Tech Support Forum - View Single Post

**Mack** · 03-29-2008, 02:22 PM

Hi,

I followed the 5 step process and below are the results if you could have a look and advise.

Thanks in advance.

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-29 17:29:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
D:\Program Files\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\wanmpsvc.exe
D:\Program Files\AVG\AVG8\avgam.exe
D:\Program Files\AVG\AVG8\avgrsx.exe
D:\Program Files\AVG\AVG8\avgnsx.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Real\RealPlayer\realplay.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\Common Files\AOL\1201387263\ee\aolsoftware.exe
D:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
D:\Documents and Settings\Michael\Desktop\dss.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Trend Micro\HijackThis\Michael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1201387263\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - D:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Blackjack by pogo () - http://game3.pogo.com/v/8.1.7.44/app...jack-en_US.cab
O16 - DPF: Blooop by pogo () - http://game1.pogo.com/v/8.1.7.44/app...cade-en_US.cab
O16 - DPF: Bowling by pogo () - http://game3.pogo.com/v/8.1.7.44/app...ling-en_US.cab
O16 - DPF: Chess by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...ess2-en_US.cab
O16 - DPF: Dice Derby by pogo () - http://game1.pogo.com/v/8.1.9.1/appl...flag-en_US.cab
O16 - DPF: Greenback Bayou by pogo () - http://game1.pogo.com/v/8.1.7.44/app...back-en_US.cab
O16 - DPF: Lottso by pogo () - http://game1.pogo.com/v/8.1.9.1/appl...ttso-en_US.cab
O16 - DPF: Makeover Madness by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...hoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...llin-en_US.cab
O16 - DPF: Quick Quack by pogo () - http://game1.pogo.com/v/8.1.7.44/app...reak-en_US.cab
O16 - DPF: Squelchies by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...hies-en_US.cab
O16 - DPF: Super Dominoes by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...mino-en_US.cab
O16 - DPF: Tank Hunter by pogo () - http://www.pogo.com/v/8.1.1.1/applet...tank-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo () - http://game1.pogo.com/v/8.1.9.1/appl...ldem-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo () - http://game3.pogo.com/v/8.1.7.44/app...brae-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo () - http://game1.pogo.com/v/8.1.9.7/appl...bo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo () - http://game1.pogo.com/v/8.1.9.1/appl...ries-en_US.cab
O16 - DPF: Word Search Daily by pogo () - http://game3.pogo.com/v/8.1.8.23/app...arch-en_US.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_12) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - D:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe

--
End of file - 11354 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - d:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - d:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R2 ASCTRM - d:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S3 FXDRV - e:\fxdrv.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\3&61AAA01&0&58
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\3&61AAA01&0&58
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-03-25 15:55:30 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-02-29 and 2008-03-29 -----------------------------

