As far as performance, the only noticeable difference thus far is the Run dll error dose not come up and as far as I can tell Fire Fox has stopped with the random misdirects. I tried about 4-6 searches and 8-10 links per search.
***I took a print screen of the programs listed in my start up and I tried to attach a JPEG of it but the forum wont let me. There where 2 items, Rundll32P17 and uvemijigokj. Both of witch unchecked. The uvemijigokj is no longer there after the ComboFix however, the Rundll32P17 is still there. It stayed unchecked but it stayed in the list as well.
ComboFix.log
ComboFix 10-01-18.02 - Gary S. Priest 01/18/2010 19:50:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1537 [GMT -6:00]
Running from: c:\documents and settings\Gary S. Priest\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gary S. Priest\Application Data\Desktopicon
c:\documents and settings\Gary S. Priest\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Gary S. Priest\Application Data\Desktopicon\uninst.exe
c:\documents and settings\Gary S. Priest\Application Data\SystemProc
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}\chrome.manifest
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}\chrome\content\_cfg.js
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}\chrome\content\overlay.xul
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\omecerisu.dll
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\Data
c:\windows\system32\warning.html
c:\windows\update.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-19 01:12 . 2010-01-19 01:12 -------- d-----w- c:\program files\ERUNT
2010-01-18 00:04 . 2010-01-08 00:49 2303680 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfws9.exe
2010-01-18 00:04 . 2010-01-08 00:49 1260312 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-15 20:50 . 2010-01-15 20:50 -------- d-----w- C:\rsit
2010-01-15 20:50 . 2010-01-15 20:50 -------- d-----w- c:\program files\trend micro
2010-01-12 19:39 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 01:13 . 2010-01-12 01:13 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-12 01:13 . 2010-01-08 00:49 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-12 01:13 . 2010-01-08 00:49 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-12 01:13 . 2010-01-12 01:13 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-12 01:13 . 2010-01-08 00:49 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-12 01:13 . 2010-01-08 00:48 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-11 16:16 . 2010-01-11 16:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-11 16:11 . 2010-01-11 16:12 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Temp
2010-01-11 16:11 . 2010-01-11 16:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-11 16:11 . 2010-01-11 16:13 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Google
2010-01-11 16:11 . 2010-01-11 16:12 -------- d-----w- c:\program files\Google
2010-01-09 21:05 . 2010-01-18 00:03 0 ----a-w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\prvlcl.dat
2010-01-08 00:55 . 2010-01-08 00:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-08 00:49 . 2010-01-08 00:49 -------- d-----w- C:\$AVG
2010-01-08 00:49 . 2010-01-08 00:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-08 00:49 . 2010-01-08 00:49 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-08 00:49 . 2010-01-08 00:49 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-08 00:49 . 2010-01-19 01:11 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-08 00:48 . 2010-01-08 00:48 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-08 00:48 . 2010-01-08 00:48 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-08 00:48 . 2010-01-08 00:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-08 00:48 . 2010-01-08 00:48 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-08 00:48 . 2010-01-08 00:48 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-08 00:48 . 2010-01-08 00:48 -------- d-----w- c:\program files\AVG
2010-01-08 00:48 . 2010-01-08 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-08 00:19 . 2010-01-08 00:19 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\Malwarebytes
2010-01-07 15:54 . 2010-01-07 15:54 388096 ----a-r- c:\documents and settings\Gary S. Priest\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 15:54 . 2010-01-07 15:54 -------- d-----w- c:\program files\TrendMicro
2010-01-07 13:49 . 2010-01-07 13:59 -------- d-----w- c:\documents and settings\Gary S. Priest\DoctorWeb
2010-01-06 21:27 . 2010-01-06 21:27 102400 ----a-w- c:\windows\iStler.exe
2010-01-06 16:27 . 2010-01-06 16:27 -------- d--h--w- c:\windows\PIF
2010-01-02 15:07 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-02 15:07 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-01 22:40 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-01-01 21:05 . 2010-01-01 21:33 -------- d-----w- c:\program files\Unlocker
2010-01-01 20:58 . 2010-01-01 21:34 -------- d-----w- c:\documents and settings\Gary S. Priest\Tracing
2010-01-01 20:55 . 2010-01-01 20:55 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-01 20:54 . 2010-01-01 20:54 -------- d-----w- c:\documents and settings\Gary S. Priest\Contacts
