Am I infected? Serious virus (Hijack log)

A

Ambitiousness

New Member
I'm trying to diagnose a problem with my mom's computer. It's something I'm not sure of but I'm learning more and more about the problem. In short some of my problems are: I can't really run IE or FF in normal mode, can't prompt and use Malwarebytes' Anti-Malware, cannot install some anti-virus programs (as it does not finish installation). I couldn't even run a HiJackthis log or anything until I learned a trick: I changed the name of the exe to tools.exe and wallah I was able to finally run Hijack this. Here is my log:

The question I want to know is am I infected? At this moment I am not looking for support. Just looking for assistance by a versed individual in evaluating hijack logs.

I believe I am. A confirmation would be a great step in helping solve this problem of mine. Thank you for any help. It is appreciated. :D



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:49 AM, on 5/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: AutoTBar.exe
O4 - Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Fishdom%20H2O%20-%20Hidden%20Odyssey/Images/stg_drm.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Blokus%20World%20Tour/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O23 - Service: Alerter AlerterPolicyAgentFaxseclogon (AlerterPolicyAgentFaxseclogon) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Application Layer Gateway Service ALGsrservice (ALGsrservice) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Windows Audio AudioSrvERSvc (AudioSrvERSvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Background Intelligent Transfer Service BITSTrkWks (BITSTrkWks) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Computer Browser BrowserSENS (BrowserSENS) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Logical Disk Manager dmserverhelpsvc (dmserverhelpsvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Logical Disk Manager dmserverhelpsvc dmserverhelpsvcoseProtectedStorage (dmserverhelpsvcoseProtectedStorage) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: COM+ Event System EventSystemNetman (EventSystemNetman) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: COM+ Event System EventSystemNetman EventSystemNetmanMessenger (EventSystemNetmanMessenger) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Fax FaxNVSvc (FaxNVSvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Google Update Service (gupdate1c9cacd8df437ce) (gupdate1c9cacd8df437ce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdate1c9cacd8df437ce) gupdate1c9cacd8df437ceEventSystem (gupdate1c9cacd8df437ceEventSystem) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Workstation lanmanworkstationHidServ (lanmanworkstationHidServ) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: TCP/IP NetBIOS Helper LmHostsRDSessMgr (LmHostsRDSessMgr) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Machine Debug Manager MDMSysmonLog (MDMSysmonLog) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Messenger MessengerWudfSvc (MessengerWudfSvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr (mnmsrvcRDSessMgr) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcWmiApSrvseclogon (mnmsrvcWmiApSrvseclogon) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Distributed Transaction Coordinator MSDTCFaxNVSvc (MSDTCFaxNVSvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Windows Installer MSIServerBrowser (MSIServerBrowser) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Net Logon Netlogongupdate1c9cacd8df437ce (Netlogongupdate1c9cacd8df437ce) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Net Logon Netlogonhkmsvc (Netlogonhkmsvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Network Location Awareness (NLA) NlaFaxNVSvc (NlaFaxNVSvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Softex OmniPass Service omniservupnphost (omniservupnphost) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Office Source Engine oseProtectedStorage (oseProtectedStorage) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: IPSEC Services PolicyAgentFax (PolicyAgentFax) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: IPSEC Services PolicyAgentFax PolicyAgentFaxseclogon (PolicyAgentFaxseclogon) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: IPSEC Services PolicyAgentLmHostsRDSessMgr (PolicyAgentLmHostsRDSessMgr) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Protected Storage ProtectedStorageose (ProtectedStorageose) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Protected Storage ProtectedStorageose ProtectedStorageosemnmsrvc (ProtectedStorageosemnmsrvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Remote Access Auto Connection Manager RasAutoWudfSvc (RasAutoWudfSvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Routing and Remote Access RemoteAccessxmlprov (RemoteAccessxmlprov) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Routing and Remote Access RemoteAccessxmlprov RemoteAccessxmlprov Service (RemoteAccessxmlprov Service) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Remote Procedure Call (RPC) Locator RpcLocatorseclogon (RpcLocatorseclogon) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Secondary Logon seclogonCryptSvc (seclogonCryptSvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Secondary Logon seclogonmnmsrvc (seclogonmnmsrvc) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Print Spooler SpoolerShellHWDetection (SpoolerShellHWDetection) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Performance Logs and Alerts SysmonLogDcomLaunch (SysmonLogDcomLaunch) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Performance Logs and Alerts SysmonLogDcomLaunch SysmonLogDcomLaunchwinmgmt (SysmonLogDcomLaunchwinmgmt) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Terminal Services TermServiceCOMSysApp (TermServiceCOMSysApp) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Terminal Services TermServiceUPS (TermServiceUPS) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Windows Time W32TimeMSIServer (W32TimeMSIServer) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Windows Management Instrumentation winmgmtNetlogon (winmgmtNetlogon) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: WMI Performance Adapter WmiApSrvseclogon (WmiApSrvseclogon) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: Security Center wscsvcProtectedStorage (wscsvcProtectedStorage) - Unknown owner - C:\WINDOWS\system32\apcupse.exe
O23 - Service: ZumieSearch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\ZumieSearch\zumie175.exe

