Jump to content

Recommended Posts

Well I suspected that I had some malware on my computer because I kept getting explorer errors (I still am) Pretty much every time I boot up the computer. I have just been dragging and hiding the window and the computer seems to run fine. Also when I start up I get a RUNDLL error saying that

C:\WINDOWS\NKBAPor.dll the specified module cannot be found

I have no idea what this is and haven't been able to find any info on it. I ran smitfraudfix because I suspected malware; here is the log

SmitFraudFix v2.424

Scan done at 14:36:13.93, Mon 06/28/2010

Run from C:\Documents and Settings\Kristen Mogavero\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

Link to post
Share on other sites

  • Staff

Hi,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [uhaxomi] rundll32.exe "C:\WINDOWS\omolevetecofiruj.dll",Startup

O4 - HKCU\..\Run: [{ACDF1487-7D36-C636-F36B-B44D6288F97D}] "C:\Documents and Settings\Kristen Mogavero\Application Data\Ihvipu\giazu.exe"

O4 - HKCU\..\Run: [Psobutapi] rundll32.exe "C:\WINDOWS\NKBAPor.dll",Startup

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

Then, * Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

See the attached picture... that popped up while i was running malwarebytes. Still waiting for scan to finish

33elrhz.jpg

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:40:17 AM, on 6/30/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\WINDOWS\OA001Mon.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\CyberGatekeeper Agent\cgahelp.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\CyberGatekeeper Agent\cgav.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\CyberGatekeeper Agent\cgasvc.exe

C:\PROGRA~1\CYBERG~1\cgagent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\mfevtps.exe

C:\PROGRA~1\CYBERG~1\cgahelp.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\mspaint.exe

C:\Documents and Settings\Kristen Mogavero\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CyberFlash - {5FC650AA-7947-405F-986E-FD894CE69723} - C:\CYBERF~1\Program\CYBERF~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AESTFltr] "C:\WINDOWS\system32\AESTFltr.exe" /NoDlg

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [OA001Mon] C:\WINDOWS\OA001Mon.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [CgaHelper] C:\Program Files\CyberGatekeeper Agent\cgahelp.exe -check

O4 - HKLM\..\Run: [CgaViewer] C:\Program Files\CyberGatekeeper Agent\cgav.exe -check

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [uhaxomi] rundll32.exe "C:\WINDOWS\omolevetecofiruj.dll",Startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kristen Mogavero\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [{ACDF1487-7D36-C636-F36B-B44D6288F97D}] "C:\Documents and Settings\Kristen Mogavero\Application Data\Ihvipu\giazu.exe"

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: CyberFlash - {696bbd5a-950e-445b-b9c9-dfc7b9f3cfc6} - C:\CYBERF~1\Program\CYBERF~1.DLL

O9 - Extra 'Tools' menuitem: CyberFlash - {696bbd5a-950e-445b-b9c9-dfc7b9f3cfc6} - C:\CYBERF~1\Program\CYBERF~1.DLL

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1271100218718

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberGatekeeper Agent (CGAgent) - InfoExpress - C:\Program Files\CyberGatekeeper Agent\cgasvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--

End of file - 10596 bytes

Link to post
Share on other sites

Here is the mbam log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4251

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/30/2010 11:45:29 AM

mbam-log-2010-06-30 (11-45-29).txt

Scan type: Quick scan

Objects scanned: 127656

Time elapsed: 16 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

It looks like you didn't update mbam before the scan, because you are 10 updates behind.

So please Update Malwarebytes first via the program > update tab > Check for updates.

Then rerun Malwarebytes again, let it remove what it found and reboot.

After reboot post the mbam log together with a new HijackThis log. So HijackThis should be run after mbam run and reboot.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4261

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/30/2010 12:16:46 PM

mbam-log-2010-06-30 (12-16-46).txt

Scan type: Quick scan

Objects scanned: 128045

Time elapsed: 12 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{acdf1487-7d36-c636-f36b-b44d6288f97d} (Trojan.Zbot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Kristen Mogavero\Application Data\Ihvipu\giazu.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Extra note: The combofix tutorial recommends to disable your Antivirus, in your case McAfee. For McAfee, I rather recommend to temporary uninstall it, because Mcafee causes a lot of problems with Combofix after reboot, this because McAfee enables again after reboot. So please temporary uninstall McAfee first, then reboot and then scan with Combofix.

