ComboFix 10-08-18.05 - Dominic S. Medalla 08/20/2010 23:13:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.673 [GMT 8:00]
Running from: c:\documents and settings\Dominic S. Medalla\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 12:48 . 2010-08-20 12:48 -------- d-----w- c:\documents and settings\Dominic S. Medalla\Application Data\Avira
2010-08-20 10:48 . 2010-08-20 10:48 -------- d-----w- c:\documents and settings\Dominic S. Medalla\Application Data\fltk.org
2010-08-20 10:14 . 2010-08-20 09:29 -------- d-----w- c:\documents and settings\Dominic S. Medalla\Application Data\Skype
2010-08-20 10:04 . 2010-08-20 10:04 0 ----a-w- c:\windows\nsreg.dat
2010-08-20 10:02 . 2010-08-20 10:02 -------- d-----w- c:\documents and settings\Dominic S. Medalla\Application Data\Malwarebytes
2010-08-20 10:02 . 2010-08-20 10:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 10:02 . 2010-08-20 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-20 09:54 . 2010-08-20 09:54 12328 ----a-w- c:\documents and settings\Dominic S. Medalla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-20 09:54 . 2010-08-20 09:54 -------- d-----w- c:\program files\Avira
2010-08-20 09:54 . 2010-08-20 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-20 09:44 . 2010-08-20 09:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-20 09:35 . 2010-08-20 09:33 -------- d-----w- c:\program files\Nintendo DS
2010-08-20 09:33 . 2010-08-20 09:31 -------- d-----w- c:\program files\Playstation
2010-08-20 09:31 . 2010-08-20 09:31 12862 ----a-r- c:\documents and settings\Dominic S. Medalla\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2010-08-20 09:29 . 2010-08-20 09:29 -------- d-----w- c:\program files\Google
2010-08-20 09:29 . 2010-08-20 09:29 -------- d-----r- c:\program files\Skype
2010-08-20 09:29 . 2010-08-20 09:29 -------- d-----w- c:\program files\Common Files\Skype
2010-08-20 09:29 . 2010-08-20 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-20 09:28 . 2010-08-20 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-20 09:28 . 2010-08-20 09:28 -------- d-----w- c:\program files\Yahoo!
2010-08-20 09:27 . 2010-08-20 09:27 -------- d-----w- c:\program files\VideoLAN
2010-08-20 09:26 . 2010-08-20 09:26 -------- d-----w- c:\program files\QuickTime
2010-08-20 09:26 . 2010-08-20 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-20 09:25 . 2010-08-20 09:25 -------- d-----w- c:\program files\Common Files\Apple
2010-08-20 09:25 . 2010-08-20 09:25 -------- d-----w- c:\program files\Apple Software Update
2010-08-20 09:25 . 2010-08-20 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-20 09:25 . 2010-08-20 09:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-20 09:24 . 2010-08-20 09:25 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-20 09:24 . 2010-08-20 09:24 -------- d-----w- c:\program files\Java
2010-08-20 09:10 . 2010-08-20 08:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-20 09:07 . 2010-08-20 09:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 09:07 . 2010-08-20 09:06 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-20 09:01 . 2010-08-20 09:01 -------- d-----w- c:\program files\CONEXANT
2010-08-20 08:38 . 2010-08-20 08:38 -------- d-----w- c:\program files\microsoft frontpage
2010-08-20 08:34 . 2010-08-20 08:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-20 08:33 . 2010-08-20 08:33 -------- d-----w- c:\program files\Windows Media Connect 2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-17 7561216]
"nwiz"="nwiz.exe" [2006-03-17 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-17 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/20/2010 5:54 PM 135336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2010 5:29 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 09:29]
2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 09:29]
.
.
------- Supplementary Scan -------
.
TCP: {257E5BAD-1E47-492C-833C-E8F1ADCC4B9A} = 202.78.97.41 202.78.97.35
FF - ProfilePath - c:\documents and settings\Dominic S. Medalla\Application Data\Mozilla\Firefox\Profiles\d1ceb8tw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1908)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2010-08-20 23:16:58
ComboFix-quarantined-files.txt 2010-08-20 15:16
Pre-Run: 74,477,498,368 bytes free
Post-Run: 74,441,682,944 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 7FBCC7931F43E0173429DAB81B921840