Combofix Log:
ComboFix 10-04-21.01 - Eddy Libier 04/24/2010 6:44.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.174 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Eddy Libier\System
c:\documents and settings\Eddy Libier\System\win_qs7.jqx
c:\documents and settings\Eddy Libier\System\win_qs8.jqx
c:\program files\WinPCap
c:\windows\jestertb.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWSDRIVER
-------\Service_WindowsDriver
((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.
2010-04-24 02:08 . 2010-04-24 02:08 -------- d-----w- C:\$AVG
2010-04-24 02:06 . 2010-04-24 02:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-24 02:06 . 2010-04-24 02:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-24 02:06 . 2010-04-24 02:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-24 02:06 . 2010-04-24 02:06 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-24 02:05 . 2010-04-24 02:05 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-24 02:05 . 2010-04-24 02:05 -------- d-----w- c:\program files\AVG
2010-04-24 02:05 . 2010-04-24 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-24 01:09 . 2010-04-24 01:09 -------- d-----w- c:\documents and settings\Eddy Libier\Application Data\Tific
2010-04-24 01:09 . 2010-04-24 01:09 -------- d-----w- c:\documents and settings\Eddy Libier\Local Settings\Application Data\tific
2010-04-24 00:57 . 2010-03-26 14:33 1496064 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Mozilla\Firefox\Profiles\op7k33nq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-24 00:57 . 2010-03-26 14:33 43008 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Mozilla\Firefox\Profiles\op7k33nq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-24 00:57 . 2010-03-26 14:33 339456 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Mozilla\Firefox\Profiles\op7k33nq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-24 00:57 . 2010-03-26 14:32 346112 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Mozilla\Firefox\Profiles\op7k33nq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-23 21:02 . 2010-04-23 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-23 21:02 . 2010-04-23 21:02 -------- d-----w- c:\program files\SpywareBlaster
2010-04-23 20:56 . 2010-04-23 20:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-23 20:56 . 2010-04-23 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-23 20:27 . 2010-04-23 20:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-23 20:26 . 2010-04-23 20:26 -------- d-----w- c:\program files\AskBarDis
2010-04-23 20:26 . 2010-04-23 20:26 -------- d-----w- c:\program files\The Weather Channel Toolbar
2010-04-23 20:26 . 2010-04-23 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-23 19:57 . 2010-04-23 19:57 -------- d-----w- C:\FOUND.003
2010-04-21 13:38 . 2010-04-21 13:44 20841968 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-04-21 13:38 . 2010-04-21 13:38 8405312 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-21 13:35 . 2010-04-21 13:35 149000 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-21 13:35 . 2010-04-21 13:35 10309448 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-21 13:30 . 2010-04-21 13:30 79368 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-04-21 13:30 . 2010-04-21 13:30 64000 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-21 13:30 . 2010-04-21 13:30 52288 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-21 13:30 . 2010-04-21 13:30 50688 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-21 13:30 . 2010-04-21 13:30 49152 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-04-21 13:30 . 2010-04-21 13:30 118784 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-04-13 17:45 . 2010-04-13 17:45 -------- d-----w- c:\documents and settings\Eddy Libier\Local Settings\Application Data\Temp
2010-04-13 17:45 . 2010-04-13 17:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-11 15:30 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-11 15:10 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-11 14:54 . 2010-04-20 13:34 439816 ----a-w- c:\documents and settings\Eddy Libier\Application Data\Real\Update\setup3.10\setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 13:13 . 2009-08-31 14:35 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-10 06:15 . 2004-08-05 00:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 19:01 . 2003-03-19 02:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-03-04 19:01 . 2003-03-19 00:14 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-03-04 19:01 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-02-25 06:24 . 2004-08-05 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 00:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10 . 2004-08-05 00:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-05 00:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-05 00:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 00:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-04-13 15:20 . 2008-09-05 18:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-08-31 14:35 . 2009-08-31 14:35 8 --sh--r- c:\windows\system32\F688041A45.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\documents and settings\Eddy Libier\My Documents\\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-02 67128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2007-05-23 1798656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 69632]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2003-07-14 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-04-13 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-08 185896]
"Corel Photo Downloader"="c:\program files\Corel\Corel MediaOne\Corel Photo Downloader.exe" [2007-08-17 483144]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-11-19 53248]
Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-11-19 36864]
Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-11-19 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
Logitech Desktop Messenger.lnk - c:\documents and settings\Eddy Libier\My Documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-2 67128]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-29 968224]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-24 02:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Eddy Libier\\My Documents\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2492:UDP"= 2492:UDP:Windows Media Format SDK (iexplore.exe)
"2493:UDP"= 2493:UDP:Windows Media Format SDK (iexplore.exe)
"2832:UDP"= 2832:UDP:Windows Media Format SDK (iexplore.exe)
"2833:UDP"= 2833:UDP:Windows Media Format SDK (iexplore.exe)
"3600:UDP"= 3600:UDP:Windows Media Format SDK (iexplore.exe)
"3601:UDP"= 3601:UDP:Windows Media Format SDK (iexplore.exe)
"1723:TCP"= 1723:TCP
xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP
xpsp2res.dll,-22016
"500:UDP"= 500:UDP
xpsp2res.dll,-22017
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/23/2010 10:06 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/23/2010 10:06 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/23/2010 10:05 PM 285392]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2/18/2006 7:22 AM 2343]
S1 mailKmd;mailKmd; [x]
S2 BITISU;BITISU;c:\program files\Windows NT\wuailcv.exe --> c:\program files\Windows NT\wuailcv.exe [?]
S2 ESvrCer;ESvrCer;c:\program files\Windows NT\Updatas.exe [3/17/2008 10:24 PM 82910]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/13/2010 1:40 PM 135664]
S2 Httpvcor;Httpvcor;c:\program files\Intel\Httpvcor.exe --> c:\program files\Intel\Httpvcor.exe [?]
S2 mrtRate;mrtRate; [x]
S2 Network Updating;Network Updating;c:\program files\msn gaming zone\MSNPRO32.exe --> c:\program files\msn gaming zone\MSNPRO32.exe [?]
S2 SpPortEx;Samsung Port Exclusion;c:\windows\system32\drivers\SpPortEx.sys [4/25/2006 8:07 PM 7168]
S2 SwiWiFiComm;SwiWiFiComm;c:\program files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe --> c:\program files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe [?]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\DRIVERS\apusbsnt.sys --> c:\windows\system32\DRIVERS\apusbsnt.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/30/2007 5:24 PM 30192]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [4/19/2007 11:09 AM 99200]
.
Contents of the 'Scheduled Tasks' folder
2010-04-24 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~2\MESSAGES\SDNotify.exe [2008-04-11 13:53]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 17:40]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 17:40]