Link to post
Share on other sites

ComboFix 10-06-29.04 - Kristen Mogavero 06/30/2010 16:53:20.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1936.1264 [GMT -4:00]

Running from: c:\documents and settings\Kristen Mogavero\My Documents\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\{D7A7FA64-BB61-4D60-B081-B7126653E6ED}

c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\{D7A7FA64-BB61-4D60-B081-B7126653E6ED}\chrome.manifest

c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\{D7A7FA64-BB61-4D60-B081-B7126653E6ED}\chrome\content\_cfg.js

c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\{D7A7FA64-BB61-4D60-B081-B7126653E6ED}\chrome\content\overlay.xul

c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\{D7A7FA64-BB61-4D60-B081-B7126653E6ED}\install.rdf

C:\test.txt

c:\windows\omolevetecofiruj.dll

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\st326159.dll

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))

.

2010-06-30 15:37 . 2010-06-30 15:37 -------- d-----w- C:\QUARANTINE

2010-06-29 03:21 . 2010-06-29 03:21 53248 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe

2010-06-29 03:07 . 2010-06-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion

2010-06-29 03:07 . 2010-06-29 03:07 -------- d-----w- c:\program files\Common Files\Roxio Shared

2010-06-29 03:06 . 2010-06-29 03:08 -------- d-----w- c:\program files\Research In Motion

2010-06-29 02:59 . 2010-06-30 20:38 256 ----a-w- c:\windows\system32\pool.bin

2010-06-29 02:59 . 2010-06-29 02:59 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\Research In Motion

2010-06-29 02:59 . 2009-01-09 20:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys

2010-06-29 02:59 . 2010-06-29 02:59 26694 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{D5E8D67B-1EDC-4981-8B49-CD48DDD578DC}\BlackBerry.exe

2010-06-29 02:58 . 2010-06-29 03:07 -------- d-----w- c:\program files\Common Files\Research In Motion

2010-06-28 21:42 . 2010-06-28 21:42 2568656 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2010-06-24 03:15 . 2010-06-30 12:04 0 ----a-w- c:\windows\Ctixozera.bin

2010-06-24 03:15 . 2010-06-24 03:15 120 ----a-w- c:\windows\Oqolike.dat

2010-06-24 03:08 . 2010-06-24 03:09 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\ManyCam

2010-06-24 03:08 . 2010-06-24 03:09 -------- d-----w- c:\program files\ManyCam 2.4

2010-06-23 02:01 . 2010-06-23 02:01 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\com.mesiablabs.Hummingbird.4F508AB529C1EC8AC04A1919276966C36BC93650.1

2010-06-23 02:00 . 2010-06-23 02:00 -------- d-----w- c:\program files\Hummingbird

2010-06-23 01:59 . 2010-06-23 01:59 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-06-22 04:09 . 2010-06-22 04:11 87 ----a-w- c:\documents and settings\Kristen Mogavero\jagex_runescape_preferences2.dat

2010-06-22 04:09 . 2010-06-22 04:09 0 ----a-w- c:\documents and settings\Kristen Mogavero\jagex__preferences3.dat

2010-06-22 04:07 . 2010-06-22 04:10 45 ----a-w- c:\documents and settings\Kristen Mogavero\jagex_runescape_preferences.dat

2010-06-22 04:07 . 2010-06-22 04:07 -------- d-----w- c:\windows\.jagex_cache_32

2010-06-09 16:26 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 02:27 . 2010-06-20 15:23 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\BitTorrent

2010-06-09 02:27 . 2010-06-09 02:27 -------- d-----w- c:\program files\BitTorrent

2010-06-03 06:19 . 2010-06-30 15:22 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\Qihi

2010-06-02 19:35 . 2010-06-02 19:37 38275 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\CGAIEWA\F208BF31-DA5A-7CD9-6ACB-B58455692EB0\uniewa.exe

