Mack

Hi,

I followed the 5 step process and below are the results if you could have a look and advise.

Thanks in advance.


Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-29 17:29:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
D:\Program Files\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\wanmpsvc.exe
D:\Program Files\AVG\AVG8\avgam.exe
D:\Program Files\AVG\AVG8\avgrsx.exe
D:\Program Files\AVG\AVG8\avgnsx.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Real\RealPlayer\realplay.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\Common Files\AOL\1201387263\ee\aolsoftware.exe
D:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
D:\Documents and Settings\Michael\Desktop\dss.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Trend Micro\HijackThis\Michael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1201387263\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - D:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Blackjack by pogo () - http://game3.pogo.com/v/8.1.7.44/app...jack-en_US.cab
O16 - DPF: Blooop by pogo () - http://game1.pogo.com/v/8.1.7.44/app...cade-en_US.cab
O16 - DPF: Bowling by pogo () - http://game3.pogo.com/v/8.1.7.44/app...ling-en_US.cab
O16 - DPF: Chess by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...ess2-en_US.cab
O16 - DPF: Dice Derby by pogo () - http://game1.pogo.com/v/8.1.9.1/appl...flag-en_US.cab
O16 - DPF: Greenback Bayou by pogo () - http://game1.pogo.com/v/8.1.7.44/app...back-en_US.cab
O16 - DPF: Lottso by pogo () - http://game1.pogo.com/v/8.1.9.1/appl...ttso-en_US.cab
O16 - DPF: Makeover Madness by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...hoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...llin-en_US.cab
O16 - DPF: Quick Quack by pogo () - http://game1.pogo.com/v/8.1.7.44/app...reak-en_US.cab
O16 - DPF: Squelchies by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...hies-en_US.cab
O16 - DPF: Super Dominoes by pogo () - http://game3.pogo.com/v/8.1.9.1/appl...mino-en_US.cab
O16 - DPF: Tank Hunter by pogo () - http://www.pogo.com/v/8.1.1.1/applet...tank-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo () - http://game1.pogo.com/v/8.1.9.1/appl...ldem-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo () - http://game3.pogo.com/v/8.1.7.44/app...brae-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo () - http://game1.pogo.com/v/8.1.9.7/appl...bo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo () - http://game1.pogo.com/v/8.1.9.1/appl...ries-en_US.cab
O16 - DPF: Word Search Daily by pogo () - http://game3.pogo.com/v/8.1.8.23/app...arch-en_US.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_12) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - D:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe


--
End of file - 11354 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - d:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - d:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R2 ASCTRM - d:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S3 FXDRV - e:\fxdrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\3&61AAA01&0&58
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\3&61AAA01&0&58
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-03-25 15:55:30 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-29 and 2008-03-29 -----------------------------

