Thanks much for your work--searching on my computer has already improved. Below are the requested scans:
Kaspersky Scan Report--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 10, 2010 20:09:26
Records in database: 3296609
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Z:\
Scan statistics:
Objects scanned: 148590
Threats found: 38
Infected objects found: 177
Suspicious objects found: 1
Scan duration: 03:20:52
File name / Threat / Threats count
C:\Program Files\Enigma Software Group\SpyHunter\Backup\clientax.dll.dat Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\022B0B6D Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\035C21E1 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\035C21E1 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\046353BD Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\056259D1 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\056259D1 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\05E653A6 Infected: not-a-virus:AdWare.Win32.ImiBar.b 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0819740D Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\087A6305 Infected: Trojan-Downloader.Win32.Dyfuca.cr 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0A17298B Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0A1B5387 Infected: not-a-virus:AdWare.Win32.ImiBar.b 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0C1379FE Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0C1379FE Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0C2B4A2E Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0CCC2D6A Infected: Trojan-Downloader.Win32.Dyfuca.cy 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0CCF5767 Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1050472C Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\13FB0337.class Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\147950AE Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\175C35E9 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\175C35E9 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\17BB062C Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1CDC30CC Infected: Trojan-Downloader.Win32.Agent.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1E5448C1 Infected: Trojan-Downloader.Win32.Stubby.d 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1FCB5DD7.zip Infected: Email-Worm.Win32.Mydoom.am 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\234C422B Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\252023BD.class Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\26AC6CD6 Infected: Trojan-Downloader.Win32.Dyfuca.gen 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\28082F52 Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2B3B0243 Infected: not-a-virus:AdWare.Win32.ImiBar.b 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2BA73138 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2BA73138 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2C03635C Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2C03635C Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CAD6314 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2D3F7EA2.htm Infected: Exploit.VBS.Phel.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2D46529B.htm Infected: Exploit.VBS.Phel.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2D46529B.zip Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2D46529B.zip Infected: Trojan-Dropper.Java.Small.c 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2D46529B.zip Infected: Trojan.Java.ClassLoader.f 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2DF61C58 Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2EDC7E29 Infected: not-a-virus:Server-Proxy.Win32.MarketScore.f 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2F427431 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2F661C95 Infected: Trojan-Clicker.Win32.Delf.r 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2F6D708D Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2F701A8A Infected: Trojan-Dropper.Win32.Delf.z 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\31B700A6 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\31B700A6 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\337761A4 Infected: Trojan-Downloader.Win32.Dyfuca.dd 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36E73EA3 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\379A60C2 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\379A60C2 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39BB7E93 Infected: not-a-virus:AdWare.Win32.WebRebates.f 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39BB7E93 Infected: not-a-virus:AdWare.Win32.WebRebates.d 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39BB7E93 Infected: not-a-virus:AdWare.Win32.WebRebates.c 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39BE288F Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39BE288F Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39C1528C Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\39C1528C Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A4148CF Infected: not-a-virus:AdWare.Win32.BiSpy.o 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A6C3A28 Infected: not-a-virus:AdWare.Win32.ImiBar.d 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A972A4E Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3AD33030 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3AF54963 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3AF54963 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B8C6E4E Infected: Trojan-Downloader.Win32.Agent.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3DE15603 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3F5A541D Suspicious: Exploit.HTML.Mht 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\41582CCA Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\43F47F49 Infected: Trojan.Win32.Revop.c 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\476F1387 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\476F1387 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\47A23CAE.class Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4B1B1AEE Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4B1F44EB Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4B226EE7 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4EB172AE Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\505F6F42 Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\509738E1 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\509738E1 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\519357E9 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\519357E9 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\51F3282D Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\52500595 Infected: not-a-virus:AdWare.Win32.BiSpy.p 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54015C9D Infected: not-a-virus:AdWare.Win32.WebRebates.c 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\551A702E Infected: not-a-virus:AdWare.Win32.ImiBar.b 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\551E1A2B Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\55214427 Infected: Trojan-Downloader.Win32.Agent.