--
End of file - 13973 bytes
 
Respital

Respital

Active Member
Hello please run ComboFix, if it fails to run try changing the name to something.exe

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply i will need:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
A

Ambitiousness

New Member
Wow..the combo fix log is larger (number of characters) then is allowed to be in a single post. I can't upload it in an attachment either because it exceeds the 19.5 kb allotted. I guess I'll have to break it up (but I'll be sure to save the txt just in case).

In subsequent paragraphs I'll post hijack this and an update on my performance, observation of the computer.


Thank you for your help so far, I appreciate it a great deal. :D Combofix ran perfectly and I followed exactly what you said.


Combofix first:
 
A

Ambitiousness

New Member
ComboFix 09-05-30.03 - Administrator 05/30/2009 13:58.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.366 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\Thefix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\patch.exe
c:\windows\system32\apcupse.exe
c:\windows\system32\drivers\UACnvmhsxtyxvkbsiy.sys
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\UACaechqpvyftyrnne.dll
c:\windows\system32\UACbcnfxvjyffwdmol.dll
c:\windows\system32\UACeplpqwixheawrcd.log
c:\windows\system32\UACillvqgubkmkdwkr.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACipltfuxnuyabrpr.dat
c:\windows\system32\UACmbfooedbwqxexyv.dll
c:\windows\system32\UACnrwqvddwnshsajt.log
c:\windows\system32\UACpwlyputkckefdci.log
c:\windows\system32\UACwdorbqgmoavybfm.dll
c:\windows\system32\uniq.tll
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_ALERTERPOLICYAGENTFAXSECLOGON
-------\Legacy_ALGSRSERVICE
-------\Legacy_AUDIOSRVERSVC
-------\Legacy_BITSTRKWKS
-------\Legacy_BOONTY_GAMES
-------\Legacy_BROWSERSENS
-------\Legacy_DMSERVERHELPSVC
-------\Legacy_EVENTSYSTEMNETMAN
-------\Legacy_FAXNVSVC
-------\Legacy_GUPDATE1C9CACD8DF437CEEVENTSYSTEM
-------\Legacy_LANMANWORKSTATIONHIDSERV
-------\Legacy_LMHOSTSRDSESSMGR
-------\Legacy_MDMSYSMONLOG
-------\Legacy_MESSENGERWUDFSVC
-------\Legacy_MNMSRVCRDSESSMGR
-------\Legacy_MSDTCFAXNVSVC
-------\Legacy_MSISERVERBROWSER
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NETLOGONGUPDATE1C9CACD8DF437CE
-------\Legacy_NLAFAXNVSVC
-------\Legacy_OMNISERVUPNPHOST
-------\Legacy_OSEPROTECTEDSTORAGE
-------\Legacy_POLICYAGENTFAX
-------\Legacy_PROTECTEDSTORAGEOSE
-------\Legacy_RASAUTOWUDFSVC