2008-03-29 17:25:59 0 d-------- D:\Program Files\Trend Micro
2008-03-29 14:41:17 0 d-------- D:\Documents and Settings\Michael\Application Data\Sun
2008-03-29 10:38:08 0 dr-h----- D:\Documents and Settings\Victoria\Recent
2008-03-29 10:14:13 0 dr-h----- D:\Documents and Settings\Chandler\Recent
2008-03-29 09:45:32 0 d-------- D:\Program Files\SpywareBlaster
2008-03-29 00:39:59 0 d-------- D:\WINDOWS\system32\ActiveScan
2008-03-29 00:26:19 0 dr-h----- D:\Documents and Settings\Michael\Recent
2008-03-28 00:15:06 0 d-------- D:\Documents and Settings\Victoria\Application Data\AVGTOOLBAR
2008-03-27 14:05:34 0 d-------- D:\Documents and Settings\Chandler\Application Data\AVGTOOLBAR
2008-03-27 12:36:59 0 d-------- D:\Documents and Settings\Chandler\Application Data\AVG7
2008-03-27 12:36:59 0 d-------- D:\Documents and Settings\All Users\Application Data\AVG7
2008-03-27 12:35:57 0 d-------- D:\WINDOWS\system32\drivers\Avg
2008-03-27 12:35:57 0 d-------- D:\Documents and Settings\Michael\Application Data\AVGTOOLBAR
2008-03-27 12:35:50 0 d-------- D:\Program Files\AVG
2008-03-27 12:35:50 0 d-------- D:\Documents and Settings\All Users\Application Data\avg8
2008-03-26 19:59:43 0 d-------- D:\Documents and Settings\Michael\Application Data\Microgaming
2008-03-26 19:59:29 0 d-------- D:\Microgaming
2008-03-26 13:11:33 0 d-------- D:\Program Files\Disney
2008-03-25 17:48:22 0 d-------- D:\Program Files\MRU-Blaster
2008-03-23 13:40:24 0 d-------- D:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-21 19:58:27 0 d-------- D:\WINDOWS\pss
2008-03-21 17:52:03 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-21 17:50:35 0 d-------- D:\Program Files\Apple Software Update
2008-03-21 17:50:35 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple
2008-03-21 14:53:40 0 d-------- D:\Documents and Settings\Chandler\Application Data\yoclient
2008-03-21 14:53:35 0 d-------- D:\WINDOWS\Sun
2008-03-21 14:53:35 0 d-------- D:\Documents and Settings\Chandler\Application Data\Sun
2008-03-21 14:53:01 0 d-------- D:\Program Files\Java
2008-03-21 14:52:28 0 d-------- D:\Program Files\Common Files\Java
2008-03-20 21:02:54 0 d-------- D:\Documents and Settings\Victoria\Application Data\ShoppingReport
2008-03-20 07:08:52 774144 --a------ D:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-03-20 07:07:39 0 d-------- D:\Documents and Settings\Chandler\Application Data\ShoppingReport
2008-03-20 06:51:42 0 d-------- D:\Documents and Settings\Chandler\Application Data\You've Got Pictures screensaver
2008-03-19 21:00:44 0 d-------- D:\Documents and Settings\Battle\Application Data\AOL
2008-03-19 21:00:18 0 d-------- D:\Documents and Settings\Battle\Application Data\Identities
2008-03-19 21:00:05 0 d--h----- D:\Documents and Settings\Battle\Templates
2008-03-19 21:00:05 0 dr------- D:\Documents and Settings\Battle\Start Menu
2008-03-19 21:00:05 0 dr-h----- D:\Documents and Settings\Battle\SendTo
2008-03-19 21:00:05 0 dr-h----- D:\Documents and Settings\Battle\Recent
2008-03-19 21:00:05 0 d--h----- D:\Documents and Settings\Battle\PrintHood
2008-03-19 21:00:05 1839104 --a------ D:\Documents and Settings\Battle\NTUSER.DAT
2008-03-19 21:00:05 0 d--h----- D:\Documents and Settings\Battle\NetHood
2008-03-19 21:00:05 0 dr------- D:\Documents and Settings\Battle\My Documents
2008-03-19 21:00:05 0 d--h----- D:\Documents and Settings\Battle\Local Settings
2008-03-19 21:00:05 0 dr------- D:\Documents and Settings\Battle\Favorites
2008-03-19 21:00:05 0 d-------- D:\Documents and Settings\Battle\Desktop
2008-03-19 21:00:05 0 d---s---- D:\Documents and Settings\Battle\Cookies
2008-03-19 21:00:05 0 dr-h----- D:\Documents and Settings\Battle\Application Data
2008-03-19 21:00:05 0 d---s---- D:\Documents and Settings\Battle\Application Data\Microsoft
2008-03-19 10:46:13 0 d-------- D:\Documents and Settings\Victoria\Application Data\PlayFirst
2008-03-19 10:46:13 0 d-------- D:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-16 23:44:43 0 d-------- D:\Program Files\Magentic
2008-03-14 21:57:03 0 d-------- D:\Documents and Settings\All Users\Application Data\IM
2008-03-14 21:56:18 0 d-------- D:\Program Files\IncrediMail
2008-03-14 21:56:18 0 d-------- D:\Documents and Settings\All Users\Application Data\IncrediMail
2008-03-14 17:02:53 691545 --a------ D:\WINDOWS\unins000.exe
2008-03-14 17:02:52 2552 --a------ D:\WINDOWS\unins000.dat
2008-03-13 20:48:36 0 d---s---- D:\Documents and Settings\Victoria\UserData
2008-03-12 16:57:22 0 d-------- D:\Documents and Settings\Michael\Application Data\Yahoo!
2008-03-12 08:02:03 0 d---s---- D:\Documents and Settings\Chandler\UserData
2008-03-12 07:39:42 0 d-------- D:\Documents and Settings\Chandler\Application Data\Yahoo!
2008-03-12 07:12:19 0 d-------- D:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-12 07:08:56 0 d-------- D:\Documents and Settings\Victoria\Application Data\Yahoo!
2008-03-12 0730 0 d-------- D:\Program Files\Yahoo!
2008-03-11 07:37:51 0 d-------- D:\Documents and Settings\Victoria\Application Data\Google
2008-03-06 07:39:01 0 d-------- D:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-03-06 07:38:56 0 d-------- D:\Documents and Settings\Victoria\Application Data\GameHouse
2008-03-05 22:50:20 0 d-------- D:\Documents and Settings\All Users\Application Data\NETg
2008-03-05 07:04:04 0 --a------ D:\WINDOWS\popcreg.dat
2008-03-05 07:04:04 70 --a------ D:\WINDOWS\popcinfot.dat
2008-03-05 07:04:04 0 d-------- D:\Program Files\PopCap Games
2008-03-04 08:07:35 0 d-------- D:\Documents and Settings\Victoria\Application Data\Turtle Odyssey II
2008-02-29 14:33:02 33 --a------ D:\WINDOWS\popcinfo.dat