2008-03-29 17:25:59 0 d-------- D:\Program Files\Trend Micro
2008-03-29 14:41:17 0 d-------- D:\Documents and Settings\Michael\Application Data\Sun
2008-03-29 10:38:08 0 dr-h----- D:\Documents and Settings\Victoria\Recent
2008-03-29 10:14:13 0 dr-h----- D:\Documents and Settings\Chandler\Recent
2008-03-29 09:45:32 0 d-------- D:\Program Files\SpywareBlaster
2008-03-29 00:39:59 0 d-------- D:\WINDOWS\system32\ActiveScan
2008-03-29 00:26:19 0 dr-h----- D:\Documents and Settings\Michael\Recent
2008-03-28 00:15:06 0 d-------- D:\Documents and Settings\Victoria\Application Data\AVGTOOLBAR
2008-03-27 14:05:34 0 d-------- D:\Documents and Settings\Chandler\Application Data\AVGTOOLBAR
2008-03-27 12:36:59 0 d-------- D:\Documents and Settings\Chandler\Application Data\AVG7
2008-03-27 12:36:59 0 d-------- D:\Documents and Settings\All Users\Application Data\AVG7
2008-03-27 12:35:57 0 d-------- D:\WINDOWS\system32\drivers\Avg
2008-03-27 12:35:57 0 d-------- D:\Documents and Settings\Michael\Application Data\AVGTOOLBAR
2008-03-27 12:35:50 0 d-------- D:\Program Files\AVG
2008-03-27 12:35:50 0 d-------- D:\Documents and Settings\All Users\Application Data\avg8
2008-03-26 19:59:43 0 d-------- D:\Documents and Settings\Michael\Application Data\Microgaming
2008-03-26 19:59:29 0 d-------- D:\Microgaming
2008-03-26 13:11:33 0 d-------- D:\Program Files\Disney
2008-03-25 17:48:22 0 d-------- D:\Program Files\MRU-Blaster
2008-03-23 13:40:24 0 d-------- D:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-21 19:58:27 0 d-------- D:\WINDOWS\pss
2008-03-21 17:52:03 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-21 17:50:35 0 d-------- D:\Program Files\Apple Software Update
2008-03-21 17:50:35 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple
2008-03-21 14:53:40 0 d-------- D:\Documents and Settings\Chandler\Application Data\yoclient
2008-03-21 14:53:35 0 d-------- D:\WINDOWS\Sun
2008-03-21 14:53:35 0 d-------- D:\Documents and Settings\Chandler\Application Data\Sun
2008-03-21 14:53:01 0 d-------- D:\Program Files\Java
2008-03-21 14:52:28 0 d-------- D:\Program Files\Common Files\Java
2008-03-20 21:02:54 0 d-------- D:\Documents and Settings\Victoria\Application Data\ShoppingReport
2008-03-20 07:08:52 774144 --a------ D:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-03-20 07:07:39 0 d-------- D:\Documents and Settings\Chandler\Application Data\ShoppingReport
2008-03-20 06:51:42 0 d-------- D:\Documents and Settings\Chandler\Application Data\You've Got Pictures screensaver
2008-03-19 21:00:44 0 d-------- D:\Documents and Settings\Battle\Application Data\AOL
2008-03-19 21:00:18 0 d-------- D:\Documents and Settings\Battle\Application Data\Identities
2008-03-19 21:00:05 0 d--h----- D:\Documents and Settings\Battle\Templates
2008-03-19 21:00:05 0 dr------- D:\Documents and Settings\Battle\Start Menu
2008-03-19 21:00:05 0 dr-h----- D:\Documents and Settings\Battle\SendTo
2008-03-19 21:00:05 0 dr-h----- D:\Documents and Settings\Battle\Recent
2008-03-19 21:00:05 0 d--h----- D:\Documents and Settings\Battle\PrintHood
2008-03-19 21:00:05 1839104 --a------ D:\Documents and Settings\Battle\NTUSER.DAT
2008-03-19 21:00:05 0 d--h----- D:\Documents and Settings\Battle\NetHood
2008-03-19 21:00:05 0 dr------- D:\Documents and Settings\Battle\My Documents
2008-03-19 21:00:05 0 d--h----- D:\Documents and Settings\Battle\Local Settings
2008-03-19 21:00:05 0 dr------- D:\Documents and Settings\Battle\Favorites
2008-03-19 21:00:05 0 d-------- D:\Documents and Settings\Battle\Desktop
2008-03-19 21:00:05 0 d---s---- D:\Documents and Settings\Battle\Cookies
2008-03-19 21:00:05 0 dr-h----- D:\Documents and Settings\Battle\Application Data
2008-03-19 21:00:05 0 d---s---- D:\Documents and Settings\Battle\Application Data\Microsoft
2008-03-19 10:46:13 0 d-------- D:\Documents and Settings\Victoria\Application Data\PlayFirst
2008-03-19 10:46:13 0 d-------- D:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-16 23:44:43 0 d-------- D:\Program Files\Magentic
2008-03-14 21:57:03 0 d-------- D:\Documents and Settings\All Users\Application Data\IM
2008-03-14 21:56:18 0 d-------- D:\Program Files\IncrediMail
2008-03-14 21:56:18 0 d-------- D:\Documents and Settings\All Users\Application Data\IncrediMail
2008-03-14 17:02:53 691545 --a------ D:\WINDOWS\unins000.exe
2008-03-14 17:02:52 2552 --a------ D:\WINDOWS\unins000.dat
2008-03-13 20:48:36 0 d---s---- D:\Documents and Settings\Victoria\UserData
2008-03-12 16:57:22 0 d-------- D:\Documents and Settings\Michael\Application Data\Yahoo!
2008-03-12 08:02:03 0 d---s---- D:\Documents and Settings\Chandler\UserData
2008-03-12 07:39:42 0 d-------- D:\Documents and Settings\Chandler\Application Data\Yahoo!
2008-03-12 07:12:19 0 d-------- D:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-12 07:08:56 0 d-------- D:\Documents and Settings\Victoria\Application Data\Yahoo!
2008-03-12 07

30 0 d-------- D:\Program Files\Yahoo!
2008-03-11 07:37:51 0 d-------- D:\Documents and Settings\Victoria\Application Data\Google
2008-03-06 07:39:01 0 d-------- D:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-03-06 07:38:56 0 d-------- D:\Documents and Settings\Victoria\Application Data\GameHouse
2008-03-05 22:50:20 0 d-------- D:\Documents and Settings\All Users\Application Data\NETg
2008-03-05 07:04:04 0 --a------ D:\WINDOWS\popcreg.dat
2008-03-05 07:04:04 70 --a------ D:\WINDOWS\popcinfot.dat
2008-03-05 07:04:04 0 d-------- D:\Program Files\PopCap Games
2008-03-04 08:07:35 0 d-------- D:\Documents and Settings\Victoria\Application Data\Turtle Odyssey II
2008-02-29 14:33:02 33 --a------ D:\WINDOWS\popcinfo.dat