2010-06-01 16:02 . 2010-06-02 19:35 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\CGAIEWA

2010-06-01 16:00 . 2010-06-02 19:39 -------- d-----w- c:\program files\CyberGatekeeper Agent

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-30 20:47 . 2010-04-12 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-30 20:46 . 2010-04-12 18:36 -------- d-----w- c:\program files\McAfee

2010-06-30 20:37 . 2010-05-19 13:22 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\LimeWire

2010-06-30 16:16 . 2010-04-25 16:11 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\Ihvipu

2010-06-29 04:34 . 2010-04-13 01:10 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\Skype

2010-06-29 04:02 . 2010-04-13 01:11 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\skypePM

2010-06-28 18:21 . 2010-04-12 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-25 17:58 . 2010-05-22 01:33 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\vlc

2010-06-10 03:54 . 2010-04-14 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-04 12:53 . 2010-04-25 16:56 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-02 19:31 . 2010-04-12 19:47 -------- d-----w- c:\program files\Windows Desktop Search

2010-05-31 01:02 . 2010-05-31 01:01 -------- d-----w- c:\program files\Freecorder

2010-05-31 00:56 . 2010-05-31 00:56 2638 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2915EC1-6C07-452F-8435-4B6A0C1665C2}\_9B76C7F7443DAC0B99396F.exe

2010-05-31 00:56 . 2010-05-31 00:56 2638 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2915EC1-6C07-452F-8435-4B6A0C1665C2}\_6FEFF9B68218417F98F549.exe

2010-05-31 00:56 . 2010-05-31 00:56 2638 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2915EC1-6C07-452F-8435-4B6A0C1665C2}\_6D8B3AE760EBB795B20800.exe

2010-05-31 00:56 . 2010-05-31 00:56 1150 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2915EC1-6C07-452F-8435-4B6A0C1665C2}\_FC43205BAFD6F8AF561C1C.exe

2010-05-29 22:01 . 2010-04-14 18:02 -------- d-----w- c:\program files\Microsoft Works

2010-05-29 16:24 . 2010-05-29 16:24 57028 ---ha-w- c:\windows\system32\mlfcache.dat

2010-05-26 13:47 . 2010-05-26 13:47 -------- d-----w- c:\program files\WinPcap

2010-05-26 13:47 . 2010-05-26 13:41 -------- d-----w- c:\program files\Messenger Plus! Live

2010-05-26 13:42 . 2010-05-26 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!

2010-05-26 13:34 . 2010-05-26 13:34 -------- d-----w- c:\program files\Microsoft

2010-05-26 13:34 . 2010-05-26 13:33 -------- d-----w- c:\program files\Windows Live

2010-05-26 13:34 . 2010-05-26 13:34 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-05-26 13:31 . 2010-05-26 13:31 -------- d-----w- c:\program files\Common Files\Windows Live

2010-05-22 01:35 . 2010-05-22 01:34 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\dvdcss

2010-05-22 01:32 . 2010-05-22 01:32 -------- d-----w- c:\program files\VideoLAN

2010-05-19 13:22 . 2010-05-19 13:21 -------- d-----w- c:\program files\LimeWire

2010-05-18 11:25 . 2010-04-18 17:27 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\Apple Computer

2010-05-18 11:25 . 2010-04-18 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-05-09 18:26 . 2010-05-09 17:58 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\TeamViewer

2010-05-09 17:57 . 2010-05-09 17:57 -------- d-----w- c:\program files\TeamViewer

2010-05-09 17:42 . 2010-04-12 22:32 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-08 01:44 . 2010-05-08 01:44 133120 ----a-w- C:\SocialSearchRBot v1.1.exe

2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-05 16:37 . 2010-04-27 00:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-05-05 16:31 . 2010-04-27 01:20 1794 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\SAS7_000.DAT

2010-05-03 02:47 . 2010-05-03 02:47 613888 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\WMASoundPlugin.dll

2010-05-03 02:47 . 2010-05-03 02:47 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll

2010-05-03 02:47 . 2010-05-03 02:47 1603072 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll

2010-05-03 02:47 . 2010-05-03 02:47 444928 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll

2010-05-03 02:47 . 2010-05-03 02:47 72704 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\RemoteControl.dll

2010-05-03 02:47 . 2010-05-03 02:47 630272 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll

2010-05-03 02:47 . 2010-05-03 02:47 5439488 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe

2010-05-03 02:47 . 2010-05-03 02:47 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll

2010-05-03 02:47 . 2010-05-03 02:47 1495040 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll

2010-05-03 02:47 . 2010-05-03 02:47 1138688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll

2010-05-02 16:04 . 2008-04-14 12:00 1860352 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 19:39 . 2010-04-12 20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-04-12 20:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 00:29 . 2010-04-27 00:29 50354 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Facebook\uninstall.exe

2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-18 17:41 . 2010-04-12 18:33 69592 ----a-w- c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-13 09:05 . 2010-04-13 09:05 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-04-13 09:05 . 2010-04-13 09:05 1047552 ----a-w- c:\windows\system32\mfc71u.dll

2010-04-13 07:38 . 2010-04-13 07:01 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-13 06:59 . 2010-04-13 06:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2010-04-13 01:12 . 2010-04-13 01:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-04-12 22:40 . 2010-04-12 22:40 0 ----a-w- c:\windows\nsreg.dat

2010-04-12 22:30 . 2010-04-12 22:30 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-12 22:30 . 2010-04-12 22:30 79488 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Sun\Java\jre1.6.0_19\gtapi.dll

2010-04-12 22:30 . 2010-04-12 22:30 152576 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Sun\Java\jre1.6.0_19\lzma.dll

2010-04-12 22:03 . 2010-04-12 22:03 0 ----a-w- c:\windows\invcol.tmp

2010-04-06 09:12 . 2010-04-22 22:51 114360 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

2009-11-04 01:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-12 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]

"OA001Mon"="c:\windows\OA001Mon.exe" [2010-01-28 24576]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]

"CgaHelper"="c:\program files\CyberGatekeeper Agent\cgahelp.exe" [2010-01-13 106560]

"CgaViewer"="c:\program files\CyberGatekeeper Agent\cgav.exe" [2010-01-13 163898]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]

c:\documents and settings\Kristen Mogavero\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [6/10/2008 1:32 PM 22016]

R2 CafeDrv;CafeDrv NDIS Protocol Driver;c:\windows\system32\drivers\CafeDrv.sys [10/28/2009 1:36 PM 29568]

R2 CGAgent;CyberGatekeeper Agent;c:\program files\CyberGatekeeper Agent\cgasvc.exe [1/13/2010 12:09 PM 81982]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe --> c:\windows\system32\mfevtps.exe [?]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [4/13/2010 4:12 AM 2058776]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/13/2010 4:39 AM 112512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/13/2010 4:32 AM 240344]

R3 Iexim;Infoexpress Generic Network Filter Service;c:\windows\system32\drivers\iexim.sys [12/8/2009 12:17 PM 31232]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [4/13/2010 4:23 AM 109568]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [4/12/2010 2:56 PM 134144]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [4/12/2010 2:56 PM 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [4/12/2010 2:56 PM 281472]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [4/13/2010 4:38 AM 232744]

S0 cerc6;cerc6; [x]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys --> c:\windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 1:31 PM 42000]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]

.

Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-630328440-1417001333-1003Core.job

- c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-12 23:43]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-630328440-1417001333-1003UA.job

- c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-12 23:43]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB

FF - ProfilePath - c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\

FF - component: c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

FF - plugin: c:\documents and settings\Kristen Mogavero\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

HKLM-Run-Uhaxomi - c:\windows\omolevetecofiruj.dll

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

Completion time: 2010-06-30 17:01:20

ComboFix-quarantined-files.txt 2010-06-30 21:01

Pre-Run: 132,885,254,144 bytes free

Post-Run: 133,094,252,544 bytes free

- - End Of File - - 2C82727AB8E70E6D91F3738ABCC9BC9B

Link to post
Share on other sites

  • Staff

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

File::

c:\windows\Ctixozera.bin

c:\windows\Oqolike.dat

Folder::

c:\documents and settings\Kristen Mogavero\Application Data\Ihvipu

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

No restart happened and combofix updated

ComboFix 10-06-30.01 - Kristen Mogavero 06/30/2010 18:27:40.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1936.1308 [GMT -4:00]

Running from: c:\documents and settings\Kristen Mogavero\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Kristen Mogavero\My Documents\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Kristen Mogavero\Application Data\Ihvipu

.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))

.

