ComboFix 10-01-04.01 - Marc 01/11/2010 8:16.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2559.1887 [GMT -7:00]
Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Marc\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.
2010-01-09 01:22 . 2010-01-09 01:22 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 00:27 . 2010-01-09 00:27 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes
2010-01-09 00:17 . 2010-01-09 00:17 -------- d-----w- c:\program files\Trend Micro
2010-01-08 19:53 . 2010-01-08 19:53 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\Sophos
2010-01-08 17:25 . 2010-01-08 17:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sophos
2010-01-08 17:16 . 2010-01-08 17:15 130104 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-01-08 17:16 . 2010-01-08 17:16 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-01-08 17:16 . 2010-01-08 17:15 23552 ----a-w- c:\windows\system32\sophosboottasks.exe
2010-01-08 17:16 . 2010-01-08 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-01-08 17:15 . 2010-01-08 17:15 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-01-08 17:15 . 2010-01-08 17:15 38528 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2010-01-08 17:15 . 2010-01-08 17:15 110848 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2010-01-08 17:14 . 2010-01-08 17:16 -------- d-----w- c:\program files\Sophos
2010-01-08 17:13 . 2010-01-08 17:13 -------- dc----w- C:\SAV_CD
2010-01-07 21:22 . 2010-01-07 21:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 21:22 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:22 . 2010-01-09 01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 21:22 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 21:22 . 2010-01-07 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 19:06 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-07 19:06 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-01-05 08:25 . 2010-01-05 08:25 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-05 08:22 . 2010-01-05 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-29 11:57 . 2009-12-29 11:57 -------- d-----w- c:\documents and settings\Marc\PrivacIE
2009-12-29 07:29 . 2009-12-29 07:29 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2009-12-29 07:25 . 2009-12-29 07:25 -------- d-----w- c:\documents and settings\Marc\IETldCache
2009-12-29 07:20 . 2009-12-29 07:20 -------- d-----w- c:\windows\ie8updates
2009-12-29 07:18 . 2010-01-05 08:23 -------- dc----w- c:\windows\ie8
2009-12-17 03:16 . 2009-12-17 03:16 335 ----a-w- c:\windows\mozregistry.dat
2009-12-17 01:59 . 2010-01-05 08:11 -------- d-----w- c:\documents and settings\Marc\Application Data\KompoZer
2009-12-15 03:00 . 2009-12-15 03:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 15:11 . 2009-07-01 02:04 -------- d-----w- c:\documents and settings\Marc\Application Data\HPAppData
2010-01-10 19:00 . 2009-03-02 08:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-10 18:54 . 2004-02-26 15:54 -------- d-----w- c:\program files\Java
2010-01-05 18:27 . 2004-02-26 16:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-05 18:11 . 2008-03-15 22:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 18:11 . 2008-03-15 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-29 12:02 . 2007-02-07 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-12-21 08:00 . 2005-11-25 20:21 -------- d-----w- c:\program files\Palm
2009-12-15 03:33 . 2004-03-03 07:21 36448 -c--a-w- c:\documents and settings\Marc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-13 04:06 . 2009-08-19 20:12 -------- d-----w- c:\documents and settings\Marc\Application Data\HpUpdate
2009-12-12 09:28 . 2009-12-12 09:15 -------- d-----w- c:\program files\Sierra On-Line
2009-12-06 06:18 . 2009-12-06 06:14 77348 ----a-w- c:\windows\hpqins05.dat
2009-12-06 06:18 . 2009-05-12 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-06 06:17 . 2009-12-06 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-01 02:57 . 2009-09-17 06:10 -------- d-----w- c:\documents and settings\Marc\Application Data\Move Networks
2009-12-01 02:01 . 2009-09-17 06:10 143976 ----a-w- c:\documents and settings\Marc\Application Data\Move Networks\uninstall.exe
2009-12-01 02:01 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Marc\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-12-01 02:01 . 2009-12-01 02:01 1794456 ----a-w- c:\documents and settings\Marc\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2009-10-29 05:04 . 2004-08-24 03:32 668672 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 06:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 21:33 . 2009-10-16 21:33 33728 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Marc\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-10_18.14.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-10 19:21 . 2010-01-10 19:21 16384 c:\windows\Temp\Perflib_Perfdata_150.dat
+ 2010-01-10 18:44 . 2010-01-10 18:44 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2009-08-28 14:12 . 2009-08-28 14:24 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-01-10 19:00 . 2010-01-10 19:00 149280 c:\windows\SYSTEM32\javaws.exe
+ 2010-01-10 19:00 . 2010-01-10 19:00 145184 c:\windows\SYSTEM32\javaw.exe
+ 2010-01-10 19:00 . 2010-01-10 19:00 145184 c:\windows\SYSTEM32\java.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2010-01-10 19:00 . 2010-01-10 19:00 1757696 c:\windows\Installer\bdedb.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-02-24 2506752]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-30 4800512]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-02-26 151597]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-21 90112]
"EnigmaPopupStop"="c:\program files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe" [2004-01-29 2596864]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-05-31 202016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-1-8 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\iTunes\\iTunes.exe"=
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\SYSTEM32\DRIVERS\savonaccesscontrol.sys [1/8/2010 10:15 AM 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\SYSTEM32\DRIVERS\savonaccessfilter.sys [1/8/2010 10:15 AM 38528]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [1/8/2010 10:15 AM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [1/8/2010 10:15 AM 98304]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 7:16 PM 24652]
S3 cpuz132;cpuz132;c:\windows\SYSTEM32\DRIVERS\cpuz132_x32.sys [5/26/2009 9:11 AM 12672]
S4 SophosBootDriver;SophosBootDriver;c:\windows\SYSTEM32\DRIVERS\SophosBootDriver.sys [1/8/2010 10:15 AM 14976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-01-10 c:\windows\Tasks\Daily.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-01-08 17:15]
2010-01-05 c:\windows\Tasks\Schedule Task Weekly.job
- f:\registry easy\RE.exe [2009-06-16 02:37]
.
