Hello there
Thank you for all your efforts to help us get rid of this bug.
I have carried out the above and the log is below.
Dave
ComboFix 10-10-07.02 - owner 09/10/2010 9:39.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.959.458 [GMT 13:00]
Running from: c:\documents and settings\owner\Desktop\zzz.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.
2010-10-07 22:11 . 2010-10-07 22:24 -------- d-----w- C:\zzz
2010-10-04 19:48 . 2010-10-04 19:48 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-04 19:48 . 2010-10-04 19:48 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-04 19:48 . 2010-10-04 19:48 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-10-03 01:24 . 2010-10-03 01:24 -------- d-----w- C:\rsit
2010-10-03 00:47 . 2010-10-03 00:47 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-10-03 00:47 . 2010-04-29 02:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 00:47 . 2010-10-03 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-03 00:47 . 2010-04-29 02:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 00:47 . 2010-10-03 00:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 20:31 . 2010-09-23 20:31 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 20:31 . 2010-09-23 20:31 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 20:31 . 2010-09-23 20:31 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 20:31 . 2010-09-23 20:31 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 20:31 . 2010-09-23 20:31 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 20:31 . 2010-09-23 20:31 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 20:31 . 2010-09-23 20:31 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 20:30 . 2010-09-23 20:30 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 19:40 . 2010-07-25 04:31 0 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\prvlcl.dat
2010-10-07 07:51 . 2001-08-23 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-03 02:11 . 2009-09-19 11:11 -------- d-----w- c:\program files\Registry Medic 2008
2010-10-03 02:11 . 2005-12-08 09:40 -------- d-----w- c:\program files\FinePixViewer
2010-10-03 01:24 . 2009-08-31 06:39 -------- d-----w- c:\program files\Trend Micro
2010-10-03 00:18 . 2005-12-07 08:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-03 00:16 . 2007-06-10 10:03 -------- d-----w- c:\program files\Java
2010-10-03 00:07 . 2007-08-21 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-16 08:42 . 2005-12-10 03:29 -------- d-----w- c:\documents and settings\owner\Application Data\Canon
2010-08-17 13:17 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-01 08:15 . 2010-08-01 08:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-31 05:26 . 2010-07-31 05:26 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-22 15:49 . 2001-08-23 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 21:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 22:01 . 2010-07-21 22:01 110080 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{6239C519-FFFD-4F0A-938A-78C6F2FA0BFA}\IconF7A21AF7.exe
2010-07-21 22:01 . 2010-07-21 22:01 110080 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{6239C519-FFFD-4F0A-938A-78C6F2FA0BFA}\IconD7F16134.exe
2010-07-15 21:44 . 2010-03-02 05:41 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 21:44 . 2010-07-15 21:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 21:43 . 2008-06-11 06:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-10-07_22.22.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2001-08-23 12:00 . 2010-10-08 19:54 59440 c:\windows\system32\perfc009.dat
- 2006-11-07 08:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 08:03 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
- 2001-08-23 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-23 12:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-23 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2001-08-23 12:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
- 2009-06-20 20:35 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-20 20:35 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2007-05-10 05:36 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-10 05:36 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-05-10 05:22 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:22 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2005-12-07 08:58 . 2010-10-08 02:36 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-10-08 02:33 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2005-12-07 08:58 . 2010-10-08 02:36 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2001-08-23 12:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
+ 2001-08-23 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2001-08-23 12:00 . 2010-06-24 12:22 916480 c:\windows\system32\wininet.dll
- 2001-08-23 12:00 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll
- 2001-08-23 12:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2001-08-23 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
+ 2001-08-23 12:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2001-08-23 12:00 . 2010-10-08 19:54 395200 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
- 2001-08-23 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2001-08-23 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2001-08-23 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
- 2006-11-07 08:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2006-11-07 08:03 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll
- 2006-10-18 08:47 . 2006-10-18 08:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-18 08:47 . 2010-03-29 23:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2005-12-06 21:59 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2001-08-23 12:00 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
- 2001-08-23 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2001-08-23 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2001-08-23 12:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
+ 2001-08-23 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
- 2001-08-23 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2005-12-07 10:28 . 2010-10-08 19:20 298848 c:\windows\system32\FNTCACHE.DAT
- 2005-12-07 10:28 . 2010-06-11 15:28 298848 c:\windows\system32\FNTCACHE.DAT
+ 2001-08-23 12:00 . 2010-06-21 15:27 354304 c:\windows\system32\drivers\srv.sys
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2006-05-10 05:23 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:23 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-10-16 04:46 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