2010-01-01 20:52 . 2010-01-01 20:54 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-01-01 20:52 . 2010-01-01 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2010-01-01 20:45 . 2010-01-01 20:45 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Help
2010-01-01 20:14 . 2010-01-01 20:14 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-01-01 20:13 . 2010-01-01 20:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-01 20:13 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Gary S. Priest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-01 20:13 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-01 20:13 . 2010-01-01 20:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-01 20:12 . 2010-01-01 20:15 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Adobe
2010-01-01 20:12 . 2010-01-01 20:12 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-01 20:12 . 2010-01-01 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-01 01:42 . 2010-01-05 19:37 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\gtk-2.0
2010-01-01 01:42 . 2010-01-01 01:42 -------- d-----w- c:\documents and settings\Gary S. Priest\.thumbnails
2010-01-01 01:41 . 2010-01-05 19:40 -------- d-----w- c:\documents and settings\Gary S. Priest\.gimp-2.6
2010-01-01 01:41 . 2010-01-01 01:41 -------- d-----w- c:\documents and settings\Gary S. Priest\.gegl-0.0
2010-01-01 01:41 . 2010-01-01 01:41 -------- d-sh--w- c:\documents and settings\Gary S. Priest\PrivacIE
2010-01-01 01:38 . 2010-01-01 01:38 -------- d-----w- c:\program files\Gimp-2.0
2009-12-31 15:05 . 2009-12-31 15:05 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Nero
2009-12-31 01:28 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-31 01:27 . 2009-12-31 01:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-31 01:21 . 2009-12-31 01:21 -------- d-----w- c:\windows\system32\scripting
2009-12-31 01:21 . 2009-12-31 01:21 -------- d-----w- c:\windows\l2schemas
2009-12-31 01:21 . 2009-12-31 01:21 -------- d-----w- c:\windows\system32\en
2009-12-31 01:21 . 2009-12-31 01:21 -------- d-----w- c:\windows\system32\bits
2009-12-31 01:18 . 2009-12-31 01:18 -------- d-----w- c:\windows\EHome
2009-12-31 01:13 . 2010-01-07 03:28 120 ----a-w- c:\windows\Bnebe.dat
2009-12-31 01:13 . 2010-01-06 16:23 0 ----a-w- c:\windows\Cwugeco.bin
2009-12-31 01:09 . 2009-12-31 01:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-31 01:09 . 2009-12-31 01:09 -------- d-sh--w- c:\documents and settings\Gary S. Priest\IETldCache
2009-12-31 00:55 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-31 00:55 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-31 00:55 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-31 00:55 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-31 00:55 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-31 00:55 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-31 00:55 . 2009-12-31 00:55 -------- d-----w- c:\windows\ie8updates
2009-12-31 00:55 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-31 00:55 . 2009-12-31 00:55 -------- dc-h--w- c:\windows\ie8
2009-12-29 16:54 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2009-12-29 16:54 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2009-12-29 16:54 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2009-12-29 16:54 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2009-12-29 16:54 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2009-12-29 16:54 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2009-12-29 16:54 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2009-12-29 16:53 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-29 16:53 . 2007-06-13 15:24 1469312 ----a-w- c:\windows\system32\drivers\ZS211.sys
2009-12-29 16:53 . 2007-04-06 20:21 77824 ----a-w- c:\windows\ZS211Cap.exe
2009-12-29 16:53 . 2007-04-06 17:06 57344 ----a-w- c:\windows\ZSSnp211.exe
2009-12-29 16:53 . 2006-08-18 22:58 49152 ----a-w- c:\windows\Domino.exe
2009-12-29 16:53 . 2006-08-09 23:37 81920 ----a-w- c:\windows\system32\ZS211STI.dll
2009-12-29 16:53 . 2006-03-14 20:28 172032 ----a-w- c:\windows\amcap.exe
2009-12-29 16:53 . 2009-12-29 16:53 -------- d-----w- c:\program files\Vimicro
2009-12-27 15:36 . 2009-12-27 15:36 -------- d-----w- c:\program files\MSXML 4.0
2009-12-26 17:36 . 2009-12-26 17:45 -------- d-----w- c:\program files\Common Files\Nero
2009-12-26 14:35 . 2009-12-26 14:35 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Ahead
2009-12-26 05:18 . 2010-01-15 16:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 05:18 . 2010-01-15 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 04:52 . 2009-12-26 20:25 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\Nero
2009-12-26 04:41 . 2009-12-26 17:37 -------- d-----w- c:\program files\Nero
2009-12-26 03:44 . 2009-12-26 03:44 152576 ----a-w- c:\documents and settings\Gary S. Priest\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-26 03:44 . 2009-12-26 03:44 79488 ----a-w- c:\documents and settings\Gary S. Priest\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-26 03:33 . 2009-12-26 04:28 -------- d-----w- c:\program files\Windows Sidebar