-- Find3M Report ---------------------------------------------------------------

2008-03-29 16:15:56 0 d-------- D:\Program Files\SmartFTP Client
2008-03-29 16:14:30 0 d-------- D:\Program Files\QuickTime
2008-03-29 16:12:26 0 d-------- D:\Program Files\Lexmark X1100 Series
2008-03-29 16:11:26 0 d-------- D:\Program Files\GameSpy Arcade
2008-03-29 1603 0 d-------- D:\Program Files\AOL 9.0
2008-03-29 10:29:17 0 d-------- D:\Program Files\CCleaner
2008-03-27 00:08:10 0 d-------- D:\Documents and Settings\Michael\Application Data\Xfire
2008-03-26 1951 0 d-------- D:\Program Files\Xfire
2008-03-25 18:41:15 0 d-------- D:\Documents and Settings\Michael\Application Data\AdobeUM
2008-03-22 02:39:02 0 d-------- D:\Program Files\Microsoft Games
2008-03-21 19:57:32 0 d-------- D:\Program Files\Oberon Media
2008-03-21 14:52:28 0 d-------- D:\Program Files\Common Files
2008-03-20 07:08:44 0 d-------- D:\Program Files\Real
2008-03-12 07:01:04 0 d-------- D:\Program Files\Google
2008-02-27 21:13:38 0 d-------- D:\Documents and Settings\Michael\Application Data\Skype
2008-02-27 20:53:06 0 d-------- D:\Documents and Settings\Michael\Application Data\skypePM
2008-02-23 22:37:53 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-02-23 22:13:20 0 d-------- D:\Program Files\Activision
2008-02-22 00:16:27 0 d-------- D:\Program Files\Electronic Arts
2008-02-19 21:12:37 3070 --a------ D:\WINDOWS\system32\ealregsnapshot1.reg
2008-02-13 21:10:03 0 d-------- D:\Program Files\GameSpy
2008-02-13 21:09:46 0 d-------- D:\Program Files\Common Files\InstallShield
2008-02-10 19:03:29 0 d-------- D:\Documents and Settings\Michael\Application Data\Google
2008-01-31 23:00:03 0 d-------- D:\Program Files\Common Files\Adobe
2008-01-31 23:00:03 0 d-------- D:\Documents and Settings\Michael\Application Data\Adobe
2008-01-31 20:53:27 0 d-------- D:\Documents and Settings\Michael\Application Data\Help
2008-01-26 19:40:34 335 --a------ D:\WINDOWS\nsreg.dat
2008-01-26 19:28:18 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2008-01-26 17:33:31 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-01-26 17:22:03 62 --ahs---- D:\Documents and Settings\Michael\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
28/03/2008 14:51 2051328 --a------ D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
26/01/2008 19:25 262144 --a------ D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [28/03/2008 14:51 2051328]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [26/01/2008 19:25 262144]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [30/01/2007 18:54]
"nwiz"="nwiz.exe" [30/01/2007 18:54 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [30/01/2007 18:54]
"SiSUSBRG"="D:\WINDOWS\SiSUSBrg.exe" [12/07/2002 10:15]
"SoundMan"="SOUNDMAN.EXE" [08/01/2004 18:54 D:\WINDOWS\SOUNDMAN.EXE]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]
"AOLDialer"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 15:30]
"RealTray"="D:\Program Files\Real\RealPlayer\RealPlay.exe" [26/01/2008 19:42]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
"HostManager"="D:\Program Files\Common Files\AOL\1201387263\ee\AOLSoftware.exe" [26/09/2006 00:52]
"Lexmark X1100 Series"="D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 14:43]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [02/05/2007 04:15]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [28/03/2008 14:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"EA Core"="D:\Program Files\Electronic Arts\EADM\Core.exe" [04/12/2007 05:57]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - D:\Program Files\AOL 9.0\aoltray.exe [26/01/2008 19:42:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"D:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c806cd29-cc31-11dc-bd5d-806d6172696f}]
AutoRun\command- E:\setup.exe /autorun
directx\command- E:\DirectX\dxsetup.exe
setup\command- E:\setup.exe

