Good day Andrewuk.
I have removed all three sites from my trusted zone. Below are the log files for the requested scans.
Thanks for all you do! =)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:02 AM, on 5/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner.Lorrie-Office\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebo...toUploader5.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/b...lineScanner.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://frontier.web...ort/ieatgpc.cabO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11402 bytes
ComboFix 09-05-02.4 - Owner 05/03/2009 3:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1531 [GMT -4:00]
Running from: c:\documents and settings\Owner.Lorrie-Office\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.Lorrie-Office\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.
2009-05-01 02:05 . 2009-05-01 02:05 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-30 17:16 . 2009-04-30 19:25 -------- d-----w C:\Rooter$
2009-04-30 15:24 . 2009-04-30 15:24 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-30 15:24 . 2009-04-30 15:24 -------- d-----w c:\program files\Common Files\Adobe
2009-04-30 15:20 . 2009-04-30 16:08 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-30 15:20 . 2009-04-30 16:08 -------- d-----w c:\program files\NOS
2009-04-30 03:38 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-30 03:38 . 2009-04-30 03:38 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-30 03:38 . 2009-04-30 03:38 -------- d-----w c:\program files\Avira
2009-04-29 16:33 . 2009-04-29 16:33 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-24 12:23 . 2009-04-24 12:23 -------- d-----w c:\windows\system32\scripting
2009-04-24 12:23 . 2009-04-24 12:23 -------- d-----w c:\windows\l2schemas
2009-04-24 12:21 . 2009-04-24 12:23 -------- d-----w c:\windows\ServicePackFiles
2009-04-23 18:00 . 2009-04-25 13:53 -------- d-----w c:\program files\ieSpell
2009-04-15 09:20 . 2009-03-06 14:00 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 09:20 . 2005-07-26 04:20 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-15 09:20 . 2009-02-06 09:54 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-15 09:20 . 2009-02-09 10:01 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 09:20 . 2009-02-06 10:22 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 09:20 . 2009-02-09 10:01 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 09:20 . 2009-02-06 09:41 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 09:20 . 2009-02-09 10:01 728576 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 09:20 . 2009-02-09 10:01 617984 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 09:20 . 2009-02-09 10:01 715264 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 09:19 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-08 19:08 . 2009-04-08 19:08 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2009-04-08 19:07 . 2009-04-08 19:07 -------- d-----w c:\documents and settings\Owner.Lorrie-Office\Local Settings\Application Data\AOL
2009-04-08 17:59 . 2009-04-20 23:35 -------- d-----w c:\documents and settings\Owner.Lorrie-Office\Application Data\CoreFTP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 07:17 . 2006-06-17 09:45 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 18:54 . 2008-06-03 06:25 450 ----a-w c:\windows\Tasks\EasyShare Registration RunOnce Task.job
2009-05-02 01:08 . 2007-01-11 17:31 -------- d-----w c:\program files\Google
2009-04-30 18:08 . 2007-11-06 06:27 -------- d-----w c:\program files\Paint Shop Pro 6
2009-04-30 03:33 . 2008-03-20 10:58 -------- d-----w c:\program files\Citrix
2009-04-30 03:32 . 2007-01-11 17:36 -------- d-----w c:\program files\Gateway Games
2009-04-30 03:30 . 2007-01-11 17:38 -------- d-----w c:\program files\Napster
2009-04-19 02:32 . 2007-11-08 06:01 49 ----a-w c:\windows\wpd99.drv
2009-03-31 18:17 . 2007-11-04 01:41 -------- d-----w c:\program files\AIM6
2009-03-31 18:12 . 2009-03-31 18:12 -------- d-----w c:\program files\Common Files\Software Update Utility
2009-03-31 18:12 . 2009-03-31 18:12 -------- d-----w c:\program files\AIM Toolbar
2009-03-25 01:47 . 2009-03-25 01:45 -------- d-----w c:\program files\Yahoo!
