Infected, please help. HJT Log inside.

Member

27. December 2007 @ 16:31

Link to this message

hello, my machine is infected with something. the control panel is hidden, and if i am able to find it, nothing is accessible. hjt logfile below, please help. thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:30 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\shell.exe
C:\Documents and Settings\User\Application Data\T?sks\w?auclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [Lhf] "C:\Documents and Settings\Aaron Copeland\Application Data\T?sks\w?auclt.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90BCDAB2-D453-488B-A53C-EDEEA39A76A1}: NameServer = 207.69.188.185,207.69.188.186
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O21 - SSODL: cYhACmwbvCk - {005072E7-AAFA-D84D-153E-0F7E49BE3C45} - (no file)

--
End of file - 4715 bytes

This message has been edited since posting. Last time this message was edited on 27. December 2007 @ 17:07

Senior Member

27. December 2007 @ 17:03

Link to this message

Pretty good mess! Reboot into SAFE MODE! Run HijackThis, place check marks next to all the items listed below. Press Fix checked. Reboot
Post new Hijack log.

C:\WINDOWS\shell.exe

C:\Documents and Settings\Aaron Copeland\Application Data\T?sks\w?auclt.exe

R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe

O4 - HKCU\..\Run: [Lhf] "C:\Documents and Settings\Aaron Copeland\Application Data\T?sks\w?auclt.exe"

O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe

O4 - Startup: findfast.exe

O4 - Global Startup: autorun.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

O21 - SSODL: cYhACmwbvCk - {005072E7-AAFA-D84D-153E-0F7E49BE3C45} - (no file)

This message has been edited since posting. Last time this message was edited on 27. December 2007 @ 17:04

Member

27. December 2007 @ 17:28

Link to this message

yeah, it's pretty jacked. thank you for your help, it's greatly appreciated! new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:29 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [00507249] rundll32.exe "C:\WINDOWS\system32\flfmiflf.dll",b
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90BCDAB2-D453-488B-A53C-EDEEA39A76A1}: NameServer = 207.69.188.185,207.69.188.186
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

--
End of file - 3783 bytes

Senior Member

27. December 2007 @ 17:47

Link to this message

Reboot into Safe mode, run HijackThis, put check marks on the items listed below. Fix checked. Post new log.

O4 - HKLM\..\Run: [00507249] rundll32.exe "C:\WINDOWS\system32\flfmiflf.dll",b

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

Your using IE6, should update to IE7, here's the link.
http://www.microsoft.com/windows/downloads/ie/getitnow.mspx

Go here make sure your OS is fully updated. Select the Express button. Download any high priority updates.
http://www.update.microsoft.com/microsof...t.aspx?ln=en-us

What Internet Security suite are you using? What Anti-Spyware program are you using?

Have you ever used a registry cleaner?

This message has been edited since posting. Last time this message was edited on 27. December 2007 @ 18:10

Member

27. December 2007 @ 18:14

Link to this message

I downloaded ie7, and will install. I'm using, ad-aware, spybot, spywareblaster, ccleaner. this file "O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll" seems to reappear every time after running HJT? Thanks again for your ongoing help =]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:50 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\User\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90BCDAB2-D453-488B-A53C-EDEEA39A76A1}: NameServer = 207.69.188.185,207.69.188.186
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

--
End of file - 3507 bytes

Senior Member

27. December 2007 @ 18:34

Link to this message

Yes, stubborn little bugger. Download comboFix. http://forums.majorgeeks.com/showthread.php?t=134965

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Member

27. December 2007 @ 19:23

Link to this message

ok heres the combofix.txt:

