Removing Antispyware Soft

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Removing Antispyware Soft10th May 2010, 2:21 am

I ran the Malwarebytes in Safe Mode & also ran it on my desktop & my son's desktop. The virus started on my son's desktop. When I ran it on his the first time I saw the virus in the results. I said to remove it & restarted the computer but it did not get rid of it. The fake security pop-ups keep coming up on his desktop as the Malwarebytes scan is running. I just signed onto my desktop & the security pop-up is now on mine. What should I try next? Should I do a full system scan? When you sign in under Safe Mode, My son's sign on does not appear. I ran the scan on Administrator. Is this correct?

Re: Removing Antispyware Soft10th May 2010, 3:11 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see this topic.
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Re: Removing Antispyware Soft10th May 2010, 11:20 pm

ComboFix 10-05-10.02 - HP_Administrator 05/10/2010 18:42:14.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1374 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\HP_Administrator\Local Settings\temp\IadHide5.dll
c:\program files\Internet Explorer\SET442.tmp
c:\program files\Internet Explorer\SET443.tmp
c:\windows\Help\hp1100.hlp
.
---- Previous Run -------
.
c:\docume~1\Tom\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Tom\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 00:34 . 2010-05-10 00:35 61440 ----a-w- c:\windows\system32\drivers\qzoclxg.sys
2010-05-09 22:48 . 2010-05-09 22:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-09 22:11 . 2010-05-09 22:11 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert
2010-05-09 22:02 . 2010-05-10 22:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-09 21:02 . 2010-05-09 21:02 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-02 06:13 . 2010-05-02 07:09 -------- d-----w- c:\program files\Microsoft ActiveSync

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 22:20 . 2007-07-04 19:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-10 10:45 . 2009-06-11 22:31 -------- d-----w- c:\program files\DNA
2010-05-09 21:53 . 2009-02-03 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-09 14:34 . 2009-07-02 23:29 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-08 21:10 . 2009-08-24 02:29 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2010-05-08 21:06 . 2008-12-15 21:29 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-08 21:06 . 2006-06-02 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 21:06 . 2010-02-03 01:25 -------- d-----w- c:\program files\Celebrity Toolbar
2010-05-06 14:36 . 2009-09-22 22:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-15 03:26 . 2009-08-24 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-15 03:18 . 2010-02-01 11:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Orbit
2010-04-14 06:26 . 2006-06-02 02:11 -------- d-----w- c:\program files\Google
2010-04-08 22:44 . 2010-04-08 22:43 -------- d-----w- c:\program files\iTunes
2010-04-08 22:44 . 2010-04-08 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-08 22:43 . 2010-04-08 22:43 -------- d-----w- c:\program files\iPod
2010-04-08 22:43 . 2007-07-13 16:57 -------- d-----w- c:\program files\Common Files\Apple
2010-04-08 22:39 . 2010-04-08 22:38 -------- d-----w- c:\program files\QuickTime
2010-04-08 22:34 . 2010-04-08 22:34 -------- d-----w- c:\program files\Bonjour
2010-03-14 16:25 . 2010-03-14 16:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GrabPro
2010-03-10 06:15 . 2004-08-09 21:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 06:10 . 2008-01-06 15:01 79640 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-25 06:24 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-09 21:00 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-18 23:55 . 2006-11-04 18:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 14:08 . 2004-08-10 04:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-10 04:00 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2004-08-09 21:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-09 21:00 226880 ------w- c:\windows\system32\drivers\tcpip6.sys
2007-10-23 06:42 . 2007-10-23 05:47 5386752 -csha-w- c:\program files\ehthumbs.db
2004-08-09 21:00 . 2004-08-09 21:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-09 21:00 50688 --sh--w- c:\windows\twain_32.dll
2004-07-30 07:04 . 2004-07-30 07:04 1216 --sh--w- c:\windows\Twunk_16.dll
2004-07-30 07:04 . 2004-07-30 07:04 1216 --sh--w- c:\windows\Twunk_32.dll
2006-08-13 22:22 . 2006-08-13 22:22 22 -csha-w- c:\windows\SMINST\HPCD.sys
2008-04-14 00:11 . 2004-08-09 21:00 1028096 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2004-08-09 21:00 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-09 21:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-09 21:00 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-09 21:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-09 21:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-09 21:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-04 16010240]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-6-1 36903]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"medicsp2"=c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2/23/2008 07:37 PM 202280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 05:33 AM 24652]
S0 rjowepvx;rjowepvx;c:\windows\system32\drivers\xdjoqxmi.sys --> c:\windows\system32\drivers\xdjoqxmi.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c986121fd3dc22;Google Update Service (gupdate1c986121fd3dc22);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 11:14 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/3/2009 02:33 PM 38160]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/8/2008 06:22 PM 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/8/2008 06:22 PM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [9/8/2008 06:22 PM 22528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 23:28]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:14]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:14]

