Solved infection [Internet Options cpl won't open]

boggie · 2008/04/13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:54 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Enigma Client.lnk.disabled
O4 - Startup: LimeWire On Startup.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/v/8.1.1.1/applet/slots/alibaba-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.1.1/applet/lottso/lottso-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/v/8.1.1.13/applet/spades2/spades2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.26/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/v/8.1.1.18/applet/simball/simball-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 9114 bytes

noahdfear · 2008/04/13

Much better! Scan again with HijackThis and place a check next to the following entries.

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab

Close all other windows then click Fix Checked. Close HijackThis.

Create a new HijackThis log after AVG-AS completes and post it along with the AVG-AS report.

boggie · 2008/04/13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:31 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Enigma Client.lnk.disabled
O4 - Startup: LimeWire On Startup.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/v/8.1.1.1/applet/slots/alibaba-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.1.1/applet/lottso/lottso-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/v/8.1.1.13/applet/spades2/spades2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.26/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/v/8.1.1.18/applet/simball/simball-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 9246 bytes

boggie · 2008/04/13

Scan " "Scan whole computer" " was finished. "
"Infections found: "; "0 "
"Infected objects removed or healed "; "0 "
"Not removed or healed. "; "0 "
"Spyware found: "; "0 "
"Spyware removed: "; "0 "
"Not removed: "; "0 "
"Warnings count: "; "70 "
"Information count: "; "0 "
"Scan started: "; "Sunday, April 13, 2008, 8:34:10 PM "
"Total object scanned: "; "538395 "
"Time needed: "; "1 hour(s) 10 minute(s) 18 second(s) "
"Errors encountered: "; "0 "