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\57842080 Infected: Trojan-Downloader.Win32.Dyfuca.de 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\57BE181E Infected: not-a-virus:AdWare.Win32.WinAD 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\59173163 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5A412EAD Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5BB52C8D Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C184466 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C390459 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C3C2E56 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C3F5852 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C43024E Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C5C0F33 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C5C0F33 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C911380 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C911380 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5D2413E8 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5D2413E8 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5DE04194 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5E50503B Infected: not-a-virus:AdWare.Win32.BargainBuddy.j 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5EA83951 Infected: Email-Worm.Win32.Mydoom.am 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\60F8084D Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\60F8084D Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\63FC4819 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\63FC4819 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\64BD1D7B Infected: not-a-virus:AdWare.Win32.BiSpy.p 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\64C47174 Infected: not-a-virus:AdWare.Win32.ImiBar.b 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\64E35BB8 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\64EA2FB1 Infected: Trojan-Downloader.Win32.Stubby.d 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65C825EA Infected: Trojan-Downloader.Win32.Agent.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65F975F5 Infected: Trojan-Downloader.Win32.Dyfuca.de 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\661867C7 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\661C11C4 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\661D1E49 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\686C5A29 Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68722E22 Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68862A0C Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68895409 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\688C7E05 Infected: Trojan-Downloader.Win32.Agent.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6914202A Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B047F66.class Infected: Trojan.Java.ClassLoader.f 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B047F66.htm Infected: Exploit.HTML.Mht 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B047F66.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B047F66.zip Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B047F66.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B047F66.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B243498 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B243498 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6D76345C Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6D76345C Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6FC80AEC Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6FE94E81 Infected: not-a-virus:AdWare.Win32.WebRebates.d 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\70263BE3.class Infected: Trojan.Java.ClassLoader.c 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\73213B16 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\73213B16 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7359785C Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7359785C Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\750A5230 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\774C2929 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\774C2929 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\78AC0AF7 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\78AF34F3 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\799B2309 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\799E4D05 Infected: not-a-virus:AdWare.Win32.WebRebates.f 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79A520FE Infected: not-a-virus:AdWare.Win32.BargainBuddy.j 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79A84AFA Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79AB74F7 Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79C21ADD Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79C644DA Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79C96ED6 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79CC18D3 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79CF42CF Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79D36CCC Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79D616C8 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79D940C4 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79DC6AC1 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79E014BD Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79E33EBA Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79E668B6 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79E912B2 Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79ED3CAF Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79F066AB Infected: not-a-virus:Server-Proxy.Win32.MarketScore.f 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79F310A8 Infected: not-a-virus:AdWare.Win32.ImiBar.d 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79F73AA4 Infected: Trojan-Dropper.Win32.Agent.ch 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\79FA64A0 Infected: Trojan-Downloader.Win32.OneClickNetSearch.h 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7A500522 Infected: not-a-virus:AdWare.Win32.ImiBar.b 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7BF17F7C Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7E615D7F Infected: Trojan-Downloader.Win32.Agent.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7F0C1D0F Infected: not-a-virus:AdWare.Win32.BiSpy.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7F0C1D0F Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1956\A0207677.sys Infected: Rootkit.Win32.TDSS.u 1
Selected area has been scanned.