2010-06-30 15:37 . 2010-06-30 15:37 -------- d-----w- C:\QUARANTINE

2010-06-29 03:21 . 2010-06-29 03:21 53248 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe

2010-06-29 03:07 . 2010-06-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion

2010-06-29 03:07 . 2010-06-29 03:07 -------- d-----w- c:\program files\Common Files\Roxio Shared

2010-06-29 03:06 . 2010-06-29 03:08 -------- d-----w- c:\program files\Research In Motion

2010-06-29 02:59 . 2010-06-30 20:38 256 ----a-w- c:\windows\system32\pool.bin

2010-06-29 02:59 . 2010-06-29 02:59 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\Research In Motion

2010-06-29 02:59 . 2009-01-09 20:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys

2010-06-29 02:59 . 2010-06-29 02:59 26694 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{D5E8D67B-1EDC-4981-8B49-CD48DDD578DC}\BlackBerry.exe

2010-06-29 02:58 . 2010-06-29 03:07 -------- d-----w- c:\program files\Common Files\Research In Motion

2010-06-28 21:42 . 2010-06-28 21:42 2568656 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2010-06-24 03:15 . 2010-06-30 12:04 0 ----a-w- c:\windows\Ctixozera.bin

2010-06-24 03:15 . 2010-06-24 03:15 120 ----a-w- c:\windows\Oqolike.dat

2010-06-24 03:08 . 2010-06-24 03:09 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\ManyCam

2010-06-24 03:08 . 2010-06-24 03:09 -------- d-----w- c:\program files\ManyCam 2.4

2010-06-23 02:01 . 2010-06-23 02:01 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\com.mesiablabs.Hummingbird.4F508AB529C1EC8AC04A1919276966C36BC93650.1

2010-06-23 02:00 . 2010-06-23 02:00 -------- d-----w- c:\program files\Hummingbird

2010-06-23 01:59 . 2010-06-23 01:59 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-06-22 04:09 . 2010-06-22 04:11 87 ----a-w- c:\documents and settings\Kristen Mogavero\jagex_runescape_preferences2.dat

2010-06-22 04:09 . 2010-06-22 04:09 0 ----a-w- c:\documents and settings\Kristen Mogavero\jagex__preferences3.dat

2010-06-22 04:07 . 2010-06-22 04:10 45 ----a-w- c:\documents and settings\Kristen Mogavero\jagex_runescape_preferences.dat

2010-06-22 04:07 . 2010-06-22 04:07 -------- d-----w- c:\windows\.jagex_cache_32

2010-06-09 16:26 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 02:27 . 2010-06-20 15:23 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\BitTorrent

2010-06-09 02:27 . 2010-06-09 02:27 -------- d-----w- c:\program files\BitTorrent

2010-06-03 06:19 . 2010-06-30 15:22 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\Qihi

2010-06-02 19:35 . 2010-06-02 19:37 38275 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\CGAIEWA\F208BF31-DA5A-7CD9-6ACB-B58455692EB0\uniewa.exe

2010-06-01 16:02 . 2010-06-02 19:35 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\CGAIEWA

2010-06-01 16:00 . 2010-06-02 19:39 -------- d-----w- c:\program files\CyberGatekeeper Agent

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-30 20:47 . 2010-04-12 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-30 20:46 . 2010-04-12 18:36 -------- d-----w- c:\program files\McAfee

2010-06-30 20:37 . 2010-05-19 13:22 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\LimeWire