2009-03-21 01:22 . 2009-03-21 01:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-21 01:22 . 2007-01-11 17:35 -------- d-----w c:\program files\Java
2009-03-15 12:31 . 2006-06-19 04:25 63280 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-14 03:02 . 2007-11-06 06:27 -------- d-----w c:\program files\WS_FTP
2009-03-06 14:00 . 2006-06-17 09:23 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 14:00 . 2006-06-17 09:23 284160 ----a-w c:\windows\system32\pdh(2).dll
2009-03-03 00:18 . 2006-06-17 09:23 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-06-17 09:23 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2006-06-17 09:23 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2006-06-17 09:23 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2006-06-17 09:23 401408 ----a-w c:\windows\system32\rpcss(2).dll
2009-02-09 10:01 . 2006-06-17 09:23 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2006-06-17 09:23 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2006-06-17 09:23 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2006-06-17 09:23 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2006-06-17 09:23 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2006-06-17 09:23 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 05:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2006-06-17 09:23 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-03 20:08 . 2006-06-17 09:23 55808 ----a-w c:\windows\system32\secur32(2).dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-02_05.29.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-02 18:54 . 2009-05-02 18:54 16384 c:\windows\Temp\Perflib_Perfdata_8d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2009-04-30 17:14 259696 ----a-w c:\program files\Google\Google Toolbar\GoogleToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2009-05-02 01:09 668656 ----a-w c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
2008-10-07 19:09 1275176 ----a-w c:\program files\AIM Toolbar\aimtb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
2009-04-30 17:14 470512 ----a-w c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-03-21 01:22 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-03-21 01:22 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 10:47 160496 ----a-w c:\progra~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn\yt.dll" [2008-07-28 882416]
[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2009-02-20 6066176]
[HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conime"="c:\windows\system32\conime.exe" [2004-08-10 27648]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-08 9129984]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-03-16 487424]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-27 303104]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-02-20 233472]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"ELService"=2 (0x2)
"CarboniteService"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AlertService"=2 (0x2)
"Access Remote PC Service 5.1"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168537112\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [2009-01-19 279960]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\center\KodakSvc.exe [2009-01-19 38296]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: http\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: ipp\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://frontier.webex.com/client/T26L/support/ieatgpc.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-03 03:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1668)
c:\windows\system32\msi.dll
.
Completion time: 2009-05-03 3:21
ComboFix-quarantined-files.txt 2009-05-03 07:21
ComboFix2.txt 2009-05-02 05:32
Pre-Run: 195,167,875,072 bytes free
Post-Run: 196,472,475,648 bytes free
233 --- E O F --- 2009-04-26 11:52
VirSCAN.org Scanned Report :
Scanned time : 2009/01/12 09:58:43 (EST)
Scanner results: All Scanners reported not find malware!
File Name : conime.exe
File Size : 27648 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 054df8f752497c6b74dd7b65cca61132
