ComboFix 08-07-15.4 - Jean 2008-07-18 13:56:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.183 [GMT 10:00]
Running from: C:\Documents and Settings\Jean\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.
2008-07-18 12:55 . 2008-07-18 12:55
d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 07:47 . 2008-07-18 12:55 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-18 07:47 . 2008-07-18 07:47 d-------- C:\Program Files\Common Files\Download Manager
2008-07-18 07:47 . 2008-07-18 07:47 d-------- C:\Documents and Settings\Jean\Application Data\Malwarebytes
2008-07-18 07:47 . 2008-07-18 07:47 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-18 07:17 . 2008-07-18 12:55 d---s---- C:\Documents and Settings\Administrator
2008-07-18 06:15 . 2008-07-18 06:15 d-------- C:\Program Files\Trend Micro
2008-07-18 05:06 . 2008-07-18 05:06 d-------- C:\Program Files\Panda Security
2008-07-17 23:05 . 2008-07-18 12:55 d-------- C:\Documents and Settings\Jean\.housecall6.6
2008-07-03 15:19 . 2008-07-03 15:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-18 00:42 --------- d-----w C:\Documents and Settings\Jean\Application Data\AVGTOOLBAR
2008-07-17 22:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-17 19:28 --------- d-----w C:\Program Files\Lavasoft
2008-07-17 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 05:19 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 05:19 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-20 10:09 --------- d-----w C:\Program Files\AVG
2008-05-20 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-19 02:16 --------- d-----w C:\Program Files\Java
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-20 03:28 67128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Prolific_PLUtil"="C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe" [2004-02-18 17:26 90112]
"PLFFAP"="C:\WINDOWS\system32\HotfixQ0306270.exe" [2003-08-05 09:43 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-24 16:50 282624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 15:19 1232152]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 16:34 57344 C:\WINDOWS\soundman.exe]
"S3TRAY2"="S3tray2.exe" [2003-02-25 04:33 69632 C:\WINDOWS\system32\S3tray2.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 28160 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-21 18:04:28 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-20 03:28:51 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-12-25 20:06:30 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 18:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 15:19]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-03 15:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 15:19]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 15:19]
S3 PLFF;USB Flash Disk Driver;C:\WINDOWS\system32\Drivers\PLFF.sys [2003-10-06 10:29]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 13:59:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-18 14:01:16
ComboFix-quarantined-files.txt 2008-07-18 04:01:03
Pre-Run: 28,555,165,696 bytes free
Post-Run: 28,762,644,480 bytes free
94 --- E O F --- 2008-07-09 11:02:30