------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
Trusted Zone: trymedia.com
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://72.9.55.135/cab/OCXChecker_8000.cab
DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://p.playfirst.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 17:34:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\iWin Games\iWinTrusted.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AOL 9.5\waol.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\AOL 9.5\shellmon.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-09 17:49:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 21:49:03
Pre-Run: 37,567,725,568 bytes free
Post-Run: 40,415,354,880 bytes free
343 --- E O F --- 2009-03-17 07:03:47
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
Trusted Zone: trymedia.com
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://72.9.55.135/cab/OCXChecker_8000.cab
DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://p.playfirst.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 17:34:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\iWin Games\iWinTrusted.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AOL 9.5\waol.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\AOL 9.5\shellmon.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-09 17:49:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 21:49:03
Pre-Run: 37,567,725,568 bytes free
Post-Run: 40,415,354,880 bytes free
343 --- E O F --- 2009-03-17 07:03:47