hello, my machine is infected with something. the control panel is hidden, and if i am able to find it, nothing is accessible. hjt logfile below, please help. thank you Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:17:30 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\shell.exe C:\Documents and Settings\User\Application Data\T?sks\w?auclt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\User\Desktop\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file) R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKCU\..\Run: [Lhf] "C:\Documents and Settings\Aaron Copeland\Application Data\T?sks\w?auclt.exe" O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - Startup: findfast.exe O4 - Global Startup: autorun.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{90BCDAB2-D453-488B-A53C-EDEEA39A76A1}: NameServer = 207.69.188.185,207.69.188.186 O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O21 - SSODL: cYhACmwbvCk - {005072E7-AAFA-D84D-153E-0F7E49BE3C45} - (no file) -- End of file - 4715 bytes
Pretty good mess! Reboot into SAFE MODE! Run HijackThis, place check marks next to all the items listed below. Press Fix checked. Reboot Post new Hijack log. C:\WINDOWS\shell.exe C:\Documents and Settings\Aaron Copeland\Application Data\T?sks\w?auclt.exe R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file) R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKCU\..\Run: [Lhf] "C:\Documents and Settings\Aaron Copeland\Application Data\T?sks\w?auclt.exe" O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - Startup: findfast.exe O4 - Global Startup: autorun.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O21 - SSODL: cYhACmwbvCk - {005072E7-AAFA-D84D-153E-0F7E49BE3C45} - (no file)
yeah, it's pretty jacked. thank you for your help, it's greatly appreciated! new HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:24:29 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\User\Desktop\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [00507249] rundll32.exe "C:\WINDOWS\system32\flfmiflf.dll",b O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{90BCDAB2-D453-488B-A53C-EDEEA39A76A1}: NameServer = 207.69.188.185,207.69.188.186 O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll -- End of file - 3783 bytes
Reboot into Safe mode, run HijackThis, put check marks on the items listed below. Fix checked. Post new log. O4 - HKLM\..\Run: [00507249] rundll32.exe "C:\WINDOWS\system32\flfmiflf.dll",b O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll Your using IE6, should update to IE7, here's the link. http://www.microsoft.com/windows/downloads/ie/getitnow.mspx Go here make sure your OS is fully updated. Select the Express button. Download any high priority updates. http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us What Internet Security suite are you using? What Anti-Spyware program are you using? Have you ever used a registry cleaner?
I downloaded ie7, and will install. I'm using, ad-aware, spybot, spywareblaster, ccleaner. this file "O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll" seems to reappear every time after running HJT? Thanks again for your ongoing help =] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:06:50 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\User\Desktop\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{90BCDAB2-D453-488B-A53C-EDEEA39A76A1}: NameServer = 207.69.188.185,207.69.188.186 O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll -- End of file - 3507 bytes
Yes, stubborn little bugger. Download comboFix. http://forums.majorgeeks.com/showthread.php?t=134965 Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review. **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
