Sign In
Register
Help
This topic is locked
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:08 PM, on 11/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\Mayra Soto.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061110
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [badibokebu] Rundll32.exe "zafufovi.dll",s
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10802 bytes
Microsoft .NET Framework error message box, won't go away
MultiQuote
#47
nasdaq 
- Forum Deity
-
- Group: Global Moderator
- Posts: 44,805
- Joined: 24-May 04
Posted 07 November 2009 - 09:27 AM
Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: http://www.clickz.co...cle.php/3561546
Additional info: http://vil.nai.com/v...nt/v_137262.htm
I suggest you remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
On a Vista Operating system, Select Start > All programs > click the program and run the Uninstall function.
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
When everything is done and your log is clean again, you can enable it again.
If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
Please don't forget this step to disable TeaTimer.
===
Disable Microsoft Windows Defender
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [badibokebu] Rundll32.exe "zafufovi.dll",s
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Click on Fix Checked when finished and exit HijackThis.
Before you re activate Spybot and Windows defender run this Microsoft cleaning tool used in post No 41.
These tool might just be the reason your Photo Gallery Installation" was not fixed.
When done.
Restart the computer normally.
===
Let see if a reference to webdriver.dll is still in the registry or in Spybot.
Please download RegSearch 2.0 by Bobbi Flekman[list]Right click the RegSearch zip folder and extract to your Desktop.
Double-click RegSearch.exe, and search for: webdriver.dll
It may take a while to run, so be patient.
When finished, the search results will appear in your text editor.
Post the contents of the search into your reply.
===
Keep me posted.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: http://www.clickz.co...cle.php/3561546
Additional info: http://vil.nai.com/v...nt/v_137262.htm
I suggest you remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
- Viewpoint Toolbar
On a Vista Operating system, Select Start > All programs > click the program and run the Uninstall function.
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
- Run Spybot-S&D
- Go to the Mode menu , and make sure "Advanced Mode " is selected
- On the left hand side, choose Tools -> Resident
- Uncheck "Resident TeaTimer " and OK any prompts
- Restart your computer.
When everything is done and your log is clean again, you can enable it again.
If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
Please don't forget this step to disable TeaTimer.
===
Disable Microsoft Windows Defender
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
- Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
- Click on Tools, General Settings.
- Under Real-time protection options, unselect the Turn on real-time protection check box
- Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [badibokebu] Rundll32.exe "zafufovi.dll",s
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Click on Fix Checked when finished and exit HijackThis.
Before you re activate Spybot and Windows defender run this Microsoft cleaning tool used in post No 41.
These tool might just be the reason your Photo Gallery Installation" was not fixed.
When done.
Restart the computer normally.
===
Let see if a reference to webdriver.dll is still in the registry or in Spybot.
Please download RegSearch 2.0 by Bobbi Flekman[list]Right click the RegSearch zip folder and extract to your Desktop.
Double-click RegSearch.exe, and search for: webdriver.dll
It may take a while to run, so be patient.
When finished, the search results will appear in your text editor.
Post the contents of the search into your reply.
===
Keep me posted.
nasdaq
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
#48
azuleno
- Advanced Member
-
- Group: Full Member
- Posts: 123
- Joined: 16-June 04
Posted 07 November 2009 - 11:41 AM
Things looking better.
EDIT 1:I went back to enable TeaTimer and Windows Defender, and then, Photo Gallery Install and a bunch of other SpyBot Accept/Decline changes came up like before. I wonder if as per your suggestion, I should uninstall, then reinstall SpyBot. I also noticed the "Error loading zafufovi.dll" window showing up. It had stopped showing briefly, but came back, but will not pop-up when I close it.
EDIT 2: I momentarily disabled TeaTimer and noticed the RUN DLL warning/error window: "Error loading zafufovi.dll The specified module could not be found." As before, it doesn't reappear after I close it. The SpyBot Accept/Decline windows don't show up with TeaTimer disabled.
Uninstalled All Viewpoint apps found [Mediaplayer and Manager] using Start > Settings > Control Panel > Add/Remove Programs
After disabling TeaTimer and Windows Defender Real Time protection, HJT was done per your instructions. Since Viewpoint was cleaned per above, item below was not found. All others checked and 'fixed' per your instructions:
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
I ran again tool from post #41. After reboot I get a single instance of Windows Installer, PhotoGallery. I click on Cancel and is gone after ONE instance, so I can live with that!
RegSearch log:
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 11/7/2009 11:32:35 AM for strings:
; 'webdriver.dll
webdriver.dll'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...
EDIT 1:I went back to enable TeaTimer and Windows Defender, and then, Photo Gallery Install and a bunch of other SpyBot Accept/Decline changes came up like before. I wonder if as per your suggestion, I should uninstall, then reinstall SpyBot. I also noticed the "Error loading zafufovi.dll" window showing up. It had stopped showing briefly, but came back, but will not pop-up when I close it.
EDIT 2: I momentarily disabled TeaTimer and noticed the RUN DLL warning/error window: "Error loading zafufovi.dll The specified module could not be found." As before, it doesn't reappear after I close it. The SpyBot Accept/Decline windows don't show up with TeaTimer disabled.
Uninstalled All Viewpoint apps found [Mediaplayer and Manager] using Start > Settings > Control Panel > Add/Remove Programs
After disabling TeaTimer and Windows Defender Real Time protection, HJT was done per your instructions. Since Viewpoint was cleaned per above, item below was not found. All others checked and 'fixed' per your instructions:
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
I ran again tool from post #41. After reboot I get a single instance of Windows Installer, PhotoGallery. I click on Cancel and is gone after ONE instance, so I can live with that!