-------\Legacy_REMOTEACCESSXMLPROV
-------\Legacy_RPCLOCATORSECLOGON
-------\Legacy_SECLOGONCRYPTSVC
-------\Legacy_SPOOLERSHELLHWDETECTION
-------\Legacy_SYSMONLOGDCOMLAUNCH
-------\Legacy_TERMSERVICECOMSYSAPP
-------\Legacy_W32TIMEMSISERVER
-------\Legacy_WINMGMTNETLOGON
-------\Legacy_WMIAPSRVSECLOGON
-------\Legacy_WSCSVCPROTECTEDSTORAGE
-------\Legacy_ZUMIESEARCH_SERVICE
-------\Service_AlerterPolicyAgentFaxseclogon
-------\Service_ALGsrservice
-------\Service_AudioSrvERSvc
-------\Service_BITSTrkWks
-------\Service_Boonty Games
-------\Service_BrowserSENS
-------\Service_dmserverhelpsvc
-------\Service_EventSystemNetman
-------\Service_FaxNVSvc
-------\Service_gupdate1c9cacd8df437ceEventSystem
-------\Service_lanmanworkstationHidServ
-------\Service_LmHostsRDSessMgr
-------\Service_MDMSysmonLog
-------\Service_MessengerWudfSvc
-------\Service_mnmsrvcRDSessMgr
-------\Service_MSDTCFaxNVSvc
-------\Service_MSIServerBrowser
-------\Service_MyWebSearchService
-------\Service_Netlogongupdate1c9cacd8df437ce
-------\Service_NlaFaxNVSvc
-------\Service_omniservupnphost
-------\Service_oseProtectedStorage
-------\Service_PolicyAgentFax
-------\Service_ProtectedStorageose
-------\Service_RasAutoWudfSvc
-------\Service_RemoteAccessxmlprov
-------\Service_RpcLocatorseclogon
-------\Service_seclogonCryptSvc
-------\Service_SpoolerShellHWDetection
-------\Service_SysmonLogDcomLaunch
-------\Service_TermServiceCOMSysApp
-------\Service_W32TimeMSIServer
-------\Service_winmgmtNetlogon
-------\Service_WmiApSrvseclogon
-------\Service_wscsvcProtectedStorage
-------\Service_ZumieSearch Service
-------\Legacy_dmserverhelpsvcoseProtectedStorage
-------\Legacy_EventSystemNetmanMessenger
-------\Legacy_mnmsrvcWmiApSrvseclogon
-------\Legacy_Netlogonhkmsvc
-------\Legacy_PolicyAgentFaxseclogon
-------\Legacy_PolicyAgentLmHostsRDSessMgr
-------\Legacy_ProtectedStorageosemnmsrvc
-------\Legacy_RemoteAccessxmlprov_Service
-------\Legacy_seclogonmnmsrvc
-------\Legacy_SysmonLogDcomLaunchwinmgmt
-------\Legacy_TermServiceUPS
-------\Service_dmserverhelpsvcoseProtectedStorage
-------\Service_EventSystemNetmanMessenger
-------\Service_mnmsrvcWmiApSrvseclogon
-------\Service_Netlogonhkmsvc
-------\Service_PolicyAgentFaxseclogon
-------\Service_PolicyAgentLmHostsRDSessMgr
-------\Service_ProtectedStorageosemnmsrvc
-------\Service_RemoteAccessxmlprov Service
-------\Service_seclogonmnmsrvc
-------\Service_SysmonLogDcomLaunchwinmgmt
-------\Service_TermServiceUPS


