ComboFix 08-07-29.1 - James Battenhouse 2008-07-29 18:30:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1199 [GMT -4:00]
Running from: C:\Documents and Settings\James Battenhouse\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\James Battenhouse\Application Data\macromedia\Flash Player\#SharedObjects\72VPY9T5\interclick.com
C:\Documents and Settings\James Battenhouse\Application Data\macromedia\Flash Player\#SharedObjects\72VPY9T5\interclick.com\ud.sol
C:\Documents and Settings\James Battenhouse\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\James Battenhouse\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\deposit.dll
C:\WINDOWS\system32\ehgrufni.ini
C:\WINDOWS\system32\mtcstjyi.ini
C:\WINDOWS\system32\qtuCbccf.ini
C:\WINDOWS\system32\qtuCbccf.ini2
C:\WINDOWS\system32\tphxdcrm.ini
C:\WINDOWS\system32\wepswtvp.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.
2008-07-26 05:46 . 2008-07-26 05:46
d-------- C:\Program Files\Trend Micro
2008-07-26 05:31 . 2008-07-26 05:31 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 05:31 . 2008-07-26 05:31 d-------- C:\Program Files\Common Files\Download Manager
2008-07-26 05:31 . 2008-07-26 05:31 d-------- C:\Documents and Settings\James Battenhouse\Application Data\Malwarebytes
2008-07-26 05:31 . 2008-07-26 05:31 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 05:31 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 05:31 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-25 18:33 . 2008-07-25 18:33 d-------- C:\Program Files\SmitRem
2008-07-25 18:24 . 2008-07-25 18:24 d-------- C:\VundoFix Backups
2008-07-21 07:02 . 2008-07-21 07:05 1,672 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-21 04:53 . 2008-07-21 04:58 19,612 --a------ C:\WINDOWS\wininit.ini
2008-07-21 04:36 . 2008-07-21 04:36 d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-21 04:36 . 2008-07-21 04:46 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 08:59 . 2008-07-20 08:59 d-------- C:\Documents and Settings\James Battenhouse\LocalLow
2008-07-20 08:59 . 2008-07-20 08:59 d-------- C:\Documents and Settings\James Battenhouse\Application Data\TVU Networks
2008-07-20 08:59 . 2008-07-20 08:59 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-07-20 08:58 . 2008-07-20 08:59 d-------- C:\Program Files\TVUPlayer
2008-07-20 08:57 . 2008-07-20 08:58 d-------- C:\Program Files\jZip
2008-07-20 08:39 . 2008-07-20 08:58 d-------- C:\TVU
2008-07-09 18:16 . 2008-07-09 18:16 d--h----- C:\$AVG8.VAULT$
2008-07-06 08:13 . 2008-07-06 08:13 d-------- C:\WINDOWS\Downloaded Installations
2008-07-06 08:13 . 2008-07-06 08:13 d-------- C:\Program Files\streamtofile.com
2008-07-02 10:03 . 2008-07-02 10:03 591,296 --a------ C:\WebmailPlugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 12:29 --------- d-----w C:\Program Files\Disney Interactive
2008-07-08 03:12 --------- d-----w C:\Documents and Settings\James Battenhouse\Application Data\AVGTOOLBAR
2008-07-06 12:34 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-06 12:33 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-06 12:33 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-18 21:39 --------- d-----w C:\Program Files\AVG
2008-06-18 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 08:34 1232152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoExplosionCalCheck]
--a------ 2006-08-15 12:26 69632 C:\Program Files\Nova Development\Photo Explosion 3.0\CalCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-06 08:33]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 08:33]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 08:33]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 08:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0D2488AF-BA1E-4B2F-ACAE-01FF95462658} - C:\WINDOWS\system32\fccbCutq.dll
HKLM-Run-144e6ad0 - C:\WINDOWS\system32\infurghe.dll
Notify-hgGvusRl - hgGvusRl.dll
.
------- Supplementary Scan -------
.
O17 -: HKLM\CCS\Interface\{10AFA1CA-9C9B-4D54-9EEE-924FB0A052CC}: NameServer = 205.152.37.23,205.152.144.23
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 18:33:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\SoftwareDistribution\Download\c36c7f4b6082ffbd96a80985adcf3ca0\update\update.exe
.
**************************************************************************
.
Completion time: 2008-07-29 18:35:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-29 22:35:15
Pre-Run: 70,730,047,488 bytes free
Post-Run: 70,674,665,472 bytes free
115 --- E O F --- 2008-06-28 22:55:13