.
------- Supplementary Scan -------
.
uStart Page = https://learn.nmsu.edu/webct/entryPageIns.dowebct
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\ssl2q7xa.default\
FF - prefs.js: browser.startup.homepage - hxxp://slate.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Marc\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Marc\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: f:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 08:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g????V??g????SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g???????????g?RY??QY????????g????2???????????8???? @??%X??%X???????????????????Y?????n?Q?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MMRadio*CSCUserEnabled]
@Class="bravaClass"
"???????"=dword:00000001
"????D"=dword:00000000
"?????????t??????????????????????????????????p"=dword:0000001e
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MMRadio*TogglePlay]
@Class="bravaClass"
"?????n???????p????????????????????????????????????????s"="??????D???????????¦?????????????????????????????????????????????????????????????????????????????????????????????????????????????"
"???????e???"=""
"?????t??????D"=""
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MMGenInfo*]
@Class="bravaClass"
"????"=hex:01
"????????"=hex:87,99,ae,c1,ce,c5,c8,3f,1d,c3,9b,a3,20,ac,ee,e2,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:f0,92,8f,a5,98,5f,0d,d8,78,20,2c,62,c1,6a,3f,08,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:56,0c,92,5b,6f,dc,60,4c,a3,fc,1b,23,73,ec,97,e0,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:25,9d,ca,fa,59,fc,67,97,37,cf,59,1c,25,31,61,15,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:2a,c6,cc,92,66,91,4a,28,ad,45,7b,04,cd,f6,cb,84,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:f2,e2,40,d7,b9,bd,f1,15,59,59,2e,bf,f9,c3,4a,58,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:96,36,06,ee,35,56,48,c1,29,cf,a2,11,41,f1,b4,ed,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:5e,2f,45,07,be,19,06,f9,61,d3,ea,e3,8f,af,b5,ad,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:f9,f4,73,df,83,8b,ac,7f,3b,56,bd,a6,d4,df,47,c6,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:c0,b1,5b,4e,37,79,b3,8b,fc,3b,16,ee,40,fa,e6,57,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:05,8e,ad,9e,ec,d7,bf,d7,7a,38,9c,60,24,c1,02,8c,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:c6,01,a9,1c,ca,e4,60,53,44,5f,7b,fb,7c,f6,a6,1a,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:d0,cb,20,7a,8c,7f,99,e7,09,af,72,f0,52,4a,01,c7,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:a8,1f,b6,da,96,88,a9,53,6e,33,2b,d6,14,4a,ac,22,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:f5,af,c9,5e,8a,e2,df,1a,d1,ca,09,c4,02,80,a0,fd,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"????????"=hex:32,06,13,79,c0,c7,f4,c5,60,ad,ad,10,e0,66,2a,05,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"???U???????????????"=hex:50,68,69,6c,69,70,73,52,75,73,68,33,00,00,00,00,00,
00,00,00,10,79,63,01,05,00,00,00,01,00,00,00,00,00,00,00,2c,01,00,00,64,00,\
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MMSiteService*]
@Class="bravaClass"
"?????"=hex:75,1f,49,11,e0,ce,f5,00,00,00,00,00,1f,b4,71,13,23,36,cf,24,b2,db,
c6,14,24,18,15,12,27,54,39,14,bc,74,f2,0c,e3,d5,7f,02
"??????"=dword:00000000
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MainApp*AppPath*\Plugins]
@Class="bravaClass"
"????"=dword:0000000a
"????r"="???\03?N???????????????????????????????"
"??????????"=dword:00000000
"????????"="???????º?X?W?W?\13"
"????????"=dword:0000001e
"???????s???????Y???????X??????"=dword:00000001
"??????"=dword:00000000
"?????r???????s???????Y???????X??????"=dword:00000000
"????n"=dword:00000000
"???h????"="???????????????????????"
"????"="?????????????????????????p"
"?????X??????????????????????s"=dword:00000000
"?????Y?????X??????????????????????s"=dword:00000057
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\MainApp*ArtWallpaper]
@Class="bravaClass"
"??????"=dword:00000000
[HKEY_LOCAL_MACHINE\software\MUSICMATCH\MUSICMATCH Jukebox\4.0\Play Core*]
@Class="bravaClass"
"?????????????g??g"=dword:00000001
"??????????"=dword:01c4ee0d
"?????????w??????????"=dword:99f4a346
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3200)
c:\windows\System32\shdoclc.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
.