2010-06-29 04:34 . 2010-04-13 01:10 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\Skype

2010-06-29 04:02 . 2010-04-13 01:11 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\skypePM

2010-06-28 18:21 . 2010-04-12 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-25 17:58 . 2010-05-22 01:33 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\vlc

2010-06-10 03:54 . 2010-04-14 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-04 12:53 . 2010-04-25 16:56 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-02 19:31 . 2010-04-12 19:47 -------- d-----w- c:\program files\Windows Desktop Search

2010-05-31 01:02 . 2010-05-31 01:01 -------- d-----w- c:\program files\Freecorder

2010-05-31 00:56 . 2010-05-31 00:56 2638 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2915EC1-6C07-452F-8435-4B6A0C1665C2}\_9B76C7F7443DAC0B99396F.exe

2010-05-31 00:56 . 2010-05-31 00:56 2638 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2915EC1-6C07-452F-8435-4B6A0C1665C2}\_6FEFF9B68218417F98F549.exe

2010-05-31 00:56 . 2010-05-31 00:56 2638 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2915EC1-6C07-452F-8435-4B6A0C1665C2}\_6D8B3AE760EBB795B20800.exe

2010-05-31 00:56 . 2010-05-31 00:56 1150 ----a-r- c:\documents and settings\Kristen Mogavero\Application Data\Microsoft\Installer\{B2915EC1-6C07-452F-8435-4B6A0C1665C2}\_FC43205BAFD6F8AF561C1C.exe

2010-05-29 22:01 . 2010-04-14 18:02 -------- d-----w- c:\program files\Microsoft Works

2010-05-29 16:24 . 2010-05-29 16:24 57028 ---ha-w- c:\windows\system32\mlfcache.dat

2010-05-26 13:47 . 2010-05-26 13:47 -------- d-----w- c:\program files\WinPcap

2010-05-26 13:47 . 2010-05-26 13:41 -------- d-----w- c:\program files\Messenger Plus! Live

2010-05-26 13:42 . 2010-05-26 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!

2010-05-26 13:34 . 2010-05-26 13:34 -------- d-----w- c:\program files\Microsoft

2010-05-26 13:34 . 2010-05-26 13:33 -------- d-----w- c:\program files\Windows Live

2010-05-26 13:34 . 2010-05-26 13:34 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-05-26 13:31 . 2010-05-26 13:31 -------- d-----w- c:\program files\Common Files\Windows Live

2010-05-22 01:35 . 2010-05-22 01:34 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\dvdcss

2010-05-22 01:32 . 2010-05-22 01:32 -------- d-----w- c:\program files\VideoLAN

2010-05-19 13:22 . 2010-05-19 13:21 -------- d-----w- c:\program files\LimeWire

2010-05-18 11:25 . 2010-04-18 17:27 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\Apple Computer

2010-05-18 11:25 . 2010-04-18 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-05-09 18:26 . 2010-05-09 17:58 -------- d-----w- c:\documents and settings\Kristen Mogavero\Application Data\TeamViewer

2010-05-09 17:57 . 2010-05-09 17:57 -------- d-----w- c:\program files\TeamViewer

2010-05-09 17:42 . 2010-04-12 22:32 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-08 01:44 . 2010-05-08 01:44 133120 ----a-w- C:\SocialSearchRBot v1.1.exe

2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-05 16:37 . 2010-04-27 00:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-05-05 16:31 . 2010-04-27 01:20 1794 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\SAS7_000.DAT

2010-05-03 02:47 . 2010-05-03 02:47 613888 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\WMASoundPlugin.dll

2010-05-03 02:47 . 2010-05-03 02:47 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll

2010-05-03 02:47 . 2010-05-03 02:47 1603072 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll

2010-05-03 02:47 . 2010-05-03 02:47 444928 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll

2010-05-03 02:47 . 2010-05-03 02:47 72704 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\RemoteControl.dll

2010-05-03 02:47 . 2010-05-03 02:47 630272 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll

2010-05-03 02:47 . 2010-05-03 02:47 5439488 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe

2010-05-03 02:47 . 2010-05-03 02:47 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll

2010-05-03 02:47 . 2010-05-03 02:47 1495040 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll

2010-05-03 02:47 . 2010-05-03 02:47 1138688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll

2010-05-02 16:04 . 2008-04-14 12:00 1860352 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 19:39 . 2010-04-12 20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-04-12 20:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 00:29 . 2010-04-27 00:29 50354 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Facebook\uninstall.exe

2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-18 17:41 . 2010-04-12 18:33 69592 ----a-w- c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-13 09:05 . 2010-04-13 09:05 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-04-13 09:05 . 2010-04-13 09:05 1047552 ----a-w- c:\windows\system32\mfc71u.dll

2010-04-13 07:38 . 2010-04-13 07:01 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-13 06:59 . 2010-04-13 06:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2010-04-13 01:12 . 2010-04-13 01:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-04-12 22:40 . 2010-04-12 22:40 0 ----a-w- c:\windows\nsreg.dat

2010-04-12 22:30 . 2010-04-12 22:30 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-12 22:30 . 2010-04-12 22:30 79488 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Sun\Java\jre1.6.0_19\gtapi.dll

2010-04-12 22:30 . 2010-04-12 22:30 152576 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Sun\Java\jre1.6.0_19\lzma.dll

2010-04-12 22:03 . 2010-04-12 22:03 0 ----a-w- c:\windows\invcol.tmp

2010-04-06 09:12 . 2010-04-22 22:51 114360 ----a-w- c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

2009-11-04 01:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-12 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]

"OA001Mon"="c:\windows\OA001Mon.exe" [2010-01-28 24576]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]

"CgaHelper"="c:\program files\CyberGatekeeper Agent\cgahelp.exe" [2010-01-13 106560]

"CgaViewer"="c:\program files\CyberGatekeeper Agent\cgav.exe" [2010-01-13 163898]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]

c:\documents and settings\Kristen Mogavero\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [6/10/2008 1:32 PM 22016]

R2 CafeDrv;CafeDrv NDIS Protocol Driver;c:\windows\system32\drivers\CafeDrv.sys [10/28/2009 1:36 PM 29568]

R2 CGAgent;CyberGatekeeper Agent;c:\program files\CyberGatekeeper Agent\cgasvc.exe [1/13/2010 12:09 PM 81982]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe --> c:\windows\system32\mfevtps.exe [?]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [4/13/2010 4:12 AM 2058776]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/13/2010 4:39 AM 112512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/13/2010 4:32 AM 240344]

R3 Iexim;Infoexpress Generic Network Filter Service;c:\windows\system32\drivers\iexim.sys [12/8/2009 12:17 PM 31232]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [4/13/2010 4:23 AM 109568]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [4/12/2010 2:56 PM 134144]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [4/12/2010 2:56 PM 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [4/12/2010 2:56 PM 281472]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [4/13/2010 4:38 AM 232744]

S0 cerc6;cerc6; [x]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys --> c:\windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 1:31 PM 42000]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]

.

Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-630328440-1417001333-1003Core.job

- c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-12 23:43]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-630328440-1417001333-1003UA.job

- c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-12 23:43]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB

FF - ProfilePath - c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\

FF - component: c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Kristen Mogavero\Application Data\Mozilla\Firefox\Profiles\47a2xhev.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

FF - plugin: c:\documents and settings\Kristen Mogavero\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-30 18:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1504)

c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3208)

c:\windows\system32\WININET.dll

c:\documents and settings\Kristen Mogavero\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

c:\windows\system32\igfxdo.dll

c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-06-30 18:33:57

ComboFix-quarantined-files.txt 2010-06-30 22:33

ComboFix2.txt 2010-06-30 21:01

Pre-Run: 133,099,991,040 bytes free

Post-Run: 133,093,093,376 bytes free

- - End Of File - - 449E056A88C4CD4CB2CE2BF7314E2C9B

Link to post
Share on other sites

  • Staff

Hi,

Please navigate to and delete the following files:

c:\windows\Ctixozera.bin

c:\windows\Oqolike.dat

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.