"Warnings "
"File "; "Infection "; "Result "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@adbrite[2].txt "; "Found Tracking cookie.Adbrite "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@adbrite[2].txt:\adbrite.com.71beeff9 "; "Found Tracking cookie.Adbrite "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@adbrite[2].txt:\adbrite.com.d5e309c2 "; "Found Tracking cookie.Adbrite "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@bs.serving-sys[2].txt "; "Found Tracking cookie.Serving-sys "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f "; "Found Tracking cookie.Serving-sys "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@serving-sys[2].txt "; "Found Tracking cookie.Serving-sys "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@serving-sys[2].txt:\serving-sys.com.255d6f2f "; "Found Tracking cookie.Serving-sys "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@serving-sys[2].txt:\serving-sys.com.400f83f "; "Found Tracking cookie.Serving-sys "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@serving-sys[2].txt:\serving-sys.com.4b416ef8 "; "Found Tracking cookie.Serving-sys "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@serving-sys[2].txt:\serving-sys.com.606c3d3b "; "Found Tracking cookie.Serving-sys "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@serving-sys[2].txt:\serving-sys.com.6a1cf9e8 "; "Found Tracking cookie.Serving-sys "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@serving-sys[2].txt:\serving-sys.com.c9034af6 "; "Found Tracking cookie.Serving-sys "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@ssl-hints.netflame[1].txt "; "Found Tracking cookie.Netflame "; "Potentially dangerous object "
"C:\Documents and Settings\sharon jones\Cookies\sharon_jones@ssl-hints.netflame[1].txt:\ssl-hints.netflame.cc.92f248e "; "Found Tracking cookie.Netflame "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@2o7[1].txt "; "Found Tracking cookie.2o7 "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@2o7[1].txt:\2o7.net.173e5f42 "; "Found Tracking cookie.2o7 "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@adopt.euroclick[1].txt "; "Found Tracking cookie.Euroclick "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@adopt.euroclick[1].txt:\adopt.euroclick.com.891542da "; "Found Tracking cookie.Euroclick "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@adopt.euroclick[1].txt:\adopt.euroclick.com.fb764ef7 "; "Found Tracking cookie.Euroclick "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@adopt.euroclick[1].txt:\adopt.euroclick.com.ffe11db7 "; "Found Tracking cookie.Euroclick "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@atdmt[1].txt "; "Found Tracking cookie.Atdmt "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@atdmt[1].txt:\atdmt.com.b3e33b5f "; "Found Tracking cookie.Atdmt "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@doubleclick[1].txt "; "Found Tracking cookie.Doubleclick "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@doubleclick[1].txt:\doubleclick.net.1d39bd48 "; "Found Tracking cookie.Doubleclick "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@hitbox[2].txt "; "Found Tracking cookie.Hitbox "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@hitbox[2].txt:\hitbox.com.2b95f8a3 "; "Found Tracking cookie.Hitbox "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@hitbox[2].txt:\hitbox.com.bbf2a6e8 "; "Found Tracking cookie.Hitbox "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@m.webtrends[2].txt "; "Found Tracking cookie.Webtrends "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0 "; "Found Tracking cookie.Webtrends "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@msnportal.112.2o7[2].txt "; "Found Tracking cookie.2o7 "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@msnportal.112.2o7[2].txt:\msnportal.112.2o7.net.7225be6f "; "Found Tracking cookie.2o7 "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@realmedia[1].txt "; "Found Tracking cookie.Realmedia "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@realmedia[1].txt:\realmedia.com.125a868c "; "Found Tracking cookie.Realmedia "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@realmedia[1].txt:\realmedia.com.68087763 "; "Found Tracking cookie.Realmedia "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@realmedia[1].txt:\realmedia.com.e14be39e "; "Found Tracking cookie.Realmedia "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@ssl-hints.netflame[1].txt "; "Found Tracking cookie.Netflame "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@ssl-hints.netflame[1].txt:\ssl-hints.netflame.cc.441d9a41 "; "Found Tracking cookie.Netflame "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@ssl-hints.netflame[1].txt:\ssl-hints.netflame.cc.92f248e "; "Found Tracking cookie.Netflame "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@statse.webtrendslive[1].txt "; "Found Tracking cookie.Webtrendslive "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@statse.webtrendslive[1].txt:\statse.webtrendslive.com.b4ca7df0 "; "Found Tracking cookie.Webtrendslive "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@tacoda[2].txt "; "Found Tracking cookie.Tacoda "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@tacoda[2].txt:\tacoda.net.a3218a37 "; "Found Tracking cookie.Tacoda "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@tacoda[2].txt:\tacoda.net.c4fe2ebb "; "Found Tracking cookie.Tacoda "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@tribalfusion[2].txt "; "Found Tracking cookie.Tribalfusion "; "Potentially dangerous object "
"C:\Documents and Settings\tom\Cookies\tom@tribalfusion[2].txt:\tribalfusion.com.dcc03271 "; "Found Tracking cookie.Tribalfusion "; "Potentially dangerous object "
"HKLM\SOFTWARE\Classes\CLSID\{C7310572-AC80-11D1-8DF3-00C04FB6EF4F}\InprocServer32\\ "; "Found Adware.RogueSuspect "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01E69986-A054-4C52-ABE8-EF63DF1C5211} "; "Found Adware.CramToolbar "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66} "; "Found Adware.RogueSuspect "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{20929603-21DB-477C-BA6F-0B8E70B3C8A0} "; "Found Adware.CramToolbar "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{364B6276-C6C1-40B6-A6D7-6C48871FD707} "; "Found Adware.Accoona "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593} "; "Found Adware.RogueSuspect "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3D782BB3-F2A5-11D3-BF4C-000000000000} "; "Found Adware.ActivShopper "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} "; "Found Adware.NewDotNet "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-DEFF-ED65A486AA28} "; "Found Adware.UpSpiralBar "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} "; "Found Adware.Generic "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6B035665-6C0D-4388-AD11-B28314DCA59B} "; "Found Adware.EZ-Tracks "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{736b5468-bdad-41be-92d0-22ae2ddf7bcb} "; "Found Adware.Generic "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{74CC49F7-EB32-4A08-B204-948962A6E3DB} "; "Found Adware.RogueSuspect "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} "; "Found Adware.SearchMaid "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FD44536-9DF0-4034-939F-5BD4D98E3187} "; "Found Adware.Generic "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{804DB5C7-31E6-4885-850A-F1941B58A4C7} "; "Found Adware.Generic "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B} "; "Found Adware.Generic "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98A7C97A-4FFF-4F6E-A313-D21BC759DD99} "; "Found Adware.SearchIT "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{a19ef336-01d4-48e6-926a-fe7e1c747aed} "; "Found Adware.MWSearch "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9} "; "Found Adware.CommanderNET "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8FB8EB3-183B-4598-924D-86F0E5E37085} "; "Found Adware.WhyPPC "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AC3AEF75-0A6B-4AB8-82B5-2C9BA8396644} "; "Found Adware.Generic "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C95FE080-8F5D-11D2-A20B-00AA003C157A} "; "Found Adware.Generic "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA0D26BD-9029-431A-86E0-83152D67828A} "; "Found Adware.180Solutions "; "Potentially dangerous object "
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F43BD772-ABDD-43B7-A96A-3E9E61946EC0} "; "Found Adware.Generic "; "Potentially dangerous object "

noahdfear · 2008/04/13

Well darn ....... it appears AVG AntiSpyware is no longer available as a stand-alone app, nor does it appear the AVG bundle is as effective on malware.