Fresh DDS Scan LogDDS (Ver_09-09-29.01) - NTFSx86
Run by Marc at 12:11:12.17 on Sun 01/10/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2559.1913 [GMT -7:00]
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\iTunesapp\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Marc\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page =
https://learn.nmsu.edu/webct/entryPageIns.dowebctuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
hxxp://yahoo.sbc.com/dsluInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {1028F737-81E7-452B-A860-E50CAD90A08C} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: {1321bb91-6cd4-4898-b3ed-2a8d0a4fc452} - Zango Web Assistant
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [EnigmaPopupStop] c:\program files\enigma software group\spyhunter\popupblocker\EnigmaPopupStop.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickCare] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleans~1.lnk - c:\program files\norton systemworks\norton cleansweep\CsinsmNT.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java -
file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
hxxps://support.dell.com/systemprofiler/SysPro.CABDPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
hxxps://components.viewpoint.com/MTSIns ... ture&var2=DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
hxxp://www.musicnotes.com/download/mnviewer.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} -
hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} -
hxxp://download.microsoft.com/download/ ... 3421562468DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
hxxp://office.microsoft.com/officeupdat ... /opuc3.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupda ... 0236549390DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://update.microsoft.com/microsoftup ... 5557388132DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} -
hxxp://www.photogize.com/bponet/Photogi ... oader4.cabDPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} -
hxxp://www.vzwpix.com/activex/VerizonWi ... ontrol.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dllDPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} -
hxxp://fdl.msn.com/zone/datafiles/heartbeat.cabDPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
hxxp://download.yahoo.com/dl/installs/yab_af.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cabDPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
hxxp://fdl.msn.com/zone/datafiles/heartbeat.cabSecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\marc\applic~1\mozilla\firefox\profiles\ssl2q7xa.default\
FF - prefs.js: browser.startup.homepage -
hxxp://slate.com/FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\marc\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\marc\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: f:\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-1-8 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-1-8 38528]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-1-8 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-1-8 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-1-8 172032]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-26 12672]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-1-8 14976]
=============== Created Last 30 ================
2010-01-10 12:00 73,728 a------- c:\windows\system32\javacpl.cpl
2010-01-09 21:31 <DIR> acdshr-- C:\cmdcons
2010-01-09 21:29 261,632 a------- c:\windows\PEV.exe
2010-01-09 21:29 161,792 a------- c:\windows\SWREG.exe
2010-01-09 21:29 98,816 a------- c:\windows\sed.exe
2010-01-09 21:29 77,312 a------- c:\windows\MBR.exe
2010-01-08 17:27 <DIR> --d----- c:\docume~1\marc\applic~1\Malwarebytes
2010-01-08 17:17 <DIR> --d----- c:\program files\Trend Micro
2010-01-08 10:16 130,104 a------- c:\windows\system32\sdccoinstaller.dll
2010-01-08 10:16 <DIR> --d----- c:\program files\common files\Cisco Systems
2010-01-08 10:16 23,552 a------- c:\windows\system32\sophosboottasks.exe
2010-01-08 10:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sophos
2010-01-08 10:15 14,976 a------- c:\windows\system32\drivers\SophosBootDriver.sys
2010-01-08 10:15 38,528 a------- c:\windows\system32\drivers\savonaccessfilter.sys
2010-01-08 10:15 110,848 a------- c:\windows\system32\drivers\savonaccesscontrol.sys
2010-01-08 10:14 <DIR> --d----- c:\program files\Sophos
2010-01-08 10:13 <DIR> -cd----- C:\SAV_CD
2010-01-07 14:22 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:22 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 14:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-07 12:06 21,504 a------- c:\windows\system32\hidserv.dll
