This is the combofix test log file after a second run. combofix locked up after the first run trying to generate a log file.
ComboFix 09-09-01.07 - Survey 09/02/2009 13:59:33.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2062 [GMT -4:00]
Running from: C:\Documents and Settings\survey\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\Fonts\AcadEref.ttf
C:\WINDOWS\Installer\3f34c066.msp
C:\WINDOWS\Installer\3f34c0a7.msi
C:\WINDOWS\system32\drivers\ndisrd.sys
C:\WINDOWS\system32\drivers\UACwbxrryqejx.sys
C:\WINDOWS\system32\ndisapi.dll
C:\WINDOWS\system32\UACbrpiblqmuo.dll
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UAComomdioyfp.dat
C:\WINDOWS\system32\UACqeqpysedyi.dll
C:\WINDOWS\system32\UACvansikqspx.dll
C:\WINDOWS\wpd99.drv
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_NDISRD
-------\Service_NDISRD
((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.
2009-09-01 12:53:54 . 2009-09-01 12:53:54 0 d-----w- C:\Program Files\iPod
2009-09-01 12:53:47 . 2009-09-01 12:54:23 0 d-----w- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-01 12:53:46 . 2009-09-01 12:54:23 0 d-----w- C:\Program Files\iTunes
2009-09-01 12:51:40 . 2009-09-01 12:52:14 0 d-----w- C:\Program Files\QuickTime
2009-09-01 12:49:24 . 2009-07-09 16:16:16 2060288 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll
2009-09-01 12:47:38 . 2009-09-01 12:47:38 0 d-----w- C:\Program Files\Bonjour
2009-08-28 12:43:53 . 2009-08-28 12:43:53 0 d-----w- C:\Program Files\Common Files\Uninstall
2009-08-28 12:43:38 . 2009-08-28 12:43:44 0 d-----w- C:\Program Files\PersonalAV
2009-08-27 20:40:09 . 2009-08-27 20:40:09 0 d-----w- C:\Documents and Settings\survey\Application Data\ZoomBrowser EX
2009-08-26 15:17:24 . 2008-10-16 18:06:48 268648 ----a-w- C:\WINDOWS\system32\mucltui.dll
2009-08-25 20:10:14 . 2007-04-09 17:23:54 28040 ----a-w- C:\WINDOWS\system32\mdimon.dll
2009-08-25 20:08:56 . 2009-08-25 20:08:56 0 d-----w- C:\Program Files\Microsoft.NET
2009-08-12 02:38:59 . 2009-07-10 13:27:49 1315328 ------w- C:\WINDOWS\system32\dllcache\msoe.dll
2009-08-05 09:01:48 . 2009-08-05 09:01:48 204800 ------w- C:\WINDOWS\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 17:37:13 . 2008-03-16 02:35:00 0 d-----w- C:\Documents and Settings\All Users\Application Data\avg8
2009-09-02 12:30:52 . 2007-07-17 11:42:30 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2009-09-01 12:53:52 . 2007-07-17 11:42:31 0 d-----w- C:\Program Files\Common Files\Apple
2009-08-28 12:59:19 . 2003-08-21 05:12:23 128152 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 20:40:12 . 2008-09-11 11:57:29 0 d-----w- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2009-08-27 20:14:36 . 2008-08-31 02:16:06 0 d-----w- C:\Program Files\D4
2009-08-26 12:23:55 . 2003-08-21 05:13:14 0 d-----w- C:\Program Files\Microsoft ActiveSync
2009-08-05 09:01:48 . 2002-12-12 05:14:32 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-07-31 12:29:10 . 2008-03-16 02:35:37 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2009-07-31 12:29:09 . 2008-03-16 02:35:32 335240 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2009-07-31 12:29:09 . 2008-03-16 02:35:26 27784 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2009-07-17 19:01:06 . 2002-08-29 10:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-14 03:43:24 . 2004-08-04 07:56:46 286208 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-07-09 16:16:16 . 2007-10-24 14:21:17 39424 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys
2009-06-29 16:12:20 . 2004-08-24 00:32:02 827392 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-06-29 16:12:14 . 2004-08-04 07:56:42 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-06-29 16:12:14 . 2002-08-29 10:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-06-25 08:25:26 . 2002-08-29 10:00:00 730112 ----a-w- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 08:25:26 . 2002-08-29 10:00:00 56832 ----a-w- C:\WINDOWS\system32\secur32.dll
2009-06-25 08:25:26 . 2002-08-29 10:00:00 54272 ----a-w- C:\WINDOWS\system32\wdigest.dll
2009-06-25 08:25:26 . 2002-08-29 10:00:00 301568 ----a-w- C:\WINDOWS\system32\kerberos.dll
2009-06-25 08:25:26 . 2002-08-29 10:00:00 147456 ----a-w- C:\WINDOWS\system32\schannel.dll
2009-06-25 08:25:26 . 2002-08-29 10:00:00 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-06-24 11:18:41 . 2002-08-29 10:00:00 92928 ----a-w- C:\WINDOWS\system32\drivers\ksecdd.sys
2009-06-16 14:36:30 . 2002-08-29 10:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-16 14:36:30 . 2002-08-29 10:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-12 12:31:40 . 2002-08-29 10:00:00 80896 ----a-w- C:\WINDOWS\system32\tlntsess.exe
2009-06-12 12:31:39 . 2002-08-29 10:00:00 76288 ----a-w- C:\WINDOWS\system32\telnet.exe
2009-06-10 14:13:29 . 2002-08-29 10:00:00 84992 ----a-w- C:\WINDOWS\system32\avifil32.dll
2009-06-10 13:19:38 . 2002-08-29 10:00:00 2066432 ----a-w- C:\WINDOWS\system32\mstscax.dll
2009-06-10 06:14:49 . 2002-08-29 10:00:00 132096 ----a-w- C:\WINDOWS\system32\wkssvc.dll
2004-12-15 21:48:58 . 2004-12-16 13:32:16 3276800 ----a-w- C:\Program Files\ps2pdf995.exe
2004-12-15 21:46:08 . 2004-12-16 13:32:15 1422336 ----a-w- C:\Program Files\pdf995s.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:56:06 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:56:06 1062144 ----a-w- C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:56:06 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:56:06 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:39:52 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-08-12 12:03:32 2007832]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-22 11:38:44 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-13 18:03:10 292128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 12:29:10 11952 ----a-w- C:\WINDOWS\SYSTEM32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk.disabled
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled
backup=C:\WINDOWS\pss\Microsoft Office.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\HP Officejet Pro K850 Series\\Toolbox\\HPWOTBX.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC TCP
"5900:UDP"= 5900:UDP:VNC UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\SYSTEM32\DRIVERS\avgrkx86.sys [3/15/2008 10:35:36 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys [3/15/2008 10:35:32 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys [3/15/2008 10:35:34 PM 108552]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [3/15/2008 10:35:01 PM 297752]
.
Contents of the 'Scheduled Tasks' folder
2009-08-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57:52 . 2008-07-30 16:34:12]
2009-09-02 C:\WINDOWS\Tasks\WGASetup.job
- C:\WINDOWS\system32\KB905474\wgasetup.exe [2009-05-06 07:00:30 . 2009-03-11 02:18:08]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Dimension4 - C:\Program Files\D4\D4.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mcgillengineers.com\vision
DPF: DirectAnimation Java Classes -
file://C:\WINDOWS\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java -
file://C:\WINDOWS\Java\classes\xmldso.cabFF - ProfilePath - C:\Documents and Settings\survey\Application Data\Mozilla\Firefox\Profiles\isb09s4z.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage -
hxxp://yahoo.com/FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.