ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\HP_Owner\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))
2007-05-15 17:20 307,200 --a------ C:\Program Files\Uninstall My Web Search.dll
2007-05-13 11:49 <DIR> d-------- C:\Program Files\Magic Ball 3
2007-05-13 11:46 <DIR> d-------- C:\Program Files\Crazy Tetrix
2007-05-13 11:45 <DIR> d-------- C:\Program Files\FreshGames
2007-05-13 11:45 <DIR> d-------- C:\Program Files\Digby's Donuts
2007-05-13 11:43 <DIR> d-------- C:\Program Files\Boulder Dash
2007-05-13 11:42 <DIR> d-------- C:\Program Files\Bubble Bobble Nostalgie Demo
2007-05-13 11:37 <DIR> d-------- C:\Program Files\bfgclient
2007-05-13 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-05-08 18:59 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-05-08 18:59 <DIR> d-------- C:\Program Files\PuzzleMaker
2007-05-04 17:47 <DIR> d-------- C:\Program Files\Flower Shop Big City Break
2007-05-02 19:22 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-02 19:20 <DIR> d-------- C:\Program Files\World of Warcraft
2007-05-02 13:33 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-05-01 16:57 800,272 --a------ C:\DOCUME~1\HP_Owner\ppctl.dll
2007-05-01 16:44 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-05-01 16:44 <DIR> d-------- C:\Program Files\CA
2007-05-01 16:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-04-26 15:24 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\iWin
2007-04-24 19:50 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\PlayFirst
2007-04-24 19:03 <DIR> d-------- C:\Program Files\Shopmania
2007-04-24 19:02 <DIR> d-------- C:\Program Files\Tasty Planet
2007-04-24 19:01 <DIR> d-------- C:\Program Files\Super Granny 3
2007-04-24 19:01 <DIR> d-------- C:\Program Files\Diner Dash Flo On The Go
2007-04-24 19:00 <DIR> d-------- C:\Program Files\Cake Mania
2007-04-24 18:55 <DIR> d--h----- C:\DOCUME~1\HP_Owner\igLoader Files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-15 21:20:54 -------- d---a-w C:\Program Files\FunWebProducts
2007-05-15 21:20:53 -------- d-----w C:\Program Files\MSN Messenger
2007-05-15 00:45:13 3,645 -c--a-w C:\WINDOWS\viassary-hp.reg
2007-05-13 17:28:44 18,190 ----a-w C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-05-10 00:34:52 -------- d-----w C:\Program Files\AIM
2007-05-10 00:34:30 -------- d-----w C:\Program Files\AOD
2007-05-01 20:54:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-28 19:37:50 -------- d-----w C:\Program Files\LimeWire
2007-04-26 19:05:04 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-04-25 01:06:29 -------- d-----w C:\Program Files\Common Files\Sandlot Shared
2007-04-10 01:26:34 -------- d-----w C:\Program Files\DeductionPro 2006
2007-04-04 23:07:38 -------- d-----w C:\Program Files\EclipseCrossword
2007-04-04 22:46:59 -------- d-----w C:\Program Files\Crossword Weaver
2007-04-03 14:43:31 -------- d-----w C:\Program Files\TaxCut06
2007-04-03 14:42:00 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-04-03 14:42:00 118,784 ----a-w C:\WINDOWS\system32\pdfmona.dll
2007-03-31 22:27:23 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\InterVideo
2007-03-31 02:03:07 -------- d-----w C:\Program Files\Common Files\xing shared
2007-03-31 02:03:00 -------- d-----w C:\Program Files\Common Files\Real
2007-03-29 23:30:32 -------- d-----w C:\Program Files\Google
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-10 17:09:49 -------- d-----w C:\Program Files\ReflexiveArcade
2007-03-10 04:18:41 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Lavasoft
2007-03-10 04:03:17 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-03-10 03:48:02 -------- d-----w C:\Program Files\Comcast Web Controls
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 15:08:36 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\McAfee
2007-02-11 02:10:11 41 ---h--w C:\WINDOWS\dhp_9166.dat
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 11:28]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}=C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 14:41]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-03-29 19:30]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll [2007-03-29 19:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
@=""
"cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"
"QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.1.13.0\\QOELoader.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-05-13 11:21]
"@"="" [])
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-05-02 20:03]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.13.0\QOELoader.exe" [2007-05-13 11:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 19:30]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^anti-virus&trojan advanced.lnk
C:\Program Files\Anti-Virus&Trojan Advanced\Anti-Virus.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^google updater.lnk
C:\PROGRA~1\Google\GOOGLE~4\GOOGLE~1.EXE -systray -startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^hp digital imaging monitor.lnk
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^spysubtract.lnk
C:\PROGRA~1\INTERM~1\SPYSUB~1\sslaunch.exe -autostart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^ulead photo express 4.0 se calendar checker .lnk
C:\PROGRA~1\ULEADS~1\ULEADP~2.0SE\CalCheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^updates from hp.lnk
C:\PROGRA~1\UPDATE~1\309731\Program\UPDATE~1.EXE -startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^hp_owner^start menu^programs^startup^rollercoaster tycoon 3 registration.lnk
C:\Documents and Settings\HP_Owner\Local Settings\Temp\{03EB6236-4298-4497-9DBE-604880E9F3E0}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM="RollerCoaster Tycoon 3"/PRMP="RCT3"/SKUN="PCXX"/GTYP="STRY"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agrsmmsg
AGRSMMSG.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim
C:\Program Files\AIM\aim.exe -cnetwait.odl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim6
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr
ALCMTR.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
"C:\Program Files\Ares\Ares.exe" -h
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasserv
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\google desktop search
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\high definition audio property page shortcut
HDAudPropShortcut.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager
C:\Program Files\Common Files\AOL\1125002082\ee\AOLHostManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds
C:\WINDOWS\system32\hkcmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv
c:\windows\system\hpsysdrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ippdetect
IPP4Detect.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
C:\Program Files\iTunes\iTunesHelper.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbd
C:\HP\KBD\KBD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsbwatcher
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagentexe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcupdateexe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpfexe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpsexe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mywebsearch email plugin
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oasclnt
C:\Program Files\McAfee.com\VSO\oasclnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ps2
C:\WINDOWS\system32\ps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdtray
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smart start up
C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundman
SOUNDMAN.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ulead autodetector
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\virusscan online
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vsochecktask
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wt gamechannel
C:\Program Files\WildTangent\Apps\GameChannel.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yahoo! pager
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
DcomLaunch DcomLaunchTermService\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\
WudfServiceGroup WUDFSvc\
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
Shell\AutoRun\command D:\setup.exe
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 19:36:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-15 19:37:02
C:\ComboFix-quarantined-files.txt ... 2007-05-15 19:37