Completion time: 2010-01-11 08:27:13
ComboFix-quarantined-files.txt 2010-01-11 15:27
ComboFix2.txt 2010-01-10 18:17
ComboFix3.txt 2010-01-10 05:31
Pre-Run: 17,425,502,208 bytes free
Post-Run: 17,518,301,184 bytes free
- - End Of File - - 927309F4C7C56E2CFB08E0FEF593C416
Fresh DDS Log
DDS (Ver_09-09-29.01) - NTFSx86
Run by Marc at 16:33:02.79 on Mon 01/11/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2559.1765 [GMT -7:00]
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\iTunesapp\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Qwest\Quickcare\agent\bin\bcont_nm.exe
C:\Documents and Settings\Marc\Desktop\Computer_Fix\dds.com
============== Pseudo HJT Report ===============
uStart Page = https://learn.nmsu.edu/webct/entryPageIns.dowebct
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [EnigmaPopupStop] c:\program files\enigma software group\spyhunter\popupblocker\EnigmaPopupStop.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickCare] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleans~1.lnk - c:\program files\norton systemworks\norton cleansweep\CsinsmNT.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSIns ... ture&var2=
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/ ... 3421562468
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 0236549390
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 5557388132
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.photogize.com/bponet/Photogi ... oader4.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWi ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\marc\applic~1\mozilla\firefox\profiles\ssl2q7xa.default\
FF - prefs.js: browser.startup.homepage - hxxp://slate.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\marc\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\marc\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: f:\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-1-8 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-1-8 38528]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-1-8 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-1-8 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-1-8 172032]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-26 12672]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-1-8 14976]
=============== Created Last 30 ================
2010-01-10 12:00 73,728 a------- c:\windows\system32\javacpl.cpl
2010-01-09 21:31 <DIR> acdshr-- C:\cmdcons
2010-01-09 21:29 261,632 a------- c:\windows\PEV.exe
2010-01-09 21:29 161,792 a------- c:\windows\SWREG.exe
2010-01-09 21:29 98,816 a------- c:\windows\sed.exe
2010-01-09 21:29 77,312 a------- c:\windows\MBR.exe
2010-01-08 17:27 <DIR> --d----- c:\docume~1\marc\applic~1\Malwarebytes
2010-01-08 17:17 <DIR> --d----- c:\program files\Trend Micro
2010-01-08 10:16 130,104 a------- c:\windows\system32\sdccoinstaller.dll
2010-01-08 10:16 <DIR> --d----- c:\program files\common files\Cisco Systems
2010-01-08 10:16 23,552 a------- c:\windows\system32\sophosboottasks.exe
2010-01-08 10:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sophos
2010-01-08 10:15 14,976 a------- c:\windows\system32\drivers\SophosBootDriver.sys
2010-01-08 10:15 38,528 a------- c:\windows\system32\drivers\savonaccessfilter.sys
2010-01-08 10:15 110,848 a------- c:\windows\system32\drivers\savonaccesscontrol.sys
2010-01-08 10:14 <DIR> --d----- c:\program files\Sophos
2010-01-08 10:13 <DIR> -cd----- C:\SAV_CD
2010-01-07 14:22 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:22 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 14:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-07 12:06 21,504 a------- c:\windows\system32\hidserv.dll
2010-01-07 12:06 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2010-01-05 01:25 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-12-29 04:57 <DIR> --d----- c:\documents and settings\marc\PrivacIE
2009-12-29 00:25 <DIR> --d----- c:\documents and settings\marc\IETldCache
2009-12-29 00:20 <DIR> --d----- c:\windows\ie8updates
2009-12-29 00:18 <DIR> -cd----- c:\windows\ie8
2009-12-16 20:16 335 a------- c:\windows\mozregistry.dat
2009-12-16 18:59 <DIR> --d----- c:\docume~1\marc\applic~1\KompoZer
2009-12-14 20:00 664 a------- c:\windows\system32\d3d9caps.dat
==================== Find3M ====================
2010-01-10 12:00 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-05 23:18 77,348 a------- c:\windows\hpqins05.dat
2009-10-27 04:01 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-10-21 14:50 36,064 ac------ c:\docume~1\marc\applic~1\GDIPFONTCACHEV1.DAT
2009-10-20 23:00 75,776 a------- c:\windows\system32\strmfilt.dll
2009-10-20 23:00 25,088 a------- c:\windows\system32\httpapi.dll
2009-10-20 23:00 75,776 -------- c:\windows\system32\dllcache\strmfilt.dll
2009-10-20 23:00 25,088 -------- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 07:58 263,552 -------- c:\windows\system32\dllcache\http.sys
2009-10-16 14:33 33,728 a---h--- c:\windows\system32\mlfcache.dat
2008-06-02 21:33 560 ac------ c:\docume~1\marc\applic~1\ViewerApp.dat
============= FINISH: 16:33:16.93 ===============