ok heres the combofix.txt: ComboFix 07-12-21.4 - User 2007-12-27 15:57:46.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.296 [GMT -8:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe * Created a new restore point . ADS - svchost.exe: deleted 58880 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\User\Application Data\antivirus.exe C:\Documents and Settings\User\My Documents\WNSXS~1 C:\Documents and Settings\All Users.\documents\settings\bot.dll C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\All Users\Application Data.\winantispyware 2007 C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode C:\Documents and Settings\LocalService\Application Data\install.dat C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\LocalService\Desktop\searchus.exe C:\Documents and Settings\NetworkService\Application Data\.rdr.ini C:\Documents and Settings\NetworkService\Application Data\install.dat C:\Documents and Settings\NetworkService\Desktop\searchus.exe C:\Documents and Settings\NetworkService\Local Settings\Application Data\n.ini C:\Program Files\Common Files\asks~1 C:\Program Files\Common Files\curity~1 C:\Program Files\Common Files\fnts~1 C:\Program Files\Common Files\winantispyware 2007 C:\Program Files\Common Files\winantispyware 2007\err.log C:\Program Files\Internet Explorer\vihizy121.dll C:\Program Files\Internet Explorer\vihizy185.dll C:\Program Files\Internet Explorer\vihizy22.dll C:\Program Files\Internet Explorer\vihizy226.dll C:\Program Files\Internet Explorer\vihizy230.dll C:\Program Files\Internet Explorer\vihizy277.dll C:\Program Files\Internet Explorer\vihizy281.dll C:\Program Files\Internet Explorer\vihizy377.dll C:\Program Files\Internet Explorer\vihizy401.dll C:\Program Files\Internet Explorer\vihizy405.dll C:\Program Files\Internet Explorer\vihizy441.dll C:\Program Files\Internet Explorer\vihizy464.dll C:\Program Files\Internet Explorer\vihizy470.dll C:\Program Files\Internet Explorer\vihizy52.dll C:\Program Files\Internet Explorer\vihizy526.dll C:\Program Files\Internet Explorer\vihizy54.dll C:\Program Files\Internet Explorer\vihizy542.dll C:\Program Files\Internet Explorer\vihizy549.dll C:\Program Files\Internet Explorer\vihizy598.dll C:\Program Files\Internet Explorer\vihizy688.dll C:\Program Files\Internet Explorer\vihizy721.dll C:\Program Files\Internet Explorer\vihizy733.dll C:\Program Files\Internet Explorer\vihizy740.dll C:\Program Files\Internet Explorer\vihizy759.dll C:\Program Files\Internet Explorer\vihizy774.dll C:\Program Files\Internet Explorer\vihizy808.dll C:\Program Files\Internet Explorer\vihizy824.dll C:\Program Files\Internet Explorer\vihizy910.dll C:\Program Files\Internet Explorer\vihizy978.dll C:\Program Files\Internet Explorer\vihizy983.dll C:\Program Files\ISM C:\Program Files\ISM\adblcupd.exe C:\Program Files\ISM\anticaupd.exe C:\Program Files\ISM\archupd.exe C:\Program Files\ISM\BndDrive2.dll C:\Program Files\ISM\BndDrive3.dll C:\Program Files\ISM\BndDrive6.dll C:\Program Files\ISM\BndDrive7.dll C:\Program Files\ISM\bndloader.exe C:\Program Files\ISM\dictionary.gz C:\Program Files\ISM\ism.exe C:\Program Files\ISM\kazooupd.exe C:\Program Files\ISM\syncupd.exe C:\Program Files\ISM\synupd.exe C:\Program Files\ISM\targets.gz C:\Program Files\ISM\Uninstall.exe C:\Program Files\ISM2 C:\Program Files\ISM2\cringupd.exe C:\Program Files\ISM2\dictionary.gz C:\Program Files\ISM2\ISMPack5.exe C:\Program Files\ISM2\ISMPack6.exe C:\Program Files\ISM2\ISMPack7.exe C:\Program Files\ISM2\ISMPack8.exe C:\Program Files\ISM2\targets.gz C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\Program Files\smante~1 C:\WINDOWS\asembl~1 C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe C:\WINDOWS\racle~1 C:\WINDOWS\rau001978.exe C:\WINDOWS\smante~1 C:\WINDOWS\sstem3~1 C:\WINDOWS\sstem3~1\s?stem32\ C:\WINDOWS\system32\awvvt.dll C:\WINDOWS\system32\b02FdUe C:\WINDOWS\system32\b06FdUe C:\WINDOWS\SYSTEM32\clkuhyko.ini C:\WINDOWS\system32\cnbajhus.exe C:\WINDOWS\system32\config\system~1\Applic~1\Microsoft\20509.dat C:\WINDOWS\system32\config\systemprofile\application data\.rdr.ini C:\WINDOWS\system32\csvbrvgg.dll C:\WINDOWS\system32\dobe~1 C:\WINDOWS\system32\dodfljjf.exe C:\WINDOWS\system32\driver C:\WINDOWS\system32\drivers\IP6FW.SYS C:\WINDOWS\system32\drivers\symavc32.sys C:\WINDOWS\system32\drivers\VHKN41.sys C:\WINDOWS\system32\fccbaay.dll C:\WINDOWS\SYSTEM32\flfimflf.ini C:\WINDOWS\system32\flfmiflf.dll C:\WINDOWS\SYSTEM32\gcmjvxgs.ini C:\WINDOWS\system32\gmyykbmu.dll C:\WINDOWS\system32\lanmandrv.sys C:\WINDOWS\system32\ldinfo.ldr