Please update Spybot and run a full scan. Remove whatever it finds.

Scan with HijackThis and remove the following entry.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Please do an online scan with Kaspersky WebScanner

Click Scan Now and Accept the agreement. You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log here along with a new HijackThis log.

Let me know if the IE control panel is working again.

boggie · 2008/04/13

thank you so much Noahdfear for all your helpyou have been great iwill do all that i must go have to get up at 4 :am for work but again thanks for allyour help

dhartson · 2008/04/14

AVG Antispyware

While I'm sure many others have it, if it would be of any use, and if someone can advise how to transmit the 13.4 MB file, I downloaded AVG Antispyware, version 7.5.1.43 free, on April 9, and I'd be happy to help. It appears to check for updates, but I couldn't really tell if it is updating or not.

boggie · 2008/04/19

Noahdfear sorry abought just getting back had to leave town for 5 days back now so if we counld finish here is the other scansogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:47 AM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Enigma Client.lnk.disabled
O4 - Startup: LimeWire On Startup.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/v/8.1.1.1/applet/slots/alibaba-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.1.1/applet/lottso/lottso-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/v/8.1.1.13/applet/spades2/spades2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.26/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/v/8.1.1.18/applet/simball/simball-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 9348 bytes

boggie · 2008/04/19

KASPERSKY ONLINE SCANNER REPORT
Saturday, April 19, 2008 10:59:19 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 715414
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 50500
Number of viruses found: 4
Number of infected objects: 8
Number of suspicious objects: 2
Duration of the scan process: 01:08:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.2 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt1.zip/retadpu1000106.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Documents\ATT_SST_Installer.exe/WISE0107.BIN/WISE0008.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\All Users\Documents\ATT_SST_Installer.exe/WISE0107.BIN/WISE0009.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\All Users\Documents\ATT_SST_Installer.exe/WISE0107.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\All Users\Documents\ATT_SST_Installer.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\All Users\Documents\ATT_SST_Installer.exe WiseSFXDropper: infected - 3 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\tom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\tom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tom\ntuser.dat Object is locked skipped
C:\Documents and Settings\tom\NTUSER.DAT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4DCA892E-887C-45FD-8B59-575B89179E95}\RP329\A0065595.dll Infected: Trojan.Win32.Kolweb.o skipped
C:\System Volume Information\_restore{4DCA892E-887C-45FD-8B59-575B89179E95}\RP329\A0065596.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\System Volume Information\_restore{4DCA892E-887C-45FD-8B59-575B89179E95}\RP329\A0065597.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\System Volume Information\_restore{4DCA892E-887C-45FD-8B59-575B89179E95}\RP351\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\LVCOMSX.LOG Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

boggie · 2008/04/19

I still have no options so do i need to do a reformat of pute thanks not sure whats next

noahdfear · 2008/04/19

Nothing in that Kaspersky scan to worry about.
There's one infected zip file in quarantine by Spybot and some infected System Restore points.

Open Spybot and click Recovery in the left pane. Select all boxes that populate in the main window, then click 'Purge selected items' from above. Close Spybot.

Now, since I see nothing that should be preventing the Internet Options control panel from opening, I would suggest uninstalling IE7 then reboot and re-install it. It should be listed in Add/Remove programs.

boggie · 2008/04/20

Thanks for all your help did a sys restore going to get ie6 and i can get options now so thanks again

noahdfear · 2008/04/21

You did a system restore? There are infected files in System Restore, and if you chose a date that contained those files, you have re-infected the system. It is for that reason I recommended uninstalling/re-installing IE7 as a possible cure.