2010-01-07 12:06 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2010-01-05 01:25 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-12-29 04:57 <DIR> --d----- c:\documents and settings\marc\PrivacIE
2009-12-29 00:25 <DIR> --d----- c:\documents and settings\marc\IETldCache
2009-12-29 00:20 <DIR> --d----- c:\windows\ie8updates
2009-12-29 00:18 <DIR> -cd----- c:\windows\ie8
2009-12-16 20:16 335 a------- c:\windows\mozregistry.dat
2009-12-16 18:59 <DIR> --d----- c:\docume~1\marc\applic~1\KompoZer
2009-12-14 20:00 664 a------- c:\windows\system32\d3d9caps.dat
2009-12-12 02:15 <DIR> --d----- c:\program files\Sierra On-Line
2009-12-12 02:13 1,688 a------- c:\windows\system32\AUTOEXEC.NT
==================== Find3M ====================
2010-01-10 12:00 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-05 23:18 77,348 a------- c:\windows\hpqins05.dat
2009-10-27 04:01 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-10-21 14:50 36,064 ac------ c:\docume~1\marc\applic~1\GDIPFONTCACHEV1.DAT
2009-10-20 23:00 75,776 a------- c:\windows\system32\strmfilt.dll
2009-10-20 23:00 25,088 a------- c:\windows\system32\httpapi.dll
2009-10-20 23:00 75,776 -------- c:\windows\system32\dllcache\strmfilt.dll
2009-10-20 23:00 25,088 -------- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 07:58 263,552 -------- c:\windows\system32\dllcache\http.sys
2009-10-16 14:33 33,728 a---h--- c:\windows\system32\mlfcache.dat
2009-10-13 03:53 266,752 a------- c:\windows\system32\oakley.dll
2009-10-13 03:53 266,752 -------- c:\windows\system32\dllcache\oakley.dll
2008-06-02 21:33 560 ac------ c:\docume~1\marc\applic~1\ViewerApp.dat
============= FINISH: 12:12:26.48 ===============
Combofix LogComboFix 10-01-04.01 - Marc 01/10/2010 11:07:09.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2559.1946 [GMT -7:00]
Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Marc\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 01:22 . 2010-01-09 01:22 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 00:27 . 2010-01-09 00:27 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes
2010-01-09 00:17 . 2010-01-09 00:17 -------- d-----w- c:\program files\Trend Micro
2010-01-08 19:53 . 2010-01-08 19:53 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\Sophos
2010-01-08 17:25 . 2010-01-08 17:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sophos
2010-01-08 17:16 . 2010-01-08 17:15 130104 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-01-08 17:16 . 2010-01-08 17:16 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-01-08 17:16 . 2010-01-08 17:15 23552 ----a-w- c:\windows\system32\sophosboottasks.exe
2010-01-08 17:16 . 2010-01-08 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-01-08 17:15 . 2010-01-08 17:15 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-01-08 17:15 . 2010-01-08 17:15 38528 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2010-01-08 17:15 . 2010-01-08 17:15 110848 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2010-01-08 17:14 . 2010-01-08 17:16 -------- d-----w- c:\program files\Sophos
2010-01-08 17:13 . 2010-01-08 17:13 -------- dc----w- C:\SAV_CD
2010-01-07 21:22 . 2010-01-07 21:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 21:22 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:22 . 2010-01-09 01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 21:22 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 19:06 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-07 19:06 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-01-05 08:25 . 2010-01-05 08:25 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-05 08:22 . 2010-01-05 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-29 11:57 . 2009-12-29 11:57 -------- d-----w- c:\documents and settings\Marc\PrivacIE
2009-12-29 07:29 . 2009-12-29 07:29 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2009-12-29 07:25 . 2009-12-29 07:25 -------- d-----w- c:\documents and settings\Marc\IETldCache
2009-12-29 07:20 . 2009-12-29 07:20 -------- d-----w- c:\windows\ie8updates
2009-12-29 07:18 . 2010-01-05 08:23 -------- dc----w- c:\windows\ie8
2009-12-17 03:16 . 2009-12-17 03:16 335 ----a-w- c:\windows\mozregistry.dat
2009-12-17 01:59 . 2010-01-05 08:11 -------- d-----w- c:\documents and settings\Marc\Application Data\KompoZer
2009-12-15 03:00 . 2009-12-15 03:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-12 09:15 . 2009-12-12 09:28 -------- d-----w- c:\program files\Sierra On-Line
