0

I got hit bad by something. Have messages that regedit, task manager have been disabled by admin. Control panel is missing. VIRUS ALERT! is in taskbar and directory Here is HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:57 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SW CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" /GUID {E90B1832-3097-4d1c-93D1-D5332BA287A0} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Lenore"
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/v/8.1.5.27/applet/aces/aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.4.16/applet/addiction/addiction-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.1.26/slots/alibaba-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play01.pogo.com/applet-5.8.5.21/animal/animal-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.9.41/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.4.34/battlephlinx/battlephlinx-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.com/v/9.0.1.14/applet/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-8.0.7.27/bowling/bowling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0.32/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/checkers2/checkers-en_US.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/chess2/chess2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-8.0.7.27/cribbage/cribbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.2.40/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.0.23/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.5.29/domino/domino-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet-5.9.3.29/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euchre/euchre-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-5.8.4.24/bingo/bingoe-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/superbingo/superbingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.3.12/applet/golfsolitaire/golfsolitaire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/greenback/greenback-en_US.cab
O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/hangman/hangman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-8.0.8.30/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/v/8.1.7.44/applet/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.8.4.51/drawpoker/drawpoker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.3.49/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.2.25/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.9.3.49/gin2/gin2-en_US.cab
O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.8.0.32/keno/keno-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/9.0.1.9/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.7.5.28/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.9.1/applet/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.3.15/applet/safari/safari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.7.1.33/mlslots/mlslots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/v/8.1.1.1/applet/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/v/8.1.0.23/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.9.3.39/penguins/penguins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-8.0.9.33/waterwheel/waterwheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.0.1.7/applet/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.0.30/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://solitaire14.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/applet/popfu/popfu-en_US.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/9.0.1.7/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.4.22/poppit/poppit-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squares/squares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.com/v/9.0.2.13/applet/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.8.30/spider/spider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/spooky/spooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/8.1.9.1/applet/squelchies/squelchies-en_US.cab
O16 - DPF: Squelchies by pogo.com - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Stax by pogo - http://game3.pogo.com/v/8.1.9.1/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.9.3.39/sweeper/sweeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.3.25/applet/superdomino/superdomino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.6.2.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.0.1.10/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.2.40/tumbee2/tumbee2-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-5.9.5.37/turbo21/turbo21-ob-assets.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turbo22/turbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/mlslots/mlslots-en_US.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/videopoker2/videopoker-ob-assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.6.2.21/memories/memories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/babble/babble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.7.27/wordsearch/wordsearch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.4.34/wordwhomp2/whomp2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.1.32/whackdown/whackdown-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.0.40/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/worldclass/worldclass-en_US.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! MahJong - http://download2.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {19520A33-EB3A-4515-9185-C5734587891A} (PlanView Portfolio Control v7.4.1) - http://planview.baylorhealth.edu/planview/objects/pvportf_en.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforce.com/v2.1/applications/liveplay/Activex/AXClientUtil.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://bhcsvpn.baylorhealth.edu/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v42/blockwerx/blockwerx.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.57-deleon/GoogleNav.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48/haunted/haunted.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://solutionq.webex.com/client/T26L/event/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver/ddc/shockwave/wtinst.cab
O21 - SSODL: axrfgvek - {3AA1CF0B-64D6-4250-A16A-6B39D719FB95} - C:\WINDOWS\axrfgvek.dll
O21 - SSODL: okmdepgb - {7A2046A5-4F19-4F1B-8709-686B7F246392} - C:\WINDOWS\okmdepgb.dll
O21 - SSODL: KbdService - {30763b26-3dc2-40cd-a724-a05a1317bd28} - C:\WINDOWS\Resources\KbdService.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 21222 bytes

3
Contributors
3
Replies
4
Views
9 Years
Discussion Span
Last Post by ldcaudle
0

Hi, the first tool will remove an obvious infection, the second will check further and disclose some info I would like to see. Please run them both in the order given/
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
So, two logs in total, please.

0

O21 - SSODL: axrfgvek - {3AA1CF0B-64D6-4250-A16A-6B39D719FB95} - C:\WINDOWS\axrfgvek.dll
O21 - SSODL: okmdepgb - {7A2046A5-4F19-4F1B-8709-686B7F246392} - C:\WINDOWS\okmdepgb.dll

These two entries ought not to be there. These are confirmed class *B* threats and are known to cause computer dysfunction.

As to the Regedit problem, you can do this:

Start -> Run -> gpedit.msc -> User Configuration -> Administrative Templates -> System -> Prevent access to registry editing tools -> Right Click Properties -> Disabled

For the 'control panel missing' part of the question, you can download SDFix from here. It will do a scan like the one HiJack This does and it will enable all disabled components.

Goodluck

0

Thankyou both for your input. I will attempt to get to these suggestions this evening.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.