If you did indeed do a system restore, I recommend you post a fresh Deckard's log and a Kaspersky online scan report.

boggie · 2008/04/27

Noahdfear ijust got back in town for 1 day so if we can try again and im sorry for doing the sys restore could not uninstall ie7 missing files here are new logsDeckard's System Scanner v20071014.68
Run by tom on 2008-04-27 09:06:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
31: 2008-04-27 14:06:09 UTC - RP359 - Deckard's System Scanner Restore Point
30: 2008-04-26 20:02:27 UTC - RP358 - System Checkpoint
29: 2008-04-21 09:19:54 UTC - RP357 - System Checkpoint
28: 2008-04-20 08:04:39 UTC - RP356 - Software Distribution Service 3.0
27: 2008-04-19 22:58:05 UTC - RP355 - Restore Operation

-- First Restore Point --
1: 2008-03-22 20:42:15 UTC - RP329 - Norton Security Online post configuration restore point

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as tom.exe) -------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-27 09:07:44
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\tom\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {6B184A91-2ECA-4919-31A4-C1C3DE8A9BFE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BE307A48-71E6-46E7-B692-3B532E700E75} - (no file)
O2 - BHO: (no name) - {F1E74DAA-8B7B-48A1-A089-6D4A0AC4B0FC} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FE64D334-BF5D-4434-896E-52CB9CDC5DF1} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~ "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Enigma Client.lnk.disabled = C:\Program Files\Enigma\Enigma.exe
O4 - Startup: LimeWire On Startup.lnk.disabled = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKCU)
O15 - Trusted Zone: *.imagesrvr.com (HKCU)
O16 - DPF: Ali Baba Slots TM by pogo () - http://game1.pogo.com/v/8.1.1.1/applet/slots/alibaba-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo () - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Lottso by pogo () - http://game1.pogo.com/v/8.1.1.1/applet/lottso/lottso-en_US.cab
O16 - DPF: Poppit by pogo () - http://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Spades 2 by pogo () - http://game1.pogo.com/v/8.1.1.13/applet/spades2/spades2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo () - http://game1.pogo.com/v/8.1.3.26/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: The Sims Pinball by pogo () - http://game1.pogo.com/v/8.1.1.18/applet/simball/simball-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} () - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} () - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} () - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} () - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} () - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} () - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O20 - Winlogon Notify: geebb - C:\WINDOWS\System32\geebb.dll (file missing)
O20 - Winlogon Notify: jkkifcd - C:\WINDOWS\System32\jkkifcd.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Symantec\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe

--
End of file - 11933 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\ALLUSE~1\DOCUME~1\HIJACK~1\backups\) --

backup-20070616-123237-864 O15 - Trusted Zone: *.winantispyware.com (HKLM)