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 10:09 . 2009-05-30 10:09 -------- d-----w c:\program files\Trend Micro
2009-05-30 09:50 . 2009-05-26 21:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 09:50 . 2009-05-30 09:50 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-30 09:50 . 2009-05-26 21:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-30 08:46 . 2009-05-30 08:46 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-05-29 08:22 . 2009-05-29 08:22 -------- d-----w c:\documents and settings\Owner\Application Data\Webroot
2009-05-29 08:22 . 2009-05-29 08:22 -------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-05-29 08:22 . 2008-08-10 00:04 1538928 ----a-w c:\windows\WRSetup.dll
2009-05-29 04:02 . 2009-05-29 04:02 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-29 04:02 . 2009-05-29 04:02 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-29 04:02 . 2009-05-29 04:02 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-19 07:50 . 2009-05-19 07:50 -------- d-----w c:\documents and settings\Owner\Application Data\FairyTale
2009-05-19 06:03 . 2009-05-19 06:03 -------- d-sh--w c:\documents and settings\Owner\IECompatCache
2009-05-19 05:40 . 2009-05-19 05:40 -------- d-----w c:\program files\Common Files\xing shared
2009-05-19 02:34 . 2009-05-19 02:34 -------- d-sh--w c:\documents and settings\LocalService\PrivacIE
2009-05-15 07:19 . 2009-05-15 07:19 390664 ----a-w c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-14 20:36 . 2009-05-14 20:36 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-11 21:30 . 2009-05-30 07:43 -------- d-----w c:\program files\MSECache
2009-05-11 21:19 . 2009-05-11 21:19 -------- d-sh--w c:\documents and settings\Owner\PrivacIE
2009-05-11 21:17 . 2009-05-11 21:17 -------- d-sh--w c:\documents and settings\Owner\IETldCache
2009-05-11 21:13 . 2009-05-11 21:13 -------- d-----w c:\windows\ie8updates
2009-05-11 21:10 . 2009-05-11 21:12 -------- dc-h--w c:\windows\ie8
2009-05-11 21:07 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-07 19:18 . 2009-05-19 11:15 325 --s-a-w c:\windows\system32\575814645.dat
2009-05-05 07:47 . 2009-05-05 07:47 -------- d-----w c:\documents and settings\All Users\Application Data\Arkadium
2009-05-05 06:40 . 2009-05-05 06:40 -------- d-----w c:\documents and settings\Owner\Application Data\URSE Games
2009-05-04 02:59 . 2009-05-04 02:59 -------- d-----w c:\documents and settings\Owner\Application Data\StoneLoopsRL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 08:46 . 2004-10-19 20:15 -------- d-----w c:\program files\Google
2009-05-29 08:05 . 2003-08-24 03:42 -------- d-----w c:\program files\PC-Doctor for Windows
2009-05-29 08:01 . 2003-08-23 14:12 273928 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 08:52 . 2008-06-11 18:25 -------- d-----w c:\program files\RealArcade
2009-05-19 05:40 . 2003-08-23 14:14 -------- d-----w c:\program files\Common Files\Real
2009-05-19 05:40 . 2005-10-24 03:12 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-19 05:40 . 2005-10-24 03:12 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-19 02:34 . 2006-01-26 08:38 -------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-05-06 21:17 . 2005-11-06 06:48 -------- d-----w c:\documents and settings\Owner\Application Data\PlayFirst
2009-05-06 21:17 . 2005-11-06 06:48 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-04-30 07:17 . 2006-03-14 10:08 -------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2009-04-27 07:34 . 2009-04-27 07:34 -------- d-----w c:\documents and settings\All Users\Application Data\MonteCristo
2009-04-27 05:42 . 2009-04-27 05:42 -------- d-----w c:\documents and settings\Owner\Application Data\Playrix Entertainment
2009-04-20 08:02 . 2009-04-20 08:02 -------- d-----w c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-04-18 05:34 . 2009-04-18 05:34 -------- d-----w c:\documents and settings\Owner\Application Data\Realv1002
2009-04-07 05:33 . 2009-04-07 05:33 -------- d-----w c:\documents and settings\All Users\Application Data\RealArcade
2009-04-06 08:49 . 2009-01-03 09:01 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-06 03:52 . 2006-10-23 23:08 -------- d-----w c:\documents and settings\All Users\Application Data\JollyBear
2009-04-01 03:05 . 2009-04-01 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\Mushroom Age
2009-03-31 01:13 . 2009-04-07 05:33 98304 ----a-w c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
2009-03-08 12:34 . 2005-10-21 20:51 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 12:34 . 2003-08-25 21:30 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 12:33 . 2003-08-25 21:25 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 12:33 . 2003-08-25 20:34 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 12:32 . 2003-08-25 21:25 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 12:32 . 2003-08-25 21:25 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 12:31 . 2003-08-25 21:25 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 12:31 . 2003-08-25 21:31 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 12:31 . 2003-08-25 21:31 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 12:22 . 2003-08-25 21:31 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-08-25 20:32 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 15:41 . 2009-03-05 01:21 4608 ----a-w c:\documents and settings\All Users\Application Data\ZumieSearch\zumie175.exe
2005-02-14 22:09 . 2005-02-14 22:09 111 -c--a-w c:\program files\Common Files\Register.ini
2005-01-17 19:17 . 2005-01-17 19:17 4798024 -c--a-w c:\program files\Common Files\NetZeroCosmiSetup.exe
2004-11-08 20:10 . 2004-11-08 20:10 1115136 -c--a-w c:\program files\Common Files\Register.exe
2004-09-08 21:08 . 2004-09-08 21:08 0 -csha-w c:\windows\SMINST\HPCD.sys
2004-11-09 00:04 . 2004-10-25 16:25 56 -csh--r c:\windows\system32\305EAFB0AA.sys
.