-- Find3M Report ---------------------------------------------------------------

2008-03-29 16:15:56 0 d-------- D:\Program Files\SmartFTP Client
2008-03-29 16:14:30 0 d-------- D:\Program Files\QuickTime
2008-03-29 16:12:26 0 d-------- D:\Program Files\Lexmark X1100 Series
2008-03-29 16:11:26 0 d-------- D:\Program Files\GameSpy Arcade
2008-03-29 16

03 0 d-------- D:\Program Files\AOL 9.0
2008-03-29 10:29:17 0 d-------- D:\Program Files\CCleaner
2008-03-27 00:08:10 0 d-------- D:\Documents and Settings\Michael\Application Data\Xfire
2008-03-26 19

51 0 d-------- D:\Program Files\Xfire
2008-03-25 18:41:15 0 d-------- D:\Documents and Settings\Michael\Application Data\AdobeUM
2008-03-22 02:39:02 0 d-------- D:\Program Files\Microsoft Games
2008-03-21 19:57:32 0 d-------- D:\Program Files\Oberon Media
2008-03-21 14:52:28 0 d-------- D:\Program Files\Common Files
2008-03-20 07:08:44 0 d-------- D:\Program Files\Real
2008-03-12 07:01:04 0 d-------- D:\Program Files\Google
2008-02-27 21:13:38 0 d-------- D:\Documents and Settings\Michael\Application Data\Skype
2008-02-27 20:53:06 0 d-------- D:\Documents and Settings\Michael\Application Data\skypePM
2008-02-23 22:37:53 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-02-23 22:13:20 0 d-------- D:\Program Files\Activision
2008-02-22 00:16:27 0 d-------- D:\Program Files\Electronic Arts
2008-02-19 21:12:37 3070 --a------ D:\WINDOWS\system32\ealregsnapshot1.reg
2008-02-13 21:10:03 0 d-------- D:\Program Files\GameSpy
2008-02-13 21:09:46 0 d-------- D:\Program Files\Common Files\InstallShield
2008-02-10 19:03:29 0 d-------- D:\Documents and Settings\Michael\Application Data\Google
2008-01-31 23:00:03 0 d-------- D:\Program Files\Common Files\Adobe
2008-01-31 23:00:03 0 d-------- D:\Documents and Settings\Michael\Application Data\Adobe
2008-01-31 20:53:27 0 d-------- D:\Documents and Settings\Michael\Application Data\Help
2008-01-26 19:40:34 335 --a------ D:\WINDOWS\nsreg.dat
2008-01-26 19:28:18 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2008-01-26 17:33:31 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-01-26 17:22:03 62 --ahs---- D:\Documents and Settings\Michael\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
28/03/2008 14:51 2051328 --a------ D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
26/01/2008 19:25 262144 --a------ D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [28/03/2008 14:51 2051328]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [26/01/2008 19:25 262144]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [30/01/2007 18:54]
"nwiz"="nwiz.exe" [30/01/2007 18:54 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [30/01/2007 18:54]
"SiSUSBRG"="D:\WINDOWS\SiSUSBrg.exe" [12/07/2002 10:15]
"SoundMan"="SOUNDMAN.EXE" [08/01/2004 18:54 D:\WINDOWS\SOUNDMAN.EXE]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]
"AOLDialer"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 15:30]
"RealTray"="D:\Program Files\Real\RealPlayer\RealPlay.exe" [26/01/2008 19:42]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
"HostManager"="D:\Program Files\Common Files\AOL\1201387263\ee\AOLSoftware.exe" [26/09/2006 00:52]
"Lexmark X1100 Series"="D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 14:43]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [02/05/2007 04:15]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [28/03/2008 14:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"EA Core"="D:\Program Files\Electronic Arts\EADM\Core.exe" [04/12/2007 05:57]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - D:\Program Files\AOL 9.0\aoltray.exe [26/01/2008 19:42:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"D:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c806cd29-cc31-11dc-bd5d-806d6172696f}]
AutoRun\command- E:\setup.exe /autorun
directx\command- E:\DirectX\dxsetup.exe
setup\command- E:\setup.exe

*Newly Created Service* - SDTHOOK

-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8035 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-03-29 17:29:51 ------------

Panda Scan Below

Adware:Adware/OneStep Not disinfected D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IDKLYT0J\upgrade[1].cab[upgrade.exe][onestep.exe]
Adware:Adware/OneStep Not disinfected D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IDKLYT0J\upgrade[1].cab[upgrade.exe][osopt.exe]
Adware:Adware/OneStep Not disinfected D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IDKLYT0J\upgrade[1].cab[upgrade.exe][uninstall.exe]
Spyware:Cookie/Com.com Not disinfected D:\Documents and Settings\Michael\Cookies\michael@com[1].txt
Spyware:Cookie/PointRoll Not disinfected D:\Documents and Settings\Shay\Cookies\shay@ads.pointroll[2].txt
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Shay\Cookies\shay@atwola[2].txt
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\Shay\Cookies\shay@serving-sys[1].txt