*Newly Created Service* - SDTHOOK



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8035 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-29 17:29:51 ------------



Panda Scan Below

Adware:Adware/OneStep Not disinfected D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IDKLYT0J\upgrade[1].cab[upgrade.exe][onestep.exe]
Adware:Adware/OneStep Not disinfected D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IDKLYT0J\upgrade[1].cab[upgrade.exe][osopt.exe]
Adware:Adware/OneStep Not disinfected D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IDKLYT0J\upgrade[1].cab[upgrade.exe][uninstall.exe]
Spyware:Cookie/Com.com Not disinfected D:\Documents and Settings\Michael\Cookies\michael@com[1].txt
Spyware:Cookie/PointRoll Not disinfected D:\Documents and Settings\Shay\Cookies\shay@ads.pointroll[2].txt
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Shay\Cookies\shay@atwola[2].txt
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\Shay\Cookies\shay@serving-sys[1].txt

Attached Files

extra.txt (13.4 KB, 1 views)

Mack

BUMP!

I understand you are buisey helping many. No offence meant by bump.

tetonbob

Hello -

You've not really described an issue. Is there one? I see no evidence of malware in those logs. Malware removal assistance is what this forum is for.

For the items in Panda log:

Clean other Temporary files + Recycle bin

• Go to start > run and type: cleanmgr and click ok.
• Let it scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
• Press OK to remove them.

Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies.

Upgrade to IE7, it's more secure than IE6.


I do notice that your Java is outdated.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
• Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Other than that, I see no malware related issues.

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Mack

Ok, thanks alot. I have been having some trouble with websites loading extreemly slow and I was a bit concerned. But if all looks ok with the logs then I guess I need to look at other possibilities.

Thanks for your time.

tetonbob

Could it be that the new AVG Toolbar is causing a different internet experience on some sites?

http://www.grisoft.com/ww.faq.num-1188

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Mack

Hmm yes, thats a possibility now that you mention it. It started around the same time I think.

Do you think the AGV toolbar is worth having?

Thanks for your help.

Mack

tetonbob

I don't use AVG, so I can't really comment other than to say this:

I tend not to use those types of components, and trust myself, but your needs or wants may be different.

It seems like a good idea in adding a layer of protection, but may need some tweaking as many new ideas do.

Read more

http://www.grisoft.com/ww.product-avg-toolbar-tlbrc

http://www.grisoft.com/ww.faq.num-1189#faq_1189

Ultimately, the decision is yours....if it interferes more than the feeling of security is worth...

I would think the folks at AVG/Grisoft would like to hear from you about your concerns.

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Mack

Your time and help is much apreciated.

Regards

Mack

Mack

Sorry for the double post but I thought it was worth mentioning.

The problem I dicovered was being cause by the phishing filter. doh!

tetonbob

Thanks, Mack. Is that part of the AVG Security Toolbar, and is it configurable?

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Mack

I think its an IE addon from microsoft. And yes it is configurable somewhat. I have turned it off for now and the problem I was having is gone.