Thread: Invisible Pop-ups
View Single Post
Old 06-26-2009, 10:24 AM   #5 (permalink)
artemisaangel
Registered User
 
Join Date: Sep 2007
Posts: 22
OS: Windows Vista SP1


Re: Invisible Pop-ups
Here is the new combofix log:

ComboFix 09-06-25.07 - artemis 06/26/2009 9:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.553 [GMT -7:00]
Running from: c:\documents and settings\artemis\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-26 16:06 . 2009-06-26 16:06 -------- d-----w- c:\documents and settings\artemis\Local Settings\Application Data\Mozilla
2009-06-26 16:06 . 2009-06-26 16:06 -------- d-----w- c:\documents and settings\artemis\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2009-06-26 16:04 . 2008-06-10 10:01 -------- d-----w- c:\documents and settings\artemis\Local Settings\Application Data\Microsoft Help
2009-06-26 16:04 . 2009-06-26 16:04 -------- d-----w- c:\documents and settings\artemis
2009-06-26 04:54 . 2009-06-26 04:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-25 17:24 . 2009-06-25 17:24 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-25 05:22 . 2009-06-25 05:22 -------- d-sh--w- c:\documents and settings\d(o^.^o)b\PrivacIE
2009-06-24 17:09 . 2009-06-24 17:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-24 10:49 . 2009-06-24 10:49 -------- d-sh--w- c:\documents and settings\d(o^.^o)b\IETldCache
2009-06-24 09:07 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-24 09:06 . 2009-06-24 09:07 -------- d-----w- c:\windows\ie8updates
2009-06-24 09:04 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-24 09:04 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-24 09:01 . 2009-06-24 09:04 -------- dc-h--w- c:\windows\ie8
2009-06-14 07:32 . 2009-06-14 07:32 -------- d-----w- c:\program files\ReflexiveArcade
2009-06-13 21:01 . 2009-06-14 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-13 21:00 . 2009-06-13 21:00 -------- d-----w- C:\games
2009-06-13 08:37 . 2009-06-13 08:37 -------- d-----w- c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\SupportSoft
2009-06-13 08:37 . 2009-06-13 08:50 -------- d-----w- c:\windows\DSL
2009-06-13 08:37 . 2009-06-13 08:37 -------- d-----w- c:\program files\Verizon
2009-06-13 08:37 . 2009-06-13 08:37 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-06-11 18:14 . 2009-06-11 18:14 -------- d-----w- c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\GestaltGames
2009-06-04 10:37 . 2008-12-04 08:25 120832 ----a-w- c:\documents and settings\d(o^.^o)b\Application Data\Mozilla\Firefox\Profiles\mvs0ju72.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-04 07:00 . 2009-06-04 07:00 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 08:02 . 2009-06-03 08:02 1626112 ----a-r- c:\windows\system32\clubbox.exe
2009-06-02 15:24 . 2009-06-02 15:24 167936 ----a-r- c:\windows\system32\fscagent.exe
2009-06-02 00:26 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-02 00:26 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-06-02 00:26 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-06-02 00:26 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\irmon.dll
2009-06-02 00:26 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-06-02 00:26 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\irftp.exe
2009-06-01 14:47 . 2009-06-14 22:46 -------- d-----w- c:\program files\Mahjong Towers Eternity
2009-06-01 14:44 . 2009-06-01 14:45 -------- d-----w- c:\program files\Mystery Case Files - Huntsville
2009-06-01 14:43 . 2009-06-01 14:43 -------- d-----w- c:\program files\bfgclient
2009-06-01 14:43 . 2009-06-14 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-31 03:05 . 2009-05-31 03:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-31 03:05 . 2009-05-31 03:06 -------- d-----w- c:\program files\DivX
2009-05-29 04:54 . 2009-05-29 04:54 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-29 04:54 . 2009-05-29 04:54 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-29 04:54 . 2009-05-29 04:54 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-29 04:54 . 2009-05-29 04:54 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-28 04:31 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-28 04:31 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 06:23 . 2008-05-13 21:11 80 ----a-w- c:\windows\system32\fscagent.ini.tmp
2009-06-25 21:43 . 2008-05-29 05:50 -------- d-----w- c:\program files\NJStar Chinese WP
2009-06-25 20:02 . 2008-05-11 21:50 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\uTorrent
2009-06-25 16:05 . 2008-09-25 23:27 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\HPAppData
2009-06-25 07:06 . 2008-05-11 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 05:24 . 2008-11-07 07:37 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Songbird2
2009-06-24 10:24 . 2009-02-09 21:41 762 ----a-w- c:\windows\system32\fscflist.ini.tmp
2009-06-23 04:41 . 2008-05-10 22:28 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Apple Computer
2009-06-21 01:35 . 2009-05-03 09:39 -------- d-----w- c:\program files\Mnet P3Modules
2009-06-20 08:18 . 2009-04-27 04:40 -------- d-----w- c:\program files\FormatFactory
2009-06-17 22:18 . 2008-06-18 12:01 -------- d-----w- c:\program files\KBS Kong v3
2009-06-16 20:48 . 2008-05-18 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-14 23:14 . 2009-03-23 05:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-14 07:34 . 2009-01-25 00:22 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\PlayFirst
2009-06-14 07:33 . 2009-01-25 00:22 -------- d-----w- c:\program files\GameHouse
2009-06-06 10:18 . 2009-04-28 23:20 -------- d-----w- c:\program files\Avast
2009-06-04 07:08 . 2008-05-10 10:42 -------- d-----w- c:\program files\iTunes
2009-06-04 07:07 . 2008-05-10 10:42 -------- d-----w- c:\program files\iPod
2009-06-04 07:07 . 2008-05-10 10:41 -------- d-----w- c:\program files\Common Files\Apple
2009-06-04 07:05 . 2008-05-10 10:42 -------- d-----w- c:\program files\QuickTime
