ComboFix 10-07-08.02 - MALORIE 07/09/2010 8:08.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1498 [GMT -5:00]
Running from: c:\documents and settings\MALORIE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MALORIE\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.
2010-07-08 20:48 . 2010-07-08 20:48 -------- d-----w- C:\_OTM
2010-07-06 21:00 . 2010-07-06 21:00 -------- d-----w- c:\documents and settings\MALORIE\Application Data\My Games
2010-07-06 20:11 . 2010-07-06 20:11 -------- d-----w- c:\program files\MSXML 4.0
2010-07-06 06:36 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 05:52 . 2010-07-06 05:52 -------- d-----w- c:\program files\iPod
2010-07-06 05:52 . 2010-07-06 05:53 -------- d-----w- c:\program files\iTunes
2010-07-06 05:50 . 2010-07-06 05:50 -------- d-----w- c:\program files\Bonjour
2010-07-06 05:48 . 2010-07-06 05:48 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-06 05:48 . 2010-07-06 05:48 -------- d-----w- c:\program files\Safari
2010-07-06 05:47 . 2010-07-06 05:47 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-06 04:26 . 2010-07-06 04:26 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Malwarebytes
2010-07-06 04:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 04:26 . 2010-07-06 04:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 04:26 . 2010-07-06 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-06 04:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-06 04:16 . 2008-04-14 00:12 11776 ----a-w- C:\regsvr32.exe
2010-07-06 03:26 . 2010-07-06 03:26 -------- d-----w- c:\documents and settings\MALORIE\Local Settings\Application Data\cache
2010-07-06 01:52 . 2010-07-06 01:52 -------- d-----w- c:\documents and settings\MALORIE\Application Data\AVG9
2010-07-06 00:04 . 2010-07-06 00:04 -------- d-----w- c:\program files\CCleaner
2010-07-05 23:53 . 2010-07-05 23:53 -------- d-----w- c:\documents and settings\MALORIE\Local Settings\Application Data\Threat Expert
2010-07-05 22:21 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-05 22:21 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-05 22:21 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-05 22:21 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-07-05 22:21 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-05 22:21 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-07-05 22:20 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-05 22:20 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-05 22:20 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-05 22:20 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-05 22:20 . 2010-07-06 05:18 -------- d-----w- c:\program files\Spyware Doctor
2010-07-05 22:20 . 2010-07-05 22:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-05 22:20 . 2010-07-05 22:20 -------- d-----w- c:\documents and settings\MALORIE\Application Data\PC Tools
2010-07-05 22:20 . 2010-07-05 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-30 19:28 . 2010-06-30 19:28 -------- d-----w- c:\documents and settings\MALORIE\Local Settings\Application Data\FullTiltPoker.NET
2010-06-23 00:45 . 2010-06-23 00:45 50354 ----a-w- c:\documents and settings\MALORIE\Application Data\Facebook\uninstall.exe
2010-06-23 00:45 . 2010-06-23 00:45 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Facebook
2010-06-12 21:19 . 2010-07-06 21:22 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-12 21:11 . 2010-06-12 21:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-12 21:11 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-12 21:11 . 2010-06-12 21:11 -------- d-----w- c:\program files\Lavasoft
2010-06-12 16:35 . 2010-06-12 16:36 -------- d-----w- c:\program files\STOPzilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 23:36 . 2009-12-01 22:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-08 23:27 . 2009-12-01 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-08 21:03 . 2010-01-20 01:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-08 14:57 . 2010-05-11 14:42 -------- d-----w- c:\documents and settings\MALORIE\Application Data\FrostWire
2010-07-08 14:56 . 2010-04-29 04:33 -------- d-----w- c:\program files\LimeWire
2010-07-08 14:56 . 2010-06-02 19:08 -------- d-----w- c:\program files\FrostWire
2010-07-06 21:22 . 2009-12-01 22:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-06 20:48 . 2009-11-30 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 20:48 . 2010-03-05 02:05 -------- d-----w- c:\program files\Firaxis Games
2010-07-06 20:24 . 2010-03-05 02:18 -------- d-----w- c:\documents and settings\Preferred Customer\Application Data\My Games
2010-07-06 20:20 . 2010-02-12 23:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-06 20:10 . 2010-01-20 01:33 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-06 05:52 . 2010-01-20 01:45 -------- d-----w- c:\program files\Common Files\Apple
2010-07-06 01:53 . 2009-12-01 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-06 01:20 . 2009-12-01 22:55 -------- d-----w- c:\program files\Google
2010-06-23 00:41 . 2010-06-06 19:01 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-06-12 21:11 . 2009-12-01 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-11 20:10 . 2010-03-10 01:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\MALORIE\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-06 19:04 . 2010-06-06 19:04 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Nikon
2010-06-06 19:03 . 2010-06-06 19:03 49152 ----a-r- c:\documents and settings\MALORIE\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-06-06 19:03 . 2010-06-06 19:01 -------- d-----w- c:\program files\Common Files\Nikon