C:\WINDOWS\system32\ljjihhe.dll C:\WINDOWS\system32\n.ini C:\WINDOWS\system32\nmopcqeg.dll C:\WINDOWS\system32\ntvihfpw.dll C:\WINDOWS\system32\okyhuklc.dll C:\WINDOWS\system32\racle~1 C:\WINDOWS\system32\sgxvjmcg.dll C:\WINDOWS\system32\tsks~1 C:\WINDOWS\SYSTEM32\tvvwa.bak1 C:\WINDOWS\SYSTEM32\tvvwa.bak2 C:\WINDOWS\SYSTEM32\tvvwa.ini C:\WINDOWS\SYSTEM32\umbkyymg.ini C:\WINDOWS\system32\win C:\WINDOWS\system32\winnb58.dll C:\WINDOWS\system32\wisydfdm.dll C:\WINDOWS\system32\wnsapiisv32.exe C:\WINDOWS\system32\wowfx.dll C:\WINDOWS\system32\Z1 C:\WINDOWS\system32\Z1\mwspasrt83122.exe C:\WINDOWS\system32\Z11 C:\WINDOWS\system32\Z11\z53.exe C:\WINDOWS\system32\Z3 C:\WINDOWS\system32\Z5 C:\WINDOWS\system32\Z7 C:\WINDOWS\tk58.exe C:\WINDOWS\uni_eh44.exe C:\WINDOWS\uninst1014.exe C:\WINDOWS\vgztmvt.exe C:\WINDOWS\wnsxs~1 C:\Documents and Settings\All Users.\documents\settings . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ASC3550U -------\LEGACY_CMDSERVICE -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\LEGACY_FOPN -------\LEGACY_ICF -------\LEGACY_LANMANDRV -------\LEGACY_NDNET1 -------\LEGACY_NETWORK_MONITOR -------\LEGACY_RUNTIME -------\LEGACY_RUNTIME2 -------\LEGACY_SYMAVC32 -------\LEGACY_VHKN41 -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-27 15:19 . 2007-12-27 15:43 1,393 --a------ C:\WINDOWS\imsins.BAK 2007-12-27 14:05 . 2007-12-27 14:09 696 --a------ C:\WINDOWS\wininit.ini 2007-12-27 13:47 . 2007-12-27 13:47 <DIR> d-------- C:\Program Files\EliteProtector 2007-12-27 12:02 . 2007-12-27 12:02 <DIR> d-------- C:\Program Files\CCleaner 2007-12-27 11:40 . 2004-12-21 19:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2007-12-27 11:40 . 2004-12-21 19:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek 2007-12-02 15:33 . 2007-12-21 17:32 1,414,970 --ahs---- C:\WINDOWS\SYSTEM32\xtfbcquu.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-27 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-27 20:50 --------- d-----w C:\Program Files\SpywareBlaster 2007-12-27 20:24 --------- d-----w C:\Program Files\QuickTime 2007-11-23 22:46 181,760 ----a-w C:\WINDOWS\system32\drivers\Vhbx42.sys 2007-11-21 00:11 181,760 ----a-w C:\WINDOWS\system32\drivers\Pkv48.sys 2007-11-20 15:18 181,760 ----a-w C:\WINDOWS\system32\drivers\Ibkq51.sys 2007-11-14 07:26 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll 2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll 2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll 2007-10-11 06:13 96,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll 2007-10-11 06:13 659,456 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll 2007-10-11 06:13 615,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll 2007-10-11 06:13 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll 2007-10-11 06:13 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll 2007-10-11 06:13 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll 2007-10-11 06:13 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll 2007-10-11 06:13 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll 2007-10-11 06:13 357,888 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll 2007-10-11 06:13 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll 2007-10-11 06:13 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll 2007-10-11 06:13 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll 2007-10-11 06:13 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll 2007-10-11 06:13 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll 2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll 2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll 2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll 2007-10-10 11:16 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe 2005-07-29 23:24 472 --sha-r C:\WINDOWS\QWFyb24gQ29wZWxhbmQ\kqIVvZb0kZ6TtqU1vAk.vbs 2007-01-10 04:03 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2603AE66-A301-4826-B383-287B6ACC1F46}] C:\Program Files\MSN Gaming Zone\ryvy83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50D8D20D-4278-44FD-855D-7B926A4B0324}] C:\Program Files\MSN Gaming Zone\ryvy4444.