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 21:22 . 2010-01-07 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-05 19:33 . 2009-11-29 03:12 79488 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-05 18:27 . 2004-02-26 16:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-05 18:11 . 2008-03-15 22:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 18:11 . 2008-03-15 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-29 12:02 . 2007-02-07 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-12-29 06:43 . 2009-07-01 02:04 -------- d-----w- c:\documents and settings\Marc\Application Data\HPAppData
2009-12-21 08:00 . 2005-11-25 20:21 -------- d-----w- c:\program files\Palm
2009-12-15 03:33 . 2004-03-03 07:21 36448 -c--a-w- c:\documents and settings\Marc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-13 04:06 . 2009-08-19 20:12 -------- d-----w- c:\documents and settings\Marc\Application Data\HpUpdate
2009-12-06 06:18 . 2009-12-06 06:14 77348 ----a-w- c:\windows\hpqins05.dat
2009-12-06 06:18 . 2009-05-12 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-06 06:17 . 2009-12-06 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-01 02:57 . 2009-09-17 06:10 -------- d-----w- c:\documents and settings\Marc\Application Data\Move Networks
2009-12-01 02:01 . 2009-09-17 06:10 143976 ----a-w- c:\documents and settings\Marc\Application Data\Move Networks\uninstall.exe
2009-12-01 02:01 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Marc\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-12-01 02:01 . 2009-12-01 02:01 1794456 ----a-w- c:\documents and settings\Marc\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2009-10-29 05:04 . 2004-08-24 03:32 668672 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 06:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 21:33 . 2009-10-16 21:33 33728 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Marc\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-10-13 10:53 . 2002-08-29 11:00 266752 ----a-w- c:\windows\system32\oakley.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-02-24 2506752]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-30 4800512]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-02-26 151597]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-21 90112]
"EnigmaPopupStop"="c:\program files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe" [2004-01-29 2596864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 148888]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-05-31 202016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2009-09-21 305440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\iTunes\\iTunes.exe"=
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\SYSTEM32\DRIVERS\savonaccesscontrol.sys [1/8/2010 10:15 AM 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\SYSTEM32\DRIVERS\savonaccessfilter.sys [1/8/2010 10:15 AM 38528]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [1/8/2010 10:15 AM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [1/8/2010 10:15 AM 98304]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 7:16 PM 24652]
S2 LISTSERV-SMTP;LISTSERV SMTP Listener;c:\listserv\MAIN\SMTPL.EXE [9/10/2009 9:14 PM 98304]
S2 LISTSERV;LISTSERV (primary instance);c:\listserv\MAIN\LSV.EXE [9/10/2009 9:14 PM 2121728]
S3 cpuz132;cpuz132;c:\windows\SYSTEM32\DRIVERS\cpuz132_x32.sys [5/26/2009 9:11 AM 12672]
S4 SophosBootDriver;SophosBootDriver;c:\windows\SYSTEM32\DRIVERS\SophosBootDriver.sys [1/8/2010 10:15 AM 14976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-01-10 c:\windows\Tasks\Daily.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-01-08 17:15]
2010-01-05 c:\windows\Tasks\Schedule Task Weekly.job
- f:\registry easy\RE.exe [2009-06-16 02:37]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://learn.nmsu.edu/webct/entryPageIns.dowebctuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
hxxp://yahoo.sbc.com/dsluInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\ssl2q7xa.default\
FF - prefs.js: browser.startup.homepage -
hxxp://slate.com/FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Marc\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Marc\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: f:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-10 11:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g????V??g????SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g???????????g?RY??QY????????g????2???????????8???? @??%X??%X???????????????????Y?????n?Q?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MMRadio*CSCUserEnabled]
@Class="bravaClass"
"???????"=dword:00000001
"????D"=dword:00000000
"?????????t??????????????????????????????????p"=dword:0000001e
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MMRadio*TogglePlay]
@Class="bravaClass"
"?????n???????p????????????????????????????????????????s"="??????D???????????¦?????????????????????????????????????????????????????????????????????????????????????????????????????????????"
