Popups everywhere

[michaelm]

ComboFix 08-05-01.3 - HP_Owner 2008-05-04 18:16:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.536 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-04-26 23:00 . 2008-05-04 15:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 23:00 . 2008-04-26 23:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 22:59 . 2008-04-26 23:00 <DIR> d-------- C:\Program Files\iTunes
2008-04-26 22:58 . 2008-04-26 22:58 <DIR> d-------- C:\Program Files\QuickTime
2008-04-26 00:04 . 2008-04-26 00:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-26 00:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 21:33 . 2008-04-26 16:45 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-25 21:27 . 2008-05-04 15:06 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Program Files\AVG
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-25 21:27 . 2008-04-25 21:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-25 21:27 . 2008-04-25 21:27 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-25 21:27 . 2008-04-25 21:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-25 21:18 . 2008-04-25 21:18 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-25 17:36 . 2008-04-25 23:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-24 22:54 . 2008-04-24 22:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 22:54 . 2008-04-24 22:54 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-04-24 22:54 . 2008-04-24 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 22:36 . 2008-04-26 17:57 <DIR> d-------- C:\New Folder
2008-04-24 08:00 . 2008-04-24 08:00 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-15 23:02 . 2008-03-01 06:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-15 23:02 . 2008-03-01 06:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-15 23:02 . 2008-03-01 06:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-15 23:02 . 2008-03-01 06:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-15 23:02 . 2008-03-01 06:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-15 23:02 . 2008-03-01 06:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-15 23:02 . 2008-02-22 03:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-15 22:00 . 2008-04-16 17:19 959 --a------ C:\WINDOWS\wininit.ini
2008-04-15 21:39 . 2008-04-15 21:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-15 21:39 . 2008-04-15 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-15 19:19 . 2008-04-15 19:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-15 19:19 . 2008-04-15 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-15 19:17 . 2008-04-15 21:43 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\U3
2008-04-08 20:05 . 2008-04-10 19:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-04-08 06:43 . 2008-04-08 06:43 <DIR> d-------- C:\WINDOWS\kdefense
2008-04-08 06:43 . 2008-04-08 06:43 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2008-04-08 06:43 . 2008-04-08 06:52 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2008-04-08 06:43 . 2008-04-08 06:52 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-04-08 06:43 . 2008-04-08 06:52 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2008-04-08 06:43 . 2008-04-08 06:52 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2008-04-08 06:40 . 2008-04-08 06:40 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-04-08 06:39 . 2007-12-16 03:49 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-08 06:39 . 2007-12-16 03:49 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-08 06:39 . 2007-12-16 03:49 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-08 06:37 . 2008-04-08 06:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-08 06:36 . 2008-04-24 08:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 22:21 . 2008-04-07 22:21 3,425 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-04-06 21:13 . 2008-04-06 21:13 <DIR> d-------- C:\WINDOWS\fiqw
2008-04-06 21:13 . 2008-04-07 21:35 <DIR> d-------- C:\Program Files\Common Files\fiqw
2008-04-06 11:52 . 2008-04-06 11:53 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\ScamBlocker
2008-04-06 11:52 . 2008-04-06 11:52 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\EarthLink
2008-04-06 11:48 . 2008-04-24 23:31 <DIR> d-------- C:\WINDOWS\system32\bharebio01
2008-04-06 11:48 . 2008-04-06 11:48 <DIR> d-------- C:\Temp\wdlw14
2008-04-06 11:48 . 2008-04-26 17:34 <DIR> d-------- C:\Temp
2008-04-06 11:48 . 2008-04-24 22:31 937 --a------ C:\WINDOWS\system32\winpfz33.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-04 23:13 15,104 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-05-01 01:46 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Canon
2008-04-28 03:35 3,645 ----a-w C:\WINDOWS\viassary-hp.reg
2008-04-27 05:59 --------- d-----w C:\Program Files\iPod
2008-04-27 05:52 --------- d-----w C:\Program Files\Apple Software Update
2008-04-26 07:04 --------- d-----w C:\Program Files\Java
2008-04-16 02:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 01:11 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-11 16:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 16:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 20:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 15:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-12-25 19:35 22,328 ----a-w C:\Documents and Settings\HP_Owner\Application Data\PnkBstrK.sys
2005-04-30 04:07 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-26_17.41.03.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 00:37:52 2,048 --sha-w C:\WINDOWS\bootstat.dat
+ 2008-05-04 22:04:18 2,048 --sha-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 05:52:56 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-04-27 06:00:19 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2006-09-19 22:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 19:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2006-10-04 03:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-01-29 19:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 13:57 94208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 16:24 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 22:51 118784]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-21 18:39 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"VTTimer"="VTTimer.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 20:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 00:40 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 01:34 2551808 C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 21:54 253952]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-05-24 05:46 188416]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 19:48 45056]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-04-17 13:41 196608]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55 155648]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-01-28 16:00 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"Earthlink Protection Control Center"="C:\Program Files\EarthLink TotalAccess\\ProtectionControlCenter\elnk_pcc.exe" [2005-12-08 13:35 2899968]
"ELNKProxy"="C:\WINDOWS\surfmonkey\smproxy.exe " [ ]
"FlyMonitor"="C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2007-11-15 15:32 669000]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-25 21:27 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38 241664]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 19:25:38 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYMonitor.exe"=
"C:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 GRFILTER;CS NDIS Driver;C:\WINDOWS\system32\drivers\GRFILTER.sys [2005-07-11 10:36]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-25 21:27]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-25 21:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-25 21:27]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-25 21:27]
R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe" [2005-01-26 12:47]
R2 GRTdiMon;GR TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys [2005-07-11 10:38]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys [2005-08-15 17:00]
S3 ATICDSDr;ATICDSDr;C:\DOCUME~1\HP_Owner\LOCALS~1\Te mp\ATICDSDr.sys []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2N DIS5.sys [2004-11-01 15:16]
S3 FlyUsb;FLY Fusion;C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2007-09-05 16:26]
S3 SNDO763;ViviCam 3350B;C:\WINDOWS\system32\DRIVERS\sndo763.sys [2004-05-12 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{438f4458-0b5b-11dd-babf-0011d8129839}]
\Shell\AutoRun\command - K:\LaunchU3.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 05:52:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 18:19:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-04 18:20:00
ComboFix-quarantined-files.txt 2008-05-05 01:19:54
ComboFix2.txt 2008-04-27 00:41:20

Pre-Run: 143,253,815,296 bytes free
Post-Run: 143,424,004,096 bytes free

221 --- E O F --- 2008-04-17 10:00:44