ComboFix 07-12-21.4 - User 2007-12-27 15:57:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.296 [GMT -8:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - svchost.exe: deleted 58880 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\antivirus.exe
C:\Documents and Settings\User\My Documents\WNSXS~1
C:\Documents and Settings\All Users.\documents\settings\bot.dll
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\LocalService\Application Data\install.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\LocalService\Desktop\searchus.exe
C:\Documents and Settings\NetworkService\Application Data\.rdr.ini
C:\Documents and Settings\NetworkService\Application Data\install.dat
C:\Documents and Settings\NetworkService\Desktop\searchus.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\n.ini
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Internet Explorer\vihizy121.dll
C:\Program Files\Internet Explorer\vihizy185.dll
C:\Program Files\Internet Explorer\vihizy22.dll
C:\Program Files\Internet Explorer\vihizy226.dll
C:\Program Files\Internet Explorer\vihizy230.dll
C:\Program Files\Internet Explorer\vihizy277.dll
C:\Program Files\Internet Explorer\vihizy281.dll
C:\Program Files\Internet Explorer\vihizy377.dll
C:\Program Files\Internet Explorer\vihizy401.dll
C:\Program Files\Internet Explorer\vihizy405.dll
C:\Program Files\Internet Explorer\vihizy441.dll
C:\Program Files\Internet Explorer\vihizy464.dll
C:\Program Files\Internet Explorer\vihizy470.dll
C:\Program Files\Internet Explorer\vihizy52.dll
C:\Program Files\Internet Explorer\vihizy526.dll
C:\Program Files\Internet Explorer\vihizy54.dll
C:\Program Files\Internet Explorer\vihizy542.dll
C:\Program Files\Internet Explorer\vihizy549.dll
C:\Program Files\Internet Explorer\vihizy598.dll
C:\Program Files\Internet Explorer\vihizy688.dll
C:\Program Files\Internet Explorer\vihizy721.dll
C:\Program Files\Internet Explorer\vihizy733.dll
C:\Program Files\Internet Explorer\vihizy740.dll
C:\Program Files\Internet Explorer\vihizy759.dll
C:\Program Files\Internet Explorer\vihizy774.dll
C:\Program Files\Internet Explorer\vihizy808.dll
C:\Program Files\Internet Explorer\vihizy824.dll
C:\Program Files\Internet Explorer\vihizy910.dll
C:\Program Files\Internet Explorer\vihizy978.dll
C:\Program Files\Internet Explorer\vihizy983.dll
C:\Program Files\ISM
C:\Program Files\ISM\adblcupd.exe
C:\Program Files\ISM\anticaupd.exe
C:\Program Files\ISM\archupd.exe
C:\Program Files\ISM\BndDrive2.dll
C:\Program Files\ISM\BndDrive3.dll
C:\Program Files\ISM\BndDrive6.dll
C:\Program Files\ISM\BndDrive7.dll
C:\Program Files\ISM\bndloader.exe
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\kazooupd.exe
C:\Program Files\ISM\syncupd.exe
C:\Program Files\ISM\synupd.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack5.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\ISMPack8.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\smante~1
C:\WINDOWS\asembl~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\racle~1
C:\WINDOWS\rau001978.exe
C:\WINDOWS\smante~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\sstem3~1\s?stem32\
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b06FdUe
C:\WINDOWS\SYSTEM32\clkuhyko.ini
C:\WINDOWS\system32\cnbajhus.exe
C:\WINDOWS\system32\config\system~1\Applic~1\Microsoft\20509.dat
C:\WINDOWS\system32\config\systemprofile\application data\.rdr.ini
C:\WINDOWS\system32\csvbrvgg.dll
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dodfljjf.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\IP6FW.SYS
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\VHKN41.sys
C:\WINDOWS\system32\fccbaay.dll
C:\WINDOWS\SYSTEM32\flfimflf.ini
C:\WINDOWS\system32\flfmiflf.dll
C:\WINDOWS\SYSTEM32\gcmjvxgs.ini
C:\WINDOWS\system32\gmyykbmu.dll
C:\WINDOWS\system32\lanmandrv.sys
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\ljjihhe.dll
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\nmopcqeg.dll
C:\WINDOWS\system32\ntvihfpw.dll
C:\WINDOWS\system32\okyhuklc.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\sgxvjmcg.dll
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\SYSTEM32\tvvwa.bak1
C:\WINDOWS\SYSTEM32\tvvwa.bak2
C:\WINDOWS\SYSTEM32\tvvwa.ini
C:\WINDOWS\SYSTEM32\umbkyymg.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wisydfdm.dll
C:\WINDOWS\system32\wnsapiisv32.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z1\mwspasrt83122.exe
C:\WINDOWS\system32\Z11
C:\WINDOWS\system32\Z11\z53.exe
C:\WINDOWS\system32\Z3
C:\WINDOWS\system32\Z5
C:\WINDOWS\system32\Z7
C:\WINDOWS\tk58.exe
C:\WINDOWS\uni_eh44.exe
C:\WINDOWS\uninst1014.exe
C:\WINDOWS\vgztmvt.exe
C:\WINDOWS\wnsxs~1
C:\Documents and Settings\All Users.\documents\settings