SHA1 : f4dfd45a4e08f385277a1fde27878fa11eb6cc46
Online report :
http://virscan.org/r...3ccd119f20.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.29 20090111183159 2009-01-11 5.93 -
AhnLab V3 2009.01.13.00 2009.01.13 2009-01-13 2.46 -
AntiVir 7.9.0.54 7.1.1.101 2009-01-12 1.81 -
Antiy 2.0.18 20090105.1950502 2009-01-05 0.02 -
Authentium 5.1.1 200901101808 2009-01-10 1.13 -
AVAST! 3.0.1 090111-1 2009-01-11 0.01 -
AVG 7.5.52.442 270.10.6/1888 2009-01-12 1.87 -
BitDefender 7.81008.2441579 7.23114 2009-01-12 2.25 -
CA (VET) 9.0.0.143 31.6.6304 2009-01-12 6.09 -
ClamAV 0.94.2 8854 2009-01-12 0.01 -
Comodo 3.0 919 2009-01-12 2.48 -
CP Secure 1.1.0.715 2009.01.11 2009-01-11 6.48 -
Dr.Web 4.44.0.9170 2009.01.12 2009-01-12 3.82 -
ewido 4.0.0.2 2008.12.31 2008-12-31 4.76 -
F-Prot 4.4.4.56 20090112 2009-01-12 1.37 -
F-Secure 5.51.6100 2009.01.12.07 2009-01-12 0.09 -
Fortinet 2.81-3.117 9.918 2009-01-11 0.20 -
GData 19.2395/19.181 20090112 2009-01-12 6.97 -
ViRobot 20090112 2009.01.12 2009-01-12 0.83 -
Ikarus T3.1.01.45 2009.01.12.72139 2009-01-12 4.09 -
JiangMin 11.0.706 2009.01.12 2009-01-12 5.36 -
Kaspersky 5.5.10 2009.01.12 2009-01-12 0.06 -
KingSoft 2008.9.8.18 2009.1.12.20 2009-01-12 2.01 -
McAfee 5.3.00 5492 2009-01-11 3.00 -
Microsoft 1.4205 2009.01.12 2009-01-12 4.64 -
mks_vir 2.01 2009.01.10 2009-01-10 2.67 -
Norman 5.93.01 5.93.00 2009-01-05 6.09 -
Panda 9.05.01 2009.01.11 2009-01-11 9.46 -
Trend Micro 8.700-1004 5.764.03 2009-01-11 0.03 -
Quick Heal 10.00 2008.11.17 2008-11-17 1.11 -
Rising 20.0 21.12.02.00 2009-01-12 2.34 -
Sophos 2.82.1 4.37 2009-01-12 2.16 -
Sunbelt 4756 4756 2009-01-08 0.46 -
Symantec 1.3.0.24 20090111.004 2009-01-11 0.15 -
nProtect 20090112.01 2878121 2009-01-12 5.34 -
The Hacker 6.3.1.2 v00218 2009-01-11 0.99 -
VBA32 3.12.8.10 20090110.1127 2009-01-10 1.52 -
VirusBuster 4.5.11.10 10.100.22/762469 2009-01-11 0.97 -
VirSCAN.org Scanned Report :
Scanned time : 2009/05/03 03:24:30 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : Easy-Link internet launch pad.exe
File Size : 487424 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 2e4cc256808635e58cb41fcdd834612e
SHA1 : dde441d1580446c19bf2f8cf72e9ffd4506d069b
Online report :
http://virscan.org/r...7e466624e0.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090503080126 2009-05-03 7.94 -
AhnLab V3 2009.05.01.01 2009.05.01 2009-05-01 7.89 -
AntiVir 7.9.0.160 7.1.3.141 2009-05-02 2.05 -
Antiy 2.0.18 20090503.2333071 2009-05-03 0.12 -
Arcavir 2009 200905021130 2009-05-02 0.09 -
Authentium 5.1.1 200905021543 2009-05-02 2.95 -
AVAST! 3.0.1 090502-0 2009-05-02 0.03 -
AVG 7.5.52.442 270.12.11/2089 2009-04-30 2.06 -
BitDefender 7.81008.2901611 7.25164 2009-05-03 2.72 -
CA (VET) 9.0.0.143 31.6.6486 2009-05-02 40.13 -
ClamAV 0.95 9319 2009-05-03 0.09 -
Comodo 3.8 1147 2009-05-02 3.25 -
CP Secure 1.1.0.715 2009.05.03 2009-05-03 8.87 -
Dr.Web 4.44.0.9170 2009.05.03 2009-05-03 4.77 -
F-Prot 4.4.4.56 20090502 2009-05-02 3.12 -
F-Secure 5.51.6100 2009.05.02.01 2009-05-02 0.12 -
Fortinet 2.81-3.117 10.345 2009-05-02 0.63 -
GData 19.4987/19.317 20090503 2009-05-03 3.78 -
ViRobot 20090501 2009.05.01 2009-05-01 2.13 -
Ikarus T3.1.01.49 2009.05.02.72662 2009-05-02 3.02 -
JiangMin 11.0.706 2009.05.03 2009-05-03 10.62 -
Kaspersky 5.5.10 2009.05.03 2009-05-03 0.11 -
KingSoft 2009.2.5.15 2009.5.2.21 2009-05-02 4.10 -
McAfee 5.3.00 5603 2009-05-02 3.24 -
Microsoft 1.4602 2009.05.02 2009-05-02 15.45 -
mks_vir 2.01 2009.05.02 2009-05-02 2.79 -
Norman 6.00.06 6.00.00 2009-04-28 10.01 -
Panda 9.05.01 2009.05.02 2009-05-02 13.36 -
Trend Micro 8.700-1004 6.104.35 2009-05-02 0.03 -
Quick Heal 10.00 2009.05.02 2009-05-02 11.25 -
Rising 20.0 21.27.41.00 2009-05-01 13.72 -
Sophos 2.86.0 4.41 2009-05-03 2.85 -
Sunbelt 5118 5118 2009-05-02 10.29 -
Symantec 1.3.0.24 20090502.002 2009-05-02 2.48 -
nProtect 20090501.01 3562396 2009-05-01 38.63 -
The Hacker 6.3.4.1 v00317 2009-05-01 4.58 -
VBA32 3.12.10.4 20090502.1751 2009-05-02 2.19 -
VirusBuster 4.5.11.10 10.105.13/1315160 2009-05-02 1.84 -