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B2432DA-E58D-4C9A-AE60-7C856A4E903F}] 2007-12-06 15:44 598016 --a------ C:\WINDOWS\msagent\CHARS\odsocm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{932AE59C-7E7F-441F-B2E7-8449719064BE}] C:\Program Files\MSN Gaming Zone\ryvy4444.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcaxvw] ddcaxvw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odsocm] C:\WINDOWS\msagent\CHARS\odsocm.dll 2007-12-06 15:44 598016 C:\WINDOWS\MSAGENT\CHARS\odsocm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^findfast.exe] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe backup=C:\WINDOWS\pss\findfast.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe backup=C:\WINDOWS\pss\autorun.exeCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00507249] rundll32.exe C:\WINDOWS\system32\gmyykbmu.dll,b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp] C:\WINDOWS\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922] 2004-06-18 07:30 290816 --a------ C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] C:\Program Files\Dell Support\DSAgnt.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU C:\WINDOWS\TEMP\E_S12C.tmp /EF HKLM [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63] C:\WINDOWS\g4356cbvy63 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-09-20 09:32 77824 --a------ C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-09-20 09:36 114688 --a------ C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-09-20 09:35 94208 --a------ C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2005-07-25 11:01 1397760 --------- C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2004-06-03 00:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] 2003-09-03 18:12 221184 --a------ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe -l [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] 2003-12-10 03:52 380928 --a------ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2004-04-11 18:15 290816 --------- C:\Program Files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer] C:\WINDOWS\system32\printer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule9] C:\Program Files\QdrModule\QdrModule9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr] mgrs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-06-30 11:33 1388544 --a------ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv] C:\WINDOWS\system32\spoolvs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2003-11-19 15:48 32881 --a------ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32] 2004-06-03 00:51 172032 --a------ C:\Program Files\Microsoft IntelliType Pro\type32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vgztmvtA] C:\WINDOWS\vgztmvtA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2007 Free] C:\Program Files\WinAntiSpyware 2007\was7.exe /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] 2003-12-09 13:02 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}] C:\WINDOWS\win320594527222007.exe SKY009 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NetSvc"=3 (0x3) "KodakCCS"=3 (0x3) "InCDsrv"=2 (0x2) "EarthLinkMonitor"=2 (0x2) "dlbt_device"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "DomainService"=2 (0x2) S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys [] S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys [] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-27 16:16:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\msagent\CHARS\odsocm.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\msagent\CHARS\odsocm.dll . Completion time: 2007-12-27 16:18:33 - machine was rebooted . 2007-12-27 23:24:42 --- E O F --- and the hjt log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:21:30 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\User\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{90BCDAB2-D453-488B-A53C-EDEEA39A76A1}: NameServer = 207.69.188.185,207.69.188.186 -- End of file - 3460 bytes things seem to be ok after that combofix run. look ok now?
Logs are clean. Follow up with a registry cleaner. Run Disc Cleanup, and Defragmenter. How's the PC running?
