ComboFix 08-07-29.1 - James Battenhouse 2008-07-29 18:30:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1199 [GMT -4:00] Running from: C:\Documents and Settings\James Battenhouse\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\James Battenhouse\Application Data\macromedia\Flash Player\#SharedObjects\72VPY9T5\interclick.com C:\Documents and Settings\James Battenhouse\Application Data\macromedia\Flash Player\#SharedObjects\72VPY9T5\interclick.com\ud.sol C:\Documents and Settings\James Battenhouse\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\James Battenhouse\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\system32\deposit.dll C:\WINDOWS\system32\ehgrufni.ini C:\WINDOWS\system32\mtcstjyi.ini C:\WINDOWS\system32\qtuCbccf.ini C:\WINDOWS\system32\qtuCbccf.ini2 C:\WINDOWS\system32\tphxdcrm.ini C:\WINDOWS\system32\wepswtvp.ini . ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))) . 2008-07-26 05:46 . 2008-07-26 05:46 d-------- C:\Program Files\Trend Micro 2008-07-26 05:31 . 2008-07-26 05:31 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-26 05:31 . 2008-07-26 05:31 d-------- C:\Program Files\Common Files\Download Manager 2008-07-26 05:31 . 2008-07-26 05:31 d-------- C:\Documents and Settings\James Battenhouse\Application Data\Malwarebytes 2008-07-26 05:31 . 2008-07-26 05:31 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-26 05:31 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-26 05:31 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-25 18:33 . 2008-07-25 18:33 d-------- C:\Program Files\SmitRem 2008-07-25 18:24 . 2008-07-25 18:24 d-------- C:\VundoFix Backups 2008-07-21 07:02 . 2008-07-21 07:05 1,672 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-21 04:53 . 2008-07-21 04:58 19,612 --a------ C:\WINDOWS\wininit.ini 2008-07-21 04:36 . 2008-07-21 04:36 d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-21 04:36 . 2008-07-21 04:46 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-20 08:59 . 2008-07-20 08:59 d-------- C:\Documents and Settings\James Battenhouse\LocalLow 2008-07-20 08:59 . 2008-07-20 08:59 d-------- C:\Documents and Settings\James Battenhouse\Application Data\TVU Networks 2008-07-20 08:59 . 2008-07-20 08:59 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks 2008-07-20 08:58 . 2008-07-20 08:59 d-------- C:\Program Files\TVUPlayer 2008-07-20 08:57 . 2008-07-20 08:58 d-------- C:\Program Files\jZip 2008-07-20 08:39 . 2008-07-20 08:58 d-------- C:\TVU 2008-07-09 18:16 . 2008-07-09 18:16 d--h----- C:\$AVG8.VAULT$ 2008-07-06 08:13 . 2008-07-06 08:13 d-------- C:\WINDOWS\Downloaded Installations 2008-07-06 08:13 . 2008-07-06 08:13 d-------- C:\Program Files\streamtofile.com 2008-07-02 10:03 . 2008-07-02 10:03 591,296 --a------ C:\WebmailPlugin.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-10 12:29 --------- d-----w C:\Program Files\Disney Interactive 2008-07-08 03:12 --------- d-----w C:\Documents and Settings\James Battenhouse\Application Data\AVGTOOLBAR 2008-07-06 12:34 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-06 12:33 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-06 12:33 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-06-18 21:39 --------- d-----w C:\Program Files\AVG 2008-06-18 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 08:34 1232152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoExplosionCalCheck] --a------ 2006-08-15 12:26 69632 C:\Program Files\Nova Development\Photo Explosion 3.0\CalCheck.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Avant Browser\\avant.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-06 08:33] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 08:33] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 08:33] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 08:34] . - - - - ORPHANS REMOVED - - - - BHO-{0D2488AF-BA1E-4B2F-ACAE-01FF95462658} - C:\WINDOWS\system32\fccbCutq.dll HKLM-Run-144e6ad0 - C:\WINDOWS\system32\infurghe.dll Notify-hgGvusRl - hgGvusRl.dll . ------- Supplementary Scan ------- . O17 -: HKLM\CCS\Interface\{10AFA1CA-9C9B-4D54-9EEE-924FB0A052CC}: NameServer = 205.152.37.23,205.152.144.23 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-29 18:33:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\SoftwareDistribution\Download\c36c7f4b6082ffbd96a80985adcf3ca0\update\update.exe . ************************************************************************** . Completion time: 2008-07-29 18:35:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-29 22:35:15 Pre-Run: 70,730,047,488 bytes free Post-Run: 70,674,665,472 bytes free 115 --- E O F --- 2008-06-28 22:55:13