New sys file XP Pro SP3

[mchain]

Sorry for the issues with AVP.

It turns out the .zip file is in a temp folder and I can only get it by opening the file manager and copying the file to the desktop whilst in Safe Mode.  No User folder ever found at C:\Users\

See attached .jpeg below:

Same exact BSOD as before running in admin with all start up programs running, so it was Safe Mode this time to avoid that issue.  I did get it to run [EDIT:] (in normal admin), but then a warning box came up that said AVP was running without drivers?!

Have sent you a PM.

Thanks.

[essexboy]

Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text

These are the hooks that Roguekiller found.. All legitimate Apart from that there are no anomalous drivers or services
This is baffling .. I am tempted to ask you to allow the the blocked items and then immediately run Combofix.  What are your thoughts on that ?

[mchain]

Procedure will be as follows:

• OA will be set to allow the autorun.
• System will be rebooted and immediately after desktop displays and OA and avast! icons show in system tray, will connect to the internet.
• Will do a scan run of Combofix immediatley after that and again in one hour, and post the resulting logs.

Have noted that since the scans of various programs have run, the internet connection speed has increased from 5.5 mbs to 104 mbs consistent.  12 mbs service.

Thought:  I have been working on another older computer, bringing that one back to life, and using this one to download new software for it, testing that new software on this system first, and removing it from here after analysis.  Maybe this autorun is for a program no longer on this system?

[essexboy]

Thought:  I have been working on another older computer, bringing that one back to life, and using this one to download new software for it, testing that new software on this system first, and removing it from here after analysis.  Maybe this autorun is for a program no longer on this system?

That is a possibility

[mchain]

Reviving old topic:  Update

Have made numerous hardware changes to this system in the last thirty days, and also have reinstalled various programs including OA firewall, so data that was there during the investigation is gone now.