- 2006-10-16 23:04 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-16 23:04 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:23 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-05-10 05:36 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-10 05:36 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-03-29 23:24 . 2010-03-29 23:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2008-08-14 04:05 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-06-20 20:35 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-20 20:35 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:22 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:22 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-11 02:51 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-11 02:51 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2006-11-06 14:27 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-06 14:27 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-06 14:26 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-06 14:26 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-12-07 08:58 . 2010-07-14 12:02 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2005-12-07 08:58 . 2010-10-08 02:36 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-10-08 02:33 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-10-08 02:33 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-10-08 02:33 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-10-08 02:33 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-10-08 02:33 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2001-08-23 12:00 . 2010-06-23 13:44 1851904 c:\windows\system32\win32k.sys
+ 2001-08-23 12:00 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll
+ 2001-08-23 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
- 2001-08-23 12:00 . 2010-02-16 21:10 2189952 c:\windows\system32\ntoskrnl.exe
+ 2001-08-23 12:00 . 2010-04-28 02:25 2189952 c:\windows\system32\ntoskrnl.exe
+ 2001-08-17 13:48 . 2010-04-27 13:05 2066816 c:\windows\system32\ntkrnlpa.exe
- 2001-08-17 13:48 . 2010-02-16 13:25 2066816 c:\windows\system32\ntkrnlpa.exe
- 2001-08-23 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2001-08-23 12:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
+ 2001-08-23 12:00 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll
+ 2006-10-16 22:57 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2008-10-16 04:44 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-10 05:23 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-16 04:44 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 04:44 . 2010-02-16 21:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 04:44 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 04:44 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 04:44 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 04:44 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 04:44 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 04:44 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-11-12 18:50 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-11-12 18:50 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-05-19 15:08 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-11 02:53 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2010-03-11 02:53 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2007-05-10 05:36 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2010-08-04 21:57 . 2010-08-04 21:57 4066304 c:\windows\Installer\3500e1.msp
+ 2010-06-28 03:01 . 2010-06-28 03:01 7677952 c:\windows\Installer\3500ba.msp
+ 2010-06-28 09:53 . 2010-06-28 09:53 6819840 c:\windows\Installer\3500a2.msp
+ 2010-08-20 00:50 . 2010-08-20 00:50 5518848 c:\windows\Installer\35008a.msp
+ 2010-08-25 04:06 . 2010-08-25 04:06 6479360 c:\windows\Installer\350072.msp
+ 2010-10-08 02:33 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
- 2008-10-16 04:44 . 2010-02-16 21:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 04:44 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 04:44 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 04:44 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 04:44 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 04:44 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 04:44 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-16 04:44 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-12-07 09:23 . 2010-09-10 01:34 35552200 c:\windows\system32\MRT.exe
+ 2006-11-07 08:03 . 2010-06-24 04:51 11077120 c:\windows\system32\ieframe.dll
+ 2007-05-10 05:36 . 2010-06-24 04:51 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-10-08 02:33 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 00:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Internet Sweeper Pro"="c:\program files\InternetSweeper\is.exe" [2002-09-16 950272]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-15 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-07-14 3973464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 21:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType]
2002-03-22 04:41 94208 ----a-w- c:\program files\Microsoft Hardware\Keyboard\type32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Sweeper Pro]
2002-09-16 22:24 950272 ----a-w- c:\program files\InternetSweeper\is.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 09:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 09:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/06/2008 7:43 p.m. 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/03/2010 6:41 p.m. 243024]
R1 GhPciScan;GhostPciScanner;c:\program files\Ghost 2003\GhPciScan.sys [14/08/2002 4:11 p.m. 5632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/07/2010 10:44 a.m. 308136]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [27/01/2010 7:10 p.m. 5248]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [4/10/2004 4:47 a.m. 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [4/10/2004 3:40 a.m. 118784]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [14/07/2010 4:19 p.m. 326488]
S3 da6d10b4-99ce-4429-b984-28322454a799;da6d10b4-99ce-4429-b984-28322454a799;\??\g:\player\cds300.dll --> g:\player\cds300.dll [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/05/2010 1:35 a.m. 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 00:34]
2010-10-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 03:07]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.stuff.co.nz/mStart Page =
hxxp://home.nzcity.co.nz/mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\1fgserct.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.stuff.co.nz/FF - prefs.js: keyword.URL -
hxxp://au.yhs.search.yahoo.com/avg/sear ... -web_au&p=FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-09 09:46:33
ComboFix-quarantined-files.txt 2010-10-08 20:46
ComboFix2.txt 2010-10-07 22:24
Pre-Run: 9,022,099,456 bytes free
Post-Run: 9,005,895,680 bytes free
- - End Of File - - 8DC41AE15D9349727211384B440E398C