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - NOTEDAD.EXE %1
.ini - inifile - shell\open\command - NOTEDAD.EXE %1
.reg - regfile - shell\edit\command - NOTEDAD.EXE %1
.txt - txtfile - shell\open\command - NOTEDAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys (file missing)
S3 HSF_DP - c:\windows\system32\drivers\hsfdpsp2.sys (file missing)
S3 HSFHWBS2 - c:\windows\system32\drivers\hsfbs2s2.sys (file missing)
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20080401.006\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20080401.006\navex15.sys (file missing)
S3 SUPERWEBCAM (SuperWebcam, WDM Virtual Video Capture Device) - c:\windows\system32\drivers\superwebcam.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_01321028&REV_01\3&267A616A&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_01321028&REV_01\3&267A616A&0&FB
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-04-23 09:32:17 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-25 19:44:20 0 dr-h----- C:\Documents and Settings\sharon jones\Recent
2008-04-20 19:35:03 0 d-------- C:\WINDOWS\Prefetch
2008-04-19 18:05:47 0 dr-h----- C:\Documents and Settings\tom\Recent
2008-04-19 18:02:19 0 d-------- C:\Program Files\LimeWire
2008-04-19 18:02:16 0 d-------- C:\Documents and Settings\Guest\Application Data\Lavasoft
2008-04-19 18:02:16 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-04-19 18:02:16 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2008-04-19 18:02:15 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2008-04-19 18:02:14 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-04-19 18:02:13 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-04-19 18:02:13 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-04-19 18:02:13 0 d-------- C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-04-19 18:02:13 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2008-04-19 18:02:13 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-04-19 18:02:12 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-04-19 18:02:12 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-04-19 18:02:11 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-04-19 18:02:11 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-04-19 18:02:10 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-04-19 18:02:10 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-04-19 18:02:10 0 d-------- C:\Documents and Settings\guest 2\Application Data\Lavasoft
2008-04-19 18:02:10 0 d-------- C:\Documents and Settings\guest 2\Application Data\Identities
2008-04-19 18:02:10 0 d-------- C:\Documents and Settings\guest 2\Application Data\DivX
2008-04-19 18:02:10 0 d-------- C:\Documents and Settings\guest 2\Application Data\Adobe
2008-04-19 18:02:09 0 d-------- C:\Documents and Settings\guest 2\Application Data\Macromedia
2008-04-19 18:02:08 0 dr-h----- C:\Documents and Settings\guest 2\Application Data
2008-04-19 18:02:08 0 d-------- C:\Documents and Settings\guest 2\Application Data\Yahoo!
2008-04-19 18:02:08 0 d-------- C:\Documents and Settings\guest 2\Application Data\Mozilla
2008-04-19 18:02:08 0 d---s---- C:\Documents and Settings\guest 2\Application Data\Microsoft
2008-04-19 18:02:07 0 d-------- C:\Documents and Settings\guest 2\Desktop
2008-04-19 18:02:06 0 dr-h----- C:\Documents and Settings\guest 2\SendTo
2008-04-19 18:02:06 0 dr-h----- C:\Documents and Settings\guest 2\Recent
2008-04-19 18:02:06 0 d--h----- C:\Documents and Settings\guest 2\PrintHood
2008-04-19 18:02:06 0 d--h----- C:\Documents and Settings\guest 2\Local Settings
2008-04-19 18:02:05 0 d--h----- C:\Documents and Settings\guest 2\Templates
2008-04-19 18:02:05 0 dr------- C:\Documents and Settings\guest 2\Start Menu
2008-04-19 18:02:02 0 d-------- C:\Program Files\Symantec
2008-04-19 18:02:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-19 18:01:55 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-19 18:01:27 0 d-------- C:\WINDOWS\System32\T8
2008-04-19 18:01:27 0 d-------- C:\WINDOWS\System32\T6
2008-04-19 18:01:27 0 d-------- C:\WINDOWS\System32\T4
2008-04-19 18:01:27 0 d-------- C:\WINDOWS\System32\T3
2008-04-19 17:34:32 0 d-------- C:\ComboFix(2)
2008-04-19 09:28:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 19:56:35 0 d--hs---- C:\RECYCLER(2)
2008-04-13 09:35:05 0 d-------- C:\Program Files\Trend Micro
2008-04-12 21:27:04 0 --a------ C:\Documents and Settings\tom\undockwithoutlogonREG_DWORD0x1
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\shutdownwithoutlogonREG_DWORD0x1
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\legalnoticetextREG_SZ
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\legalnoticecaptionREG_SZ
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\dontdisplaylastusernameREG_DWORD0x0
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\{0DF44EAA-FF21-4412-828E-260A8728E7F1}Applica
2008-04-12 21:26:50 0 --a------ C:\Documents and Settings\tom\NoDriveTypeAutoRunREG_BINARY5F000000
2008-04-12 21:26:50 0 --a------ C:\Documents and Settings\tom\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}Applica
2008-04-12 21:26:50 0 --a------ C:\Documents and Settings\tom\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}Applica
2008-04-12 21:26:50 0 --a------ C:\Documents and Settings\tom\!
2008-04-12 19:43:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-04-12 16:56:41 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-10 03:23:40 0 d-------- C:\0447d2e626ba2040e50e452775
2008-04-01 18:38:55 4718592 --a------ C:\Documents and Settings\sharon jones\ntuser.dat

-- Find3M Report ---------------------------------------------------------------

2008-04-20 19:28:23 0 d-------- C:\Program Files\Messenger
2008-04-20 19:24:49 0 d-------- C:\Program Files\Windows NT
2008-04-20 19:24:45 0 d-------- C:\Program Files\Movie Maker
2008-04-19 18:07:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-19 18:03:27 0 d-------- C:\Program Files\Yahoo!
2008-04-19 18:02:04 0 d-------- C:\Program Files\PCPitstop
2008-04-19 17:53:42 0 d-------- C:\Documents and Settings\tom\Application Data\Yahoo!
2008-04-12 22:20:21 5550 --a------ C:\WINDOWS\unins000.dat
2008-04-12 19:53:47 0 d-a------ C:\Program Files\Common Files
2008-03-29 09:15:42 0 d-------- C:\Program Files\Logitech
2008-03-29 09:14:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-18 13:53:15 0 d-------- C:\Documents and Settings\tom\Application Data\LimeWire
2008-03-08 22:50:40 0 d-------- C:\Program Files\Java
2008-02-28 21:29:04 0 d-------- C:\Program Files\Microsoft Picture It! 2002
2008-02-28 21:19:20 0 d-------- C:\Program Files\Microsoft Streets & Trips
2008-02-28 21:11:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-28 21:09:03 0 d-------- C:\Program Files\Microsoft Money