2010-01-09 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-12-19 09:06]

2010-05-10 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://rr.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Amanda\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7m78b74i.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 18:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSBAR.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\2.bin\\F3CJPEG.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\2.bin\\M3MSG.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID]
@DACL=(02 0000)
@="MyWebSearch.ChatSessionPlugin.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib]
@DACL=(02 0000)
@="{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version]
@DACL=(02 0000)
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyWebSearch.ChatSessionPlugin"

[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.DataControl\CLSID]
@DACL=(02 0000)
@="{25560540-9571-4D7B-9389-0F166788785A}"

[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.DataControl\CurVer]
@DACL=(02 0000)
@="FunWebProducts.DataControl.1"

[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.DataControl.1\CLSID]
@DACL=(02 0000)
@="{25560540-9571-4D7B-9389-0F166788785A}"

[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.IECookiesManager\CLSID]
@DACL=(02 0000)
@="{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}"

[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.IECookiesManager\CurVer]
@DACL=(02 0000)
@="FunWebProducts.IECookiesManager.1"

[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.KillerObjManager.1\CLSID]
@DACL=(02 0000)
@="{B813095C-81C0-4E40-AA14-67520372B987}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib]
@DACL=(02 0000)
@="{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib]
@DACL=(02 0000)
@="{8E6F1830-9607-4440-8530-13BE7C4B1D14}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib]
@DACL=(02 0000)
@="{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib]
@DACL=(02 0000)
@="{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib]
@DACL=(02 0000)
@="{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib]
@DACL=(02 0000)
@="{D518921A-4A03-425E-9873-B9A71756821E}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib]
@DACL=(02 0000)
@="{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib]
@DACL=(02 0000)
@="{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib]
@DACL=(02 0000)
@="{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib]
@DACL=(02 0000)
@="{07B18EA0-A523-4961-B6BB-170DE4475CCA}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.ChatSessionPlugin\CLSID]
@DACL=(02 0000)
@="{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}"

[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.ChatSessionPlugin\CurVer]
@DACL=(02 0000)
@="MyWebSearch.ChatSessionPlugin.1"

[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.ChatSessionPlugin.1\CLSID]
@DACL=(02 0000)
@="{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}"

[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.PseudoTransparentPlugin.1\CLSID]
@DACL=(02 0000)
@="{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]
@DACL=(02 0000)
@="HtmldocPlugin 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0]
@DACL=(02 0000)
@="Messenger 1.0 Type Library"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1876)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-10 19:14:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 23:14
ComboFix2.txt 2009-09-03 21:24
ComboFix3.txt 2008-08-23 23:54

Pre-Run: 201,521,963,008 bytes free
Post-Run: 201,933,053,952 bytes free

Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - C7C172A1AFDB0C1295AD63AD9389EA91

Re: Removing Antispyware Soft11th May 2010, 1:51 am

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

Removing Antispyware Soft

descriptionRemoving Antispyware Soft10th May 2010, 2:21 am

descriptionRe: Removing Antispyware Soft10th May 2010, 3:11 am

descriptionRe: Removing Antispyware Soft10th May 2010, 11:20 pm

descriptionRe: Removing Antispyware Soft11th May 2010, 1:51 am

descriptionRe: Removing Antispyware Soft