"???????e???"=""
"?????t??????D"=""
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MMGenInfo*]
@Class="bravaClass"
"????"=hex:01
"????????"=hex:87,99,ae,c1,ce,c5,c8,3f,1d,c3,9b,a3,20,ac,ee,e2,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:f0,92,8f,a5,98,5f,0d,d8,78,20,2c,62,c1,6a,3f,08,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:56,0c,92,5b,6f,dc,60,4c,a3,fc,1b,23,73,ec,97,e0,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:25,9d,ca,fa,59,fc,67,97,37,cf,59,1c,25,31,61,15,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:2a,c6,cc,92,66,91,4a,28,ad,45,7b,04,cd,f6,cb,84,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:f2,e2,40,d7,b9,bd,f1,15,59,59,2e,bf,f9,c3,4a,58,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:96,36,06,ee,35,56,48,c1,29,cf,a2,11,41,f1,b4,ed,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:5e,2f,45,07,be,19,06,f9,61,d3,ea,e3,8f,af,b5,ad,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:f9,f4,73,df,83,8b,ac,7f,3b,56,bd,a6,d4,df,47,c6,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:c0,b1,5b,4e,37,79,b3,8b,fc,3b,16,ee,40,fa,e6,57,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:05,8e,ad,9e,ec,d7,bf,d7,7a,38,9c,60,24,c1,02,8c,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:c6,01,a9,1c,ca,e4,60,53,44,5f,7b,fb,7c,f6,a6,1a,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:d0,cb,20,7a,8c,7f,99,e7,09,af,72,f0,52,4a,01,c7,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:a8,1f,b6,da,96,88,a9,53,6e,33,2b,d6,14,4a,ac,22,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:f5,af,c9,5e,8a,e2,df,1a,d1,ca,09,c4,02,80,a0,fd,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:32,06,13,79,c0,c7,f4,c5,60,ad,ad,10,e0,66,2a,05,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"???U???????????????"=hex:50,68,69,6c,69,70,73,52,75,73,68,33,00,00,00,00,00,
00,00,00,10,79,63,01,05,00,00,00,01,00,00,00,00,00,00,00,2c,01,00,00,64,00,\
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MMSiteService*]
@Class="bravaClass"
"?????"=hex:75,1f,49,11,e0,ce,f5,00,00,00,00,00,1f,b4,71,13,23,36,cf,24,b2,db,
c6,14,24,18,15,12,27,54,39,14,bc,74,f2,0c,e3,d5,7f,02
"??????"=dword:00000000
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MainApp*AppPath*\Plugins]
@Class="bravaClass"
"????"=dword:0000000a
"????r"="???\03?N???????????????????????????????"
"??????????"=dword:00000000
"????????"="???????º?X?W?W?\13"
"????????"=dword:0000001e
"???????s???????Y???????X??????"=dword:00000001
"??????"=dword:00000000
"?????r???????s???????Y???????X??????"=dword:00000000
"????n"=dword:00000000
"???h????"="???????????????????????"
"????"="?????????????????????????p"
"?????X??????????????????????s"=dword:00000000
"?????Y?????X??????????????????????s"=dword:00000057
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MainApp*ArtWallpaper]
@Class="bravaClass"
"??????"=dword:00000000
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\Play Core*]
@Class="bravaClass"
"?????????????g??g"=dword:00000001
"??????????"=dword:01c4ee0d
"?????????w??????????"=dword:99f4a346
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3900)
c:\windows\System32\shdoclc.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
.
Completion time: 2010-01-10 11:17:50
ComboFix-quarantined-files.txt 2010-01-10 18:17
ComboFix2.txt 2010-01-10 05:31
Pre-Run: 17,490,358,272 bytes free
Post-Run: 17,485,570,048 bytes free
- - End Of File - - 9A26D67E489F34A1F6379C1BED64773B