Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please Check My Log-combo Fix


  • This topic is locked This topic is locked
No replies to this topic

#1 fancy

fancy

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 15 May 2007 - 06:16 PM

"HP_Owner" - 2007-05-15 19:32:16 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\HP_Owner\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))


2007-05-15 17:20 307,200 --a------ C:\Program Files\Uninstall My Web Search.dll
2007-05-13 11:49 <DIR> d-------- C:\Program Files\Magic Ball 3
2007-05-13 11:46 <DIR> d-------- C:\Program Files\Crazy Tetrix
2007-05-13 11:45 <DIR> d-------- C:\Program Files\FreshGames
2007-05-13 11:45 <DIR> d-------- C:\Program Files\Digby's Donuts
2007-05-13 11:43 <DIR> d-------- C:\Program Files\Boulder Dash
2007-05-13 11:42 <DIR> d-------- C:\Program Files\Bubble Bobble Nostalgie Demo
2007-05-13 11:37 <DIR> d-------- C:\Program Files\bfgclient
2007-05-13 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-05-08 18:59 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-05-08 18:59 <DIR> d-------- C:\Program Files\PuzzleMaker
2007-05-04 17:47 <DIR> d-------- C:\Program Files\Flower Shop Big City Break
2007-05-02 19:22 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-02 19:20 <DIR> d-------- C:\Program Files\World of Warcraft
2007-05-02 13:33 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-05-01 16:57 800,272 --a------ C:\DOCUME~1\HP_Owner\ppctl.dll
2007-05-01 16:44 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-05-01 16:44 <DIR> d-------- C:\Program Files\CA
2007-05-01 16:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-04-26 15:24 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\iWin
2007-04-24 19:50 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\PlayFirst
2007-04-24 19:03 <DIR> d-------- C:\Program Files\Shopmania
2007-04-24 19:02 <DIR> d-------- C:\Program Files\Tasty Planet
2007-04-24 19:01 <DIR> d-------- C:\Program Files\Super Granny 3
2007-04-24 19:01 <DIR> d-------- C:\Program Files\Diner Dash Flo On The Go
2007-04-24 19:00 <DIR> d-------- C:\Program Files\Cake Mania
2007-04-24 18:55 <DIR> d--h----- C:\DOCUME~1\HP_Owner\igLoader Files


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-15 21:20:54 -------- d---a-w C:\Program Files\FunWebProducts
2007-05-15 21:20:53 -------- d-----w C:\Program Files\MSN Messenger
2007-05-15 00:45:13 3,645 -c--a-w C:\WINDOWS\viassary-hp.reg
2007-05-13 17:28:44 18,190 ----a-w C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-05-10 00:34:52 -------- d-----w C:\Program Files\AIM
2007-05-10 00:34:30 -------- d-----w C:\Program Files\AOD
2007-05-01 20:54:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-28 19:37:50 -------- d-----w C:\Program Files\LimeWire
2007-04-26 19:05:04 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-04-25 01:06:29 -------- d-----w C:\Program Files\Common Files\Sandlot Shared
2007-04-10 01:26:34 -------- d-----w C:\Program Files\DeductionPro 2006
2007-04-04 23:07:38 -------- d-----w C:\Program Files\EclipseCrossword
2007-04-04 22:46:59 -------- d-----w C:\Program Files\Crossword Weaver
2007-04-03 14:43:31 -------- d-----w C:\Program Files\TaxCut06
2007-04-03 14:42:00 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-04-03 14:42:00 118,784 ----a-w C:\WINDOWS\system32\pdfmona.dll
2007-03-31 22:27:23 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\InterVideo
2007-03-31 02:03:07 -------- d-----w C:\Program Files\Common Files\xing shared
2007-03-31 02:03:00 -------- d-----w C:\Program Files\Common Files\Real
2007-03-29 23:30:32 -------- d-----w C:\Program Files\Google
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-10 17:09:49 -------- d-----w C:\Program Files\ReflexiveArcade
2007-03-10 04:18:41 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Lavasoft
2007-03-10 04:03:17 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-03-10 03:48:02 -------- d-----w C:\Program Files\Comcast Web Controls
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 15:08:36 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\McAfee
2007-02-11 02:10:11 41 ---h--w C:\WINDOWS\dhp_9166.dat
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 11:28]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}=C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 14:41]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-03-29 19:30]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll [2007-03-29 19:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
@=""
"cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"
"QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.1.13.0\\QOELoader.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-05-13 11:21]
"@"="" [])
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-05-02 20:03]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.13.0\QOELoader.exe" [2007-05-13 11:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 19:30]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^anti-virus&trojan advanced.lnk
C:\Program Files\Anti-Virus&Trojan Advanced\Anti-Virus.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^google updater.lnk
C:\PROGRA~1\Google\GOOGLE~4\GOOGLE~1.EXE -systray -startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^hp digital imaging monitor.lnk
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^spysubtract.lnk
C:\PROGRA~1\INTERM~1\SPYSUB~1\sslaunch.exe -autostart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^ulead photo express 4.0 se calendar checker .lnk
C:\PROGRA~1\ULEADS~1\ULEADP~2.0SE\CalCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^updates from hp.lnk
C:\PROGRA~1\UPDATE~1\309731\Program\UPDATE~1.EXE -startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^hp_owner^start menu^programs^startup^rollercoaster tycoon 3 registration.lnk
C:\Documents and Settings\HP_Owner\Local Settings\Temp\{03EB6236-4298-4497-9DBE-604880E9F3E0}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM="RollerCoaster Tycoon 3"/PRMP="RCT3"/SKUN="PCXX"/GTYP="STRY"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agrsmmsg
AGRSMMSG.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim
C:\Program Files\AIM\aim.exe -cnetwait.odl

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim6
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr
ALCMTR.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
"C:\Program Files\Ares\Ares.exe" -h

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasserv
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\google desktop search
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\high definition audio property page shortcut
HDAudPropShortcut.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager
C:\Program Files\Common Files\AOL\1125002082\ee\AOLHostManager.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv
c:\windows\system\hpsysdrv.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ippdetect
IPP4Detect.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
C:\Program Files\iTunes\iTunesHelper.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbd
C:\HP\KBD\KBD.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsbwatcher
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagentexe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcupdateexe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpfexe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpsexe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mywebsearch email plugin
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oasclnt
C:\Program Files\McAfee.com\VSO\oasclnt.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ps2
C:\WINDOWS\system32\ps2.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdtray
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smart start up
C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundman
SOUNDMAN.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ulead autodetector
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\virusscan online
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vsochecktask
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wt gamechannel
C:\Program Files\WildTangent\Apps\GameChannel.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yahoo! pager
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
DcomLaunch DcomLaunchTermService\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\
WudfServiceGroup WUDFSvc\

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
Shell\AutoRun\command D:\setup.exe

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 19:36:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-15 19:37:02
C:\ComboFix-quarantined-files.txt ... 2007-05-15 19:37

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users