------- Sigcheck -------

[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 !HASH: COULD NOT OPEN FILE ! c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2002-08-29 12:00 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
 
A

Ambitiousness

New Member
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}]
2008-03-03 23:26 635392 ----a-w c:\program files\GamingSquared\Gaming2\G2IE_v1042.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-05-03 835654]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-25 218496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-27 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"G2"="c:\program files\GamingSquared\Gaming2\G2.exe" [2008-03-03 1215664]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-19 198160]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-25 218496]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w c:\program files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu.lnk
backup=c:\windows\pss\eFax Tray Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Live Menu.lnk
backup=c:\windows\pss\Live Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\Jason's Wedding\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
S2 gupdate1c9cacd8df437ce;Google Update Service (gupdate1c9cacd8df437ce);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2009 6:27 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 02:27]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kqo4kfbp.default\
FF - component: c:\program files\GamingSquared\Gaming2\FF_v1042\components\G2FF_v1042.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF - plugin: c:\program files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 14:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,75,9d,eb,a2,dd,fd,4d,82,f8,5f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,75,9d,eb,a2,dd,fd,4d,82,f8,5f,\

[HKEY_USERS\S-1-5-21-3008311127-4134395117-2727187899-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,50,74,16,5b,68,12,4e,b2,90,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,50,74,16,5b,68,12,4e,b2,90,83,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(344)
c:\program files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\OPXPApp.exe
.
**************************************************************************
.
Completion time: 2009-05-30 14:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 22:21

Pre-Run: 79,441,629,184 bytes free
Post-Run: 82,520,805,376 bytes free

434 --- E O F --- 2009-05-19 11:23
 
A

Ambitiousness

New Member
Hijack this:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:37 PM, on 5/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: AutoTBar.exe
O4 - Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Fishdom%20H2O%20-%20Hidden%20Odyssey/Images/stg_drm.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Blokus%20World%20Tour/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O23 - Service: Google Update Service (gupdate1c9cacd8df437ce) (gupdate1c9cacd8df437ce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

--
End of file - 7260 bytes















-----------

As for review, despite being on the administrator account, I tried to download this utility: http://support.microsoft.com/kb/290301 ; Microsoft Installer Cleanup Utility, it tells me that the administrator has disabled or disallows the process from continuing or to some effect....I'm guessing that's just the virus there still?
 
Last edited:
johnb35

johnb35

Administrator
Staff member
Am I not seeing that you have Antivirus software installed? If you don't, you need to download the free version of AVG and update it and then scan your system.
 
A

Ambitiousness

New Member
Good news. I just installed anti-virus software, I installed Webroot Antivirus (Spysweeper with antivirus). I updated my definitions and am just about to run a custom scan now.

This is good news for me because prior to running combofix I was unable to successful install it.

Also I ran Malwarebytes' as it is allowing me to run it now (probably thanks to CF). It revealed 0 infected files however.

Keep in mind that I'm doing all this in safe mode. I have yet to go to normal mode to see if FF or IE or Malwarebytes work there.

Thanks for assistance. ^^
 
johnb35

johnb35

Administrator
Staff member
If it works in safe mode then it should work in normal mode. Actually if its possible all scans should be in normal mode.
 
You must log in or register to reply here.
Top