2010-06-06 19:02 . 2010-06-06 19:02 335872 ----a-r- c:\documents and settings\MALORIE\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\program files\Nikon
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2010-06-06 19:01 . 2003-03-19 17:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-06-06 19:01 . 2009-11-30 02:32 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-06 19:00 . 2010-06-06 19:00 -------- d-----w- c:\program files\ArcSoft
2010-06-03 19:44 . 2009-12-01 22:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 19:44 . 2009-12-01 22:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-03 15:39 . 2010-05-17 19:41 -------- d-----w- c:\documents and settings\MALORIE\Application Data\DivX
2010-06-01 16:58 . 2009-12-01 22:40 -------- d-----w- c:\program files\Symantec
2010-06-01 16:58 . 2010-06-01 16:58 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Symantec
2010-06-01 16:56 . 2009-12-01 22:45 -------- d-----w- c:\program files\Ahead
2010-06-01 16:53 . 2009-12-01 22:46 -------- d-----w- c:\program files\InterVideo
2010-06-01 16:53 . 2009-12-01 22:46 -------- d-----w- c:\program files\Common Files\InterVideo
2010-06-01 16:53 . 2009-12-01 22:46 -------- d-----w- c:\program files\InterActual
2010-06-01 13:28 . 2010-05-31 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-05-22 21:45 . 2010-05-22 21:45 -------- d-----w- c:\program files\Oldgames
2010-05-22 18:14 . 2010-05-22 18:14 -------- d-----w- c:\program files\Common Files\Logitech
2010-05-22 18:14 . 2010-05-22 18:14 -------- d-----w- c:\program files\Logitech
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 19:42 . 2010-05-17 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-17 19:42 . 2010-05-17 19:42 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-17 19:42 . 2010-01-28 21:44 -------- d-----w- c:\program files\DivX
2010-05-17 19:42 . 2010-05-17 19:42 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-17 19:42 . 2010-05-17 19:42 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-17 19:42 . 2010-05-17 19:42 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-17 19:42 . 2010-05-17 19:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-17 19:40 . 2010-05-17 19:42 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-17 19:40 . 2010-05-17 19:42 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-11 19:36 . 2010-05-11 19:36 0 ----a-w- c:\documents and settings\MALORIE\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-05-06 10:41 . 2004-08-03 23:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-03 22:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-03 23:56 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-07-08_18.15.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-08 21:03 . 2010-07-08 21:03 16384 c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-06-30 163872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-28 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
c:\documents and settings\MALORIE\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2010-3-2 3121760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 15:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"e:\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2010 4:19 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/5/2010 5:20 PM 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/1/2009 5:52 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/1/2009 5:52 PM 242896]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 4:11 PM 5632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 10:01 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 10:01 AM 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/5/2010 5:21 PM 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 5:15 AM 547744]
S0 mlmso;mlmso; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/1/2009 5:57 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [11/29/2009 9:32 PM 1684736]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/21/2009 9:24 PM 57248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/5/2010 5:20 PM 365280]
S3 ZD1211BU(TRENDnet);802.11g Wireless USB 2.0 Adapter C1 Driver(TRENDnet);c:\windows\system32\DRIVERS\zd1211Bu.sys --> c:\windows\system32\DRIVERS\zd1211Bu.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:22]
2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2010-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-01 22:55]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 22:56]
2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 22:56]
2010-07-09 c:\windows\Tasks\Norton Security Scan for MALORIE.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-08 05:04]
2010-07-09 c:\windows\Tasks\Norton Security Scan for Preferred Customer.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-08 05:04]
2010-07-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL -
hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=8u.onk1A3yLBd6S8qw65kg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce5d5d&searchfor=FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\MALORIE\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-09 08:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(880)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
- - - - - - - > 'explorer.exe'(2036)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-09 08:13:13
ComboFix-quarantined-files.txt 2010-07-09 13:13
ComboFix2.txt 2010-07-08 18:17
ComboFix3.txt 2010-07-06 02:33
Pre-Run: 62,717,747,200 bytes free
Post-Run: 62,706,233,344 bytes free
- - End Of File - - ED6FDBE29A409525BE062EED417DA3D6