2009-06-01 09:29 . 2009-04-04 05:17 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-29 20:36 . 2009-03-13 06:24 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 20:36 . 2009-03-13 06:24 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 04:54 . 2009-01-23 07:37 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 08:38 . 2008-05-11 22:33 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-05-22 05:51 . 2009-05-22 05:37 -------- d-----w- c:\program files\AnswersThatWork
2009-05-22 05:50 . 2009-05-02 07:47 -------- d-----w- c:\program files\Anki
2009-05-20 00:35 . 2008-10-08 01:28 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\Skype
2009-05-20 00:07 . 2008-10-08 01:29 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\skypePM
2009-05-13 05:15 . 2008-05-10 09:01 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 06:59 . 2008-10-05 20:30 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\gtk-2.0
2009-05-10 05:34 . 2009-05-02 07:49 -------- d-----w- c:\documents and settings\d(o^.^o)b\Application Data\.anki
2009-05-07 15:32 . 2008-05-10 09:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 14:36 . 2009-05-07 14:36 155648 ----a-r- c:\windows\system32\downengine.dll
2009-04-24 04:54 . 2009-04-24 04:54 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 04:54 . 2009-01-23 05:54 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-20 17:07 . 2009-04-20 17:07 103736 ----a-w- c:\windows\system32\QckHelper.dll
2009-04-19 00:19 . 2009-06-26 16:05 38208 ----a-w- c:\documents and settings\artemis\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-19 00:19 . 2009-05-03 02:27 38208 ----a-w- c:\documents and settings\d(o^.^o)b\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-17 12:26 . 2008-05-10 09:01 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-05-10 09:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 00:02 . 2009-04-01 00:02 152576 ----a-w- c:\documents and settings\d(o^.^o)b\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_17.23.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 06:22 . 2009-06-26 06:22 16384 c:\windows\Temp\Perflib_Perfdata_a4.dat
+ 2009-06-26 06:22 . 2009-06-26 06:22 16384 c:\windows\Temp\Perflib_Perfdata_748.dat
+ 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\msyuv.dll
- 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\msyuv.dll
- 2004-08-04 00:56 . 2008-04-14 00:11 47616 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 00:56 . 2008-04-14 00:11 47616 c:\windows\system32\iyuv_32.dll
+ 2008-05-10 20:31 . 2008-04-14 00:12 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 00:56 . 2008-04-14 00:11 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-06-25 17:24 . 2008-10-16 22:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 17:24 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 17:24 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 17:24 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2004-08-04 00:56 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv
- 2004-08-04 00:56 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv
+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-06-25 17:24 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 17:24 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 17:24 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 17:24 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 17:24 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 17:24 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 17:24 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 17:24 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-25 17:24 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 17:24 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 17:24 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 17:24 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ClubBox"="c:\windows\system32\clubbox.exe" [2009-06-03 1626112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\d(o^.^o)b\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
twhirl.lnk - c:\program files\twhirl\twhirl.exe [2009-4-18 95744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\FSCAgent.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\WINDOWS\\system32\\grdmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\NJStar Chinese WP\\MINISMTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Applications\\eMule0.49b\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Documents and Settings\\d(o^.^o)b\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\d(o^.^o)b\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\d(o^.^o)b\\Desktop\\adagio.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\system32\\P3MelonSvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/22/2009 10:54 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/15/2008 3:49 AM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/28/2009 4:21 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/28/2009 4:21 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1003344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [5/10/2008 1:59 PM 808448]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [6/7/2006 10:10 AM 30080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 04:55]

2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1500820517-725345543-1005.job
- c:\documents and settings\d(o^.^o)b\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 22:34]

2009-06-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 05:18]
.
.
------- Supplementary Scan -------
.
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {61A54BB0-F380-446F-8727-9AEA23711471} - hxxp://p.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090318.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
FF - ProfilePath - c:\documents and settings\artemis\Application Data\Mozilla\Firefox\Profiles\3w8ckuqp.default\
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 09:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3700)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-26 9:16
ComboFix-quarantined-files.txt 2009-06-26 16:16
ComboFix2.txt 2009-06-25 17:25

Pre-Run: 9,944,309,760 bytes free
Post-Run: 9,938,817,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

282 --- E O F --- 2009-06-24 09:07
artemisaangel is offline