473-1135-4009-be4f-
32b921f86ed9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{99908473-1135-4009-be4f-
32b921f86ed9} IAgentIE
HKEY_CLASSES_ROOT\protocols\handler\cn
HKEY_CLASSES_ROOT\protocols\handler\cn cn: Asychronous
Pluggable Protocol Handler
HKEY_CLASSES_ROOT\BabeIE.Helper.1
HKEY_CLASSES_ROOT\protocols\handler\cn CLSID {9346A6BB-
1ED0-4174-AFB4-13CD4EC0AA40}
HKEY_CLASSES_ROOT\typelib\{d879d743-e2cc-4161-8034-
2234203681c9}
HKEY_CLASSES_ROOT\typelib\{d879d743-e2cc-4161-8034-
2234203681c9}\1.0\0\win32 C:\PROGRA~1\COMMON~2
\Toolbar\CNBabe.dll
HKEY_CLASSES_ROOT\typelib\{d879d743-e2cc-4161-8034-
2234203681c9}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{d879d743-e2cc-4161-8034-
2234203681c9}\1.0\HELPDIR C:\PROGRA~1\COMMON~2\Toolbar\
HKEY_CLASSES_ROOT\typelib\{d879d743-e2cc-4161-8034-
2234203681c9}\1.0 BabeIE2 1.0 Type Library
HKEY_CURRENT_USER\software\commonname
HKEY_CURRENT_USER\software\commonname\BabeIE Version 3.62
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\add a page note
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\add a page note contexts 63
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BabeIE.Helper.1
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\add a page note C:\Program
Files\CommonName\Toolbar\createnote.htm
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\bookmark this page
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\bookmark this page C:\Program
Files\CommonName\Toolbar\createbookmark.htm
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\bookmark this page contexts 63
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\email this link
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\email this link contexts 63
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\email this link C:\Program
Files\CommonName\Toolbar\emaillink.htm
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\search using commonname
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\search using commonname contexts 16
HKEY_CURRENT_USER\software\microsoft\internet
explorer\menuext\search using commonname C:\Program
Files\CommonName\Toolbar\navigate.htm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9346A6BB-1ED0-
4174-AFB4-13CD4EC0AA40}
HKEY_LOCAL_MACHINE\software\classes\babeie.handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.handler.1\CLSID
{9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
HKEY_LOCAL_MACHINE\software\classes\babeie.handler.1
Handler
HKEY_LOCAL_MACHINE\software\classes\babeie.handler
HKEY_LOCAL_MACHINE\software\classes\babeie.handler\CLSID
{9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
HKEY_LOCAL_MACHINE\software\classes\babeie.handler\CurVer
BabeIE.Handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.handler Handler
HKEY_LOCAL_MACHINE\software\classes\babeie.helper.1
HKEY_LOCAL_MACHINE\software\classes\babeie.helper.1\CLSID
{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\software\classes\babeie.helper.1 Helper
HKEY_CLASSES_ROOT\BabeIE.Handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.helper
HKEY_LOCAL_MACHINE\software\classes\babeie.helper\CLSID
{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\software\classes\babeie.helper\CurVer
BabeIE.Helper.1
HKEY_LOCAL_MACHINE\software\classes\babeie.helper Helper
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-
3198-49a4-86a7-d65e9e582751}
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-
3198-49a4-86a7-d65e9e582751}\ProxyStubClsid {00020424-0000-
0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-
3198-49a4-86a7-d65e9e582751}\ProxyStubClsid32 {00020424-
0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-
3198-49a4-86a7-d65e9e582751}\TypeLib {D879D743-E2CC-4161-
8034-2234203681C9}
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-
3198-49a4-86a7-d65e9e582751}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-
3198-49a4-86a7-d65e9e582751} IHelper

Detected Spyware Cookies
No spyware cookies were found during this scan.

bill sanderson · Aug 27, 2005

That's a long list, but I didn't spot any essential
system files in there, except for hosts, which I suspect
is not a problem.

Please follow the advice in this KB article which should
get this fixed for you quickly:

http://support.microsoft.com/kb/892350

Robin Walker [MVP] · Aug 27, 2005

Dave Thompson said:
On running a scan for spyware I found that the microsoft
anti spyware has removed essential files....especially my
XP restore function. Below is a list of the items it
removed.........can anybody assist me in what I have to do?

I looked at your list but I could not see any "essential files" that had
been removed. I could see massive numbers of malware files and registry
entries being zapped, which must be a good thing.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;892350 to
recover your internet access.

If you do not have the latest version 1.0.615 of Microsoft AntiSpyware, then
download the new installer by following the download links from
http://www.microsoft.com/spyware and then install the latest version.

Drew T · Aug 28, 2005

Dave,

Everything removed was spyware. However I've experienced problems in the
past removing multiple Registry items even though they were needed to be
removed. Going forward, whenever registry keys are being removed, open
regedit & save it's contents before removing.

-open Regedit > right-click My Computer > select Export, name file & save

what to do now? try using the System File Checker command.
* insert WinXP CD
* click Start > Run > type sfc /scannow (note space bewteen 'sfc /sc'),
click OK
* Scan should begin verifying files are in place & not corrupted
Drew

False Positive for NetSlayer trojan	1	Feb 14, 2005
False positive on Avencis product (SSOX)	1	Jan 10, 2005
virtumondo adware - does this info help?	11	Sep 27, 2005
Please help me	1	Apr 11, 2005
Spywarte Found even after Microsoft AntiSpyware Said it was Clean	1	Mar 23, 2005
FALSE POSITIVE? Steganos Security Suite 6 detected as AutoSearch	1	Nov 15, 2005
Registry Problem	7	Aug 30, 2005
"Upgrade Pack 98" and the "1 minute freeze".	3	Nov 5, 2006

Major problems!!!

Dave Thompson

bill sanderson

Robin Walker [MVP]

Drew T

Ask a Question

Similar Threads