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B184A91-2ECA-4919-31A4-C1C3DE8A9BFE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE307A48-71E6-46E7-B692-3B532E700E75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E74DAA-8B7B-48A1-A089-6D4A0AC4B0FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE64D334-BF5D-4434-896E-52CB9CDC5DF1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser "= "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 05:37 PM]
"SweetIM "= "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [01/02/2008 09:15 PM]
"UpdReg "= "C:\WINDOWS\Updreg.exe" [05/11/2000 02:00 AM]
"Microsoft Works Update Detection "= "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 11:41 PM]
"YOP "= "C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 03:42 PM]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"osCheck "= "C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 03:41 AM]
"SweetIM "= "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [01/02/2008 09:15 PM]
"Yahoo! Pager "= "~C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" []

C:\Documents and Settings\tom\Start Menu\Programs\Startup\
Enigma Client.lnk.disabled [2/16/2008 5:18:12 PM]
LimeWire On Startup.lnk.disabled [2/16/2008 2:30:52 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebb]
C:\WINDOWS\System32\geebb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkifcd]
jkkifcd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk.disabled
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk.disabled
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sharon jones^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sharon jones\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIAGENT]
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Microsoft Works Update Detection "=C:\Program Files\Microsoft Works\WkDetect.exe
"IpWins "=C:\Program Files\Ipwindows\ipwins.exe
"BitTorrent "= "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
"Yahoo! Pager "=~ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg "=C:\WINDOWS\Updreg.exe
"Motive SmartBridge "=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
"YBrowser "=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
"LXSUPMON "=C:\WINDOWS\System32\LXSUPMON.EXE RUN
"SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe "
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"WinampAgent "=C:\Program Files\Winamp\winampa.exe
"Microsoft Works Portfolio "=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"MoneyStartUp10.0 "= "C:\Program Files\Microsoft Money\System\Activation.exe "
"MimBoot "=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
"DIAGENT "=C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"AHQInit "=C:\Program Files\Creative\SBLive\Program\AHQInit.exe

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-04-27 09:08:43 ------------

boggie · 2008/04/27

The other log alsoKASPERSKY ONLINE SCANNER REPORT
Sunday, April 27, 2008 10:31:37 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/04/2008
Kaspersky Anti-Virus database records: 650245
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 56445
Number of viruses found: 4
Number of infected objects: 4
Number of suspicious objects: 2
Duration of the scan process: 00:58:42

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\tom\LOCALS~1\Temp\Av-test.txt Infected: EICAR-Test-File skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt1.zip/retadpu1000106.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\tom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\tom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\History\History.IE5\MSHist012008042720080428\index.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Temp\Perflib_Perfdata_320.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tom\ntuser.dat Object is locked skipped
C:\Documents and Settings\tom\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4DCA892E-887C-45FD-8B59-575B89179E95}\RP329\A0065595.dll Infected: Trojan.Win32.Kolweb.o skipped
C:\System Volume Information\_restore{4DCA892E-887C-45FD-8B59-575B89179E95}\RP329\A0065596.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\System Volume Information\_restore{4DCA892E-887C-45FD-8B59-575B89179E95}\RP329\A0065597.exe Infected: Trojan.Win32.Kolweb.l skipped
C:\System Volume Information\_restore{4DCA892E-887C-45FD-8B59-575B89179E95}\RP359\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

noahdfear · 2008/04/27

Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft

Click Start>Run and paste the command in, then hit enter.

An interface of Deckards file association fix will open.

Click Scan.

Check the box next to the following entries, then click Fix.

.bat

.ini

.reg

.txt

Exit when complete.

Download a fresh copy of ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

boggie · 2008/04/27

Have tryed to get a log from combo fix sevral times but to no avail have not clicked stops at find 3m

noahdfear · 2008/04/27

Please try running it in Safe Mode, from your user account.

To access safe mode, restart your computer and begin tapping F8 to enable the Advanced Start Menu. Use the up/down arrow keys to highlight the Safe Mode entry then hit Enter.

boggie · 2008/04/27

cannot start safe from my acct

noahdfear · 2008/04/27

What happens?

Log in or Sign up

Solved infection [Internet Options cpl won't open]

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

dhartson Inactive

boggie Inactive Thread Starter

boggie Inactive Thread Starter

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved infection [Internet Options cpl won't open]

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

dhartson Inactive

boggie Inactive Thread Starter

boggie Inactive Thread Starter

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

noahdfear Inactive

boggie Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches