ComboFix 10-05-10.02 - HP_Administrator 05/10/2010 18:42:14.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1374 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\HP_Administrator\Local Settings\temp\IadHide5.dll
c:\program files\Internet Explorer\SET442.tmp
c:\program files\Internet Explorer\SET443.tmp
c:\windows\Help\hp1100.hlp
.
---- Previous Run -------
.
c:\docume~1\Tom\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Tom\Local Settings\temp\IadHide5.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.
2010-05-10 00:34 . 2010-05-10 00:35 61440 ----a-w- c:\windows\system32\drivers\qzoclxg.sys
2010-05-09 22:48 . 2010-05-09 22:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-09 22:11 . 2010-05-09 22:11 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert
2010-05-09 22:02 . 2010-05-10 22:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-09 21:02 . 2010-05-09 21:02 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-02 06:13 . 2010-05-02 07:09 -------- d-----w- c:\program files\Microsoft ActiveSync
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 22:20 . 2007-07-04 19:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-10 10:45 . 2009-06-11 22:31 -------- d-----w- c:\program files\DNA
2010-05-09 21:53 . 2009-02-03 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-09 14:34 . 2009-07-02 23:29 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-08 21:10 . 2009-08-24 02:29 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2010-05-08 21:06 . 2008-12-15 21:29 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-08 21:06 . 2006-06-02 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 21:06 . 2010-02-03 01:25 -------- d-----w- c:\program files\Celebrity Toolbar
2010-05-06 14:36 . 2009-09-22 22:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-15 03:26 . 2009-08-24 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-15 03:18 . 2010-02-01 11:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Orbit
2010-04-14 06:26 . 2006-06-02 02:11 -------- d-----w- c:\program files\Google
2010-04-08 22:44 . 2010-04-08 22:43 -------- d-----w- c:\program files\iTunes
2010-04-08 22:44 . 2010-04-08 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-08 22:43 . 2010-04-08 22:43 -------- d-----w- c:\program files\iPod
2010-04-08 22:43 . 2007-07-13 16:57 -------- d-----w- c:\program files\Common Files\Apple
2010-04-08 22:39 . 2010-04-08 22:38 -------- d-----w- c:\program files\QuickTime
2010-04-08 22:34 . 2010-04-08 22:34 -------- d-----w- c:\program files\Bonjour
2010-03-14 16:25 . 2010-03-14 16:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GrabPro
2010-03-10 06:15 . 2004-08-09 21:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 06:10 . 2008-01-06 15:01 79640 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-25 06:24 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-09 21:00 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-18 23:55 . 2006-11-04 18:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 14:08 . 2004-08-10 04:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-10 04:00 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2004-08-09 21:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-09 21:00 226880 ------w- c:\windows\system32\drivers\tcpip6.sys
2007-10-23 06:42 . 2007-10-23 05:47 5386752 -csha-w- c:\program files\ehthumbs.db
2004-08-09 21:00 . 2004-08-09 21:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-09 21:00 50688 --sh--w- c:\windows\twain_32.dll
2004-07-30 07:04 . 2004-07-30 07:04 1216 --sh--w- c:\windows\Twunk_16.dll
2004-07-30 07:04 . 2004-07-30 07:04 1216 --sh--w- c:\windows\Twunk_32.dll
2006-08-13 22:22 . 2006-08-13 22:22 22 -csha-w- c:\windows\SMINST\HPCD.sys
2008-04-14 00:11 . 2004-08-09 21:00 1028096 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2004-08-09 21:00 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-09 21:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-09 21:00 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-09 21:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-09 21:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-09 21:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-04 16010240]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-6-1 36903]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"medicsp2"=c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2/23/2008 07:37 PM 202280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 05:33 AM 24652]
S0 rjowepvx;rjowepvx;c:\windows\system32\drivers\xdjoqxmi.sys --> c:\windows\system32\drivers\xdjoqxmi.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c986121fd3dc22;Google Update Service (gupdate1c986121fd3dc22);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 11:14 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/3/2009 02:33 PM 38160]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/8/2008 06:22 PM 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/8/2008 06:22 PM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [9/8/2008 06:22 PM 22528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2010-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 23:28]
2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:14]
2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:14]
2010-01-09 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-12-19 09:06]
2010-05-10 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://rr.com/uInternet Settings,ProxyOverride = 127.0.0.1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Amanda\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: Microsoft XML Parser for Java -
file:///C:/WINDOWS/Java/classes/xmldso.cabFF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7m78b74i.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-10 18:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSSRCAS.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\2.bin\\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\2.bin\\F3CJPEG.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\2.bin\\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus]
@DACL=(02 0000)
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID]
@DACL=(02 0000)
@="MyWebSearch.ChatSessionPlugin.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib]
@DACL=(02 0000)
@="{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version]
@DACL=(02 0000)
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyWebSearch.ChatSessionPlugin"
[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.DataControl\CLSID]
@DACL=(02 0000)
@="{25560540-9571-4D7B-9389-0F166788785A}"
[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.DataControl\CurVer]
@DACL=(02 0000)
@="FunWebProducts.DataControl.1"
[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.DataControl.1\CLSID]
@DACL=(02 0000)
@="{25560540-9571-4D7B-9389-0F166788785A}"
[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.IECookiesManager\CLSID]
@DACL=(02 0000)
@="{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}"
[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.IECookiesManager\CurVer]
@DACL=(02 0000)
@="FunWebProducts.IECookiesManager.1"
[HKEY_LOCAL_MACHINE\software\Classes\FunWebProducts.KillerObjManager.1\CLSID]
@DACL=(02 0000)
@="{B813095C-81C0-4E40-AA14-67520372B987}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib]
@DACL=(02 0000)
@="{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib]
@DACL=(02 0000)
@="{8E6F1830-9607-4440-8530-13BE7C4B1D14}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib]
@DACL=(02 0000)
@="{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib]
@DACL=(02 0000)
@="{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib]
@DACL=(02 0000)
@="{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib]
@DACL=(02 0000)
@="{D518921A-4A03-425E-9873-B9A71756821E}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib]
@DACL=(02 0000)
@="{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib]
@DACL=(02 0000)
@="{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib]
@DACL=(02 0000)
@="{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib]
@DACL=(02 0000)
@="{07B18EA0-A523-4961-B6BB-170DE4475CCA}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.ChatSessionPlugin\CLSID]
@DACL=(02 0000)
@="{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}"
[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.ChatSessionPlugin\CurVer]
@DACL=(02 0000)
@="MyWebSearch.ChatSessionPlugin.1"
[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.ChatSessionPlugin.1\CLSID]
@DACL=(02 0000)
@="{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}"
[HKEY_LOCAL_MACHINE\software\Classes\MyWebSearch.PseudoTransparentPlugin.1\CLSID]
@DACL=(02 0000)
@="{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]
@DACL=(02 0000)
@="HtmldocPlugin 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0]
@DACL=(02 0000)
@="Messenger 1.0 Type Library"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1876)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-10 19:14:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 23:14
ComboFix2.txt 2009-09-03 21:24
ComboFix3.txt 2008-08-23 23:54
Pre-Run: 201,521,963,008 bytes free
Post-Run: 201,933,053,952 bytes free
Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - C7C172A1AFDB0C1295AD63AD9389EA91