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ASC3550U
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_ICF
-------\LEGACY_LANMANDRV
-------\LEGACY_NDNET1
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\LEGACY_SYMAVC32
-------\LEGACY_VHKN41
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-27 15:19 . 2007-12-27 15:43 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-27 14:05 . 2007-12-27 14:09 696 --a------ C:\WINDOWS\wininit.ini
2007-12-27 13:47 . 2007-12-27 13:47 <DIR> d-------- C:\Program Files\EliteProtector
2007-12-27 12:02 . 2007-12-27 12:02 <DIR> d-------- C:\Program Files\CCleaner
2007-12-27 11:40 . 2004-12-21 19:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-27 11:40 . 2004-12-21 19:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-12-02 15:33 . 2007-12-21 17:32 1,414,970 --ahs---- C:\WINDOWS\SYSTEM32\xtfbcquu.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 20:50 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-27 20:24 --------- d-----w C:\Program Files\QuickTime
2007-11-23 22:46 181,760 ----a-w C:\WINDOWS\system32\drivers\Vhbx42.sys
2007-11-21 00:11 181,760 ----a-w C:\WINDOWS\system32\drivers\Pkv48.sys
2007-11-20 15:18 181,760 ----a-w C:\WINDOWS\system32\drivers\Ibkq51.sys
2007-11-14 07:26 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-11 06:13 96,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-10-11 06:13 659,456 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-11 06:13 615,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-11 06:13 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-11 06:13 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-11 06:13 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-10-11 06:13 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-11 06:13 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-10-11 06:13 357,888 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-10-11 06:13 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-10-11 06:13 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-11 06:13 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-11 06:13 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-10-11 06:13 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-10-10 11:16 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2005-07-29 23:24 472 --sha-r C:\WINDOWS\QWFyb24gQ29wZWxhbmQ\kqIVvZb0kZ6TtqU1vAk.vbs
2007-01-10 04:03 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2603AE66-A301-4826-B383-287B6ACC1F46}]
C:\Program Files\MSN Gaming Zone\ryvy83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50D8D20D-4278-44FD-855D-7B926A4B0324}]
C:\Program Files\MSN Gaming Zone\ryvy4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B2432DA-E58D-4C9A-AE60-7C856A4E903F}]
2007-12-06 15:44 598016 --a------ C:\WINDOWS\msagent\CHARS\odsocm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{932AE59C-7E7F-441F-B2E7-8449719064BE}]
C:\Program Files\MSN Gaming Zone\ryvy4444.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcaxvw]
ddcaxvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odsocm]
C:\WINDOWS\msagent\CHARS\odsocm.dll 2007-12-06 15:44 598016 C:\WINDOWS\MSAGENT\CHARS\odsocm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^findfast.exe]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00507249]
rundll32.exe C:\WINDOWS\system32\gmyykbmu.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
2004-06-18 07:30 290816 --a------ C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU C:\WINDOWS\TEMP\E_S12C.tmp /EF HKLM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
C:\WINDOWS\g4356cbvy63

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 09:32 77824 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 09:36 114688 --a------ C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 09:35 94208 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-07-25 11:01 1397760 --------- C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2004-06-03 00:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-03 18:12 221184 --a------ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe -l

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe]
C:\WINDOWS\System32\lanmanwrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2003-12-10 03:52 380928 --a------ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 18:15 290816 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer]
C:\WINDOWS\system32\printer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule9]
C:\Program Files\QdrModule\QdrModule9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-06-30 11:33 1388544 --a------ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]
C:\WINDOWS\system32\spoolvs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 15:48 32881 --a------ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
2004-06-03 00:51 172032 --a------ C:\Program Files\Microsoft IntelliType Pro\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vgztmvtA]
C:\WINDOWS\vgztmvtA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2007 Free]
C:\Program Files\WinAntiSpyware 2007\was7.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2003-12-09 13:02 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\WINDOWS\win320594527222007.exe SKY009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NetSvc"=3 (0x3)
"KodakCCS"=3 (0x3)
"InCDsrv"=2 (0x2)
"EarthLinkMonitor"=2 (0x2)
"dlbt_device"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"DomainService"=2 (0x2)

S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 16:16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\msagent\CHARS\odsocm.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\msagent\CHARS\odsocm.dll
.
Completion time: 2007-12-27 16:18:33 - machine was rebooted
.
2007-12-27 23:24:42 --- E O F ---

and the hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:30 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90BCDAB2-D453-488B-A53C-EDEEA39A76A1}: NameServer = 207.69.188.185,207.69.188.186

--
End of file - 3460 bytes

things seem to be ok after that combofix run. look ok now?

This message has been edited since posting. Last time this message was edited on 27. December 2007 @ 20:30

Senior Member

28. December 2007 @ 00:51

Link to this message

Logs are clean. Follow up with a registry cleaner. Run Disc Cleanup, and Defragmenter. How's the PC running?

Member

28. December 2007 @ 02:09

Link to this message

Running as it should, thanks a ton for your help QuikDraw! =D

This message has been edited since posting. Last time this message was edited on 28. December 2007 @ 02:10

Senior Member

28. December 2007 @ 16:52

Link to this message

Great! Bye now.