ComboFix 09-12-11.05 - Paul 12/12/2009 14:41:11.1.2 - x86
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3177152-1379781982-1519493712-500
c:\$recycle.bin\S-1-5-21-655350760-1514174816-2106181554-500
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\ie3sh.exe
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\SGPSA\ie3sh.exe
c:\program files\SGPSA\mtwb3sh.dll
c:\programdata\56353022
c:\programdata\56353022\56353022.exe
c:\users\Paul\AppData\Roaming\Enterprise Suite
c:\users\Paul\AppData\Roaming\Enterprise Suite\Instructions.ini
c:\users\Paul\Desktop\Security Tool.lnk
c:\users\Paul\FAVORI~1\Online Security Test.url
c:\users\Paul\Favorites\Online Security Test.url
.
((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))
.
2009-12-12 19:58 . 2009-12-12 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-12 19:37 . 2009-12-12 19:37 -------- d-----w- C:\32788R22FWJFW
2009-12-11 23:03 . 2009-12-11 23:03 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-11 23:03 . 2009-12-11 23:03 -------- d-----w- c:\program files\Norton Security Scan
2009-12-11 02:10 . 2009-12-11 02:10 -------- d-sh--w- c:\programdata\WEBMYDS
2009-12-11 02:09 . 2009-12-11 02:11 -------- d-sh--w- c:\programdata\1d67ea7
2009-12-09 08:13 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 08:13 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 08:13 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 21:42 . 2009-10-27 15:01 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-08 21:42 . 2009-10-27 12:27 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-08 21:42 . 2009-10-27 10:56 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-08 21:42 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 21:42 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll
2009-12-08 21:42 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-11-26 08:05 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 08:15 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 08:15 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-25 08:15 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-25 08:15 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 19:39 . 2009-09-02 20:29 -------- d-----w- c:\users\Paul\AppData\Roaming\FrostWire
2009-12-11 23:03 . 2009-08-19 18:22 -------- d-----w- c:\programdata\Norton
2009-12-11 23:02 . 2009-08-19 18:22 -------- d-----w- c:\programdata\NortonInstaller
2009-12-11 19:03 . 2009-03-25 15:52 -------- d-----w- c:\programdata\Google Updater
2009-12-11 03:56 . 2009-12-11 03:56 52 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
2009-12-11 02:32 . 2009-12-11 02:32 10 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
2009-12-11 02:20 . 2009-12-11 02:20 35 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
2009-12-11 02:12 . 2009-12-11 02:11 58 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
2009-12-11 02:12 . 2009-12-11 02:12 65 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
2009-12-11 02:12 . 2009-12-11 02:12 54 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
2009-12-11 02:12 . 2009-12-11 02:12 38 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
2009-12-11 02:12 . 2009-12-11 02:12 4 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
2009-12-11 02:12 . 2009-12-11 02:12 27 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
2009-12-11 02:12 . 2009-12-11 02:12 13 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
2009-12-11 02:12 . 2009-12-11 02:12 41 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
2009-12-11 02:11 . 2009-12-11 02:11 7 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
2009-12-11 02:11 . 2009-12-11 02:11 60 ----a-w- c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
2009-12-11 02:10 . 2009-12-11 02:10 1955840 ----a-w- c:\programdata\1d67ea7\WE1d67.exe
2009-12-09 08:39 . 2007-09-16 02:25 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-09 08:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-07 02:55 . 2009-12-07 02:55 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4345.tmp.exe
2009-12-06 04:41 . 2009-12-06 04:41 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-05 17:58 . 2009-12-05 17:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2CC2.tmp.exe
2009-12-02 16:58 . 2009-12-02 16:58 34 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb569A.tmp.exe
2009-11-22 13:39 . 2009-02-17 12:55 27744 ----a-w- c:\programdata\nvModes.dat
2009-11-10 23:34 . 2009-08-01 01:47 -------- d-----w- c:\program files\PokerStars.NET
2009-11-10 00:51 . 2009-11-10 00:47 -------- d--h--w- c:\program files\Zero G Registry
2009-11-10 00:50 . 2009-11-10 00:50 -------- d-----w- c:\program files\Quick Hit
2009-11-10 00:50 . 2009-11-10 00:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-10 00:48 . 2009-11-10 00:47 -------- d-----w- c:\program files\Quick Hit Football
2009-11-03 01:42 . 2009-10-02 15:55 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 23:56 . 2007-10-09 15:50 -------- d-----w- c:\programdata\Yahoo! Companion
2009-10-29 23:51 . 2009-10-29 23:51 127903 ----a-w- c:\users\Paul\AppData\Roaming\Move Networks\uninstall.exe
2009-10-29 23:51 . 2008-01-26 00:48 -------- d-----w- c:\users\Paul\AppData\Roaming\Move Networks
2009-10-29 23:51 . 2009-05-27 23:29 4183416 ----a-w- c:\users\Paul\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
2009-10-29 15:11 . 2009-10-26 23:33 -------- d-----w- c:\users\Paul\AppData\Roaming\Yahoo!
2009-10-28 23:49 . 2009-10-28 23:49 -------- d-----w- c:\programdata\McAfee
2009-10-27 15:05 . 2009-12-08 21:43 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-08 21:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2009-12-08 21:43 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2009-12-08 21:43 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-26 23:49 . 2009-10-26 23:49 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-26 23:49 . 2009-10-26 23:49 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-26 23:34 . 2007-08-05 02:48 -------- d-----w- c:\program files\Yahoo!
2009-10-26 23:33 . 2009-10-26 23:30 -------- d-----w- c:\programdata\Yahoo!
2009-10-20 02:40 . 2009-10-20 02:40 1706136 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2009-10-09 14:55 . 2007-10-11 07:55 2804 ----a-w- c:\users\Paul\AppData\Roaming\wklnhst.dat
2009-09-25 16:13 . 2008-05-10 23:11 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-09-25 16:13 . 2008-05-10 23:11 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-09-25 16:13 . 2008-05-10 23:11 88 --sh--r- c:\programdata\371234B4B4.sys
2009-09-25 16:13 . 2008-05-10 23:11 88 --sh--r- c:\programdata\371234B4B4.sys
2009-09-20 22:14 . 2007-10-09 19:33 15446136 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe
2009-09-17 03:47 . 2009-09-15 23:42 12288 ----a-w- c:\users\Public\mtwb.dat
2009-09-15 23:33 . 2008-09-19 15:02 1356 ----a-w- c:\users\Paul\AppData\Local\d3d9caps.dat
2009-09-14 09:50 . 2009-10-16 05:45 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2007-11-23 07:07 . 2007-11-23 07:08 774144 ----a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 02:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-09 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-09 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Enterprise Suite"="c:\programdata\1d67ea7\WE1d67.exe" [2009-12-11 1955840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-05 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-08-05 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-03-21 83232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-8-4 53248]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071212.002\IDSvix86.sys [12/12/2007 3:01 PM 180272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/11/2007 3:04 AM 112688]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [1/9/2007 11:32 PM 38200]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = proxy.nyit.edu:80
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?wb3sh.dll?=????????E59AEE01-8B67-4507-A05A-E1642D0BBDF9}?={????????
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-12 15:05:35
ComboFix-quarantined-files.txt 2009-12-12 20:05
Pre-Run: 76,951,146,496 bytes free
Post-Run: 78,366,953,472 bytes free
- - End Of File - - 1F08FBBCA8B30B581A97294DED08D763