2009-12-26 03:28 . 2009-12-26 03:30 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-26 03:28 . 2009-12-26 03:28 -------- d-----w- c:\windows\Logs
2009-12-26 03:25 . 2009-12-31 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-26 03:12 . 2009-10-11 10:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 03:12 . 2009-12-26 03:44 -------- d-----w- c:\program files\Java
2009-12-26 03:12 . 2009-12-26 03:12 152576 ----a-w- c:\documents and settings\Gary S. Priest\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-12-26 03:11 . 2009-12-26 03:11 -------- d-----w- c:\program files\Winamp Detect
2009-12-26 03:00 . 2010-01-15 16:26 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\uTorrent
2009-12-26 02:54 . 2009-12-26 02:54 -------- d-----w- c:\windows\system32\LogFiles
2009-12-26 02:51 . 2009-12-26 02:51 -------- d-----w- C:\d7bd8d90dc6561f35f408805b51018a4
2009-12-26 02:51 . 2009-12-26 02:56 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-26 02:34 . 2009-12-26 02:34 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\Roxio Log Files
2009-12-26 02:30 . 2009-12-26 02:30 -------- d-----w- c:\program files\Elaborate Bytes
2009-12-26 01:26 . 2009-12-26 01:26 -------- d-----w- C:\Hex_Editor_xvi32
2009-12-26 01:21 . 2003-03-25 11:49 152064 ----a-w- c:\windows\system32\unrar.dll
2009-12-26 01:21 . 2001-10-31 16:14 77824 ----a-w- c:\windows\system32\mplaw7.dll
2009-12-26 01:21 . 2001-10-31 16:14 77824 ----a-w- c:\windows\system32\mplaa6.dll
2009-12-26 01:21 . 2001-10-31 16:14 65536 ----a-w- c:\windows\system32\mplapx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 23:07 . 2010-01-07 23:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 23:07 . 2010-01-07 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 23:07 . 2010-01-07 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 22:07 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 01:22 . 2009-12-25 23:47 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-26 03:11 . 2009-12-26 03:10 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\Winamp
2009-12-26 03:11 . 2009-12-26 03:10 -------- d-----w- c:\program files\Winamp
2009-12-25 23:57 . 2009-12-25 23:57 0 ----a-w- c:\windows\nsreg.dat
2009-12-25 23:47 . 2009-12-25 23:47 -------- d-----w- c:\program files\microsoft frontpage
2009-12-25 23:45 . 2009-12-25 23:45 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 11:08 . 2010-01-07 22:59 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-08 00:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-01-12 01:13 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-08-18 22:58 49152 ----a-w- c:\windows\Domino.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 00:38 64512 ----a-w- c:\windows\system32\P17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-06-21 00:53 1056768 ----a-w- c:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-06 17:06 57344 ----a-w- c:\windows\ZSSnp211.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"Windows Service Host"= c:\documents and settings\Gary S. Priest\Application Data\svhost.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/7/2010 6:48 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/7/2010 6:48 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/7/2010 6:49 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/7/2010 6:48 PM 360584]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [12/25/2009 6:16 PM 13696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/7/2010 6:48 PM 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/7/2010 6:48 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1/7/2010 6:49 PM 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/7/2010 6:48 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/7/2010 6:48 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/7/2010 6:48 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/7/2010 6:48 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/7/2010 6:48 PM 25736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/11/2010 10:11 AM 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/7/2010 6:48 PM 30104]
.
Contents of the 'Scheduled Tasks' folder
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 16:11]
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 16:11]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Gary S. Priest\Application Data\Mozilla\Firefox\Profiles\dt378tcy.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-Rzoke - c:\windows\uvemijigoki.dll
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-eBay Icon - c:\documents and settings\Gary S. Priest\Application Data\Desktopicon\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 19:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3552)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-01-18 19:59:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-19 01:59
Pre-Run: 62,063,894,528 bytes free
Post-Run: 62,017,007,616 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 70DF382042936B26CC0814E04ED6886A