RegSearch log:
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 11/7/2009 11:32:35 AM for strings:
; 'webdriver.dll
webdriver.dll'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...
This post has been edited by azuleno: 07 November 2009 - 12:44 PM
#49
nasdaq
- Forum Deity
-
- Group: Global Moderator
- Posts: 44,805
- Joined: 24-May 04
Posted 07 November 2009 - 02:13 PM
I'm not satisfied by the results of the Previous Registry scan.
Please execute this one.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
===
Run the Combofix tool again and let me see the results also.
Please execute this one.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code:regfind ghkjika.exe
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===
Run the Combofix tool again and let me see the results also.
nasdaq
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
#50
azuleno
- Advanced Member
-
- Group: Full Member
- Posts: 123
- Joined: 16-June 04
Posted 07 November 2009 - 03:39 PM
System Look log:
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:16 on 07/11/2009 by Mayra Soto (Administrator - Elevation successful)
========== regfind ==========
Searching for "ghkjika.exe"
No data found.
-=End Of File=-
ComboFix log:
ComboFix 09-11-07.02 - Mayra Soto 11/07/2009 15:20.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.183 [GMT -5:00]
Running from: c:\documents and settings\Mayra Soto\Desktop\azuleno.exe
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.
2009-11-06 17:00 . 2009-11-07 16:17 -------- dc----w- c:\program files\MSECACHE
2009-11-04 14:59 . 2009-11-04 14:59 -------- dc----w- c:\windows\Hewlett-Packard
2009-11-03 19:57 . 2009-11-03 19:57 -------- dc----w- c:\program files\CCleaner
2009-11-02 20:28 . 2008-07-07 20:06 253952 -c--a-w- c:\windows\system32\es.dll
2009-11-02 20:28 . 2008-07-07 20:06 253952 -c--a-w- c:\windows\system32\dllcache\es.dll
2009-11-02 05:27 . 2009-11-03 01:42 195456 -c----w- c:\windows\system32\MpSigStub.exe
2009-11-02 05:15 . 2009-11-02 05:15 -------- dc----w- c:\windows\system32\wbem\Repository
2009-10-31 20:08 . 2009-10-31 21:20 -------- dc----w- C:\azuleno
2009-10-31 00:49 . 2009-10-31 00:57 -------- dc----w- C:\rsit
2009-10-28 08:35 . 2009-09-10 18:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 08:35 . 2009-09-10 18:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-10-27 12:31 . 2009-10-27 12:31 -------- dc----w- c:\program files\Windows Defender
2009-10-23 22:58 . 2009-10-23 22:58 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-19 14:04 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\drivers\bthport.sys
2009-10-19 14:04 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-19 14:02 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-19 14:02 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-19 14:02 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-19 14:02 . 2009-02-06 16:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-10-19 14:02 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-10-19 14:02 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-19 14:02 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-19 14:02 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-19 14:02 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-19 14:02 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-19 13:59 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-19 13:54 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-19 13:51 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-10-19 13:40 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-19 13:35 . 2009-10-19 13:38 -------- dc----w- c:\windows\system32\CatRoot_bak
2009-10-19 12:25 . 2009-10-19 12:25 -------- dc----w- c:\windows\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2009-10-18 03:08 . 2009-10-19 12:25 -------- dc----w- C:\RECYCLER(2)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 16:12 . 2009-09-26 16:50 -------- dc----w- c:\program files\Trend Micro
2009-11-07 15:51 . 2009-09-11 23:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-07 15:51 . 2006-11-11 00:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-04 14:36 . 2006-11-18 06:00 -------- dc----w- c:\program files\AIM6
2009-11-04 14:36 . 2006-11-16 01:51 -------- dc----w- c:\program files\iTunes
2009-11-04 14:36 . 2006-11-16 01:50 -------- dc----w- c:\program files\QuickTime
2009-11-02 16:18 . 2007-09-06 00:23 -------- dc----w- c:\program files\MSN Messenger
2009-11-01 03:57 . 2009-09-11 22:51 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 20:49 . 2008-03-10 22:42 -------- dc----w- c:\program files\eSoftware
2009-10-28 14:20 . 2009-09-11 23:21 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-10-20 07:36 . 2006-11-15 23:35 77712 -c--a-w- c:\documents and settings\Mayra Soto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 07:07 . 2006-11-11 00:55 -------- dc----w- c:\program files\Microsoft Works
2009-10-19 12:29 . 2006-11-11 00:53 -------- dc----w- c:\program files\BAE
2009-10-08 05:05 . 2009-10-08 05:05 -------- dc----w- c:\program files\VS Revo Group
2009-09-25 05:49 . 2005-08-16 09:18 668672 -c----w- c:\windows\system32\wininet.dll
2009-09-25 05:48 . 2005-08-16 09:18 81920 -c--a-w- c:\windows\system32\ieencode.dll
2009-09-11 23:09 . 2009-09-11 23:09 -------- dc----w- c:\program files\COMODO
2009-09-11 22:51 . 2009-09-11 22:51 -------- dc----w- c:\documents and settings\Mayra Soto\Application Data\Malwarebytes
2009-09-11 22:51 . 2009-09-11 22:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-11 14:33 . 2005-08-16 09:18 133632 -c--a-w- c:\windows\system32\msv1_0.dll
2009-09-06 02:15 . 2006-12-03 22:33 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-06 02:14 . 2006-12-03 22:33 88 -csh--r- c:\windows\system32\22F9E0E6EB.sys
2009-09-04 20:45 . 2005-08-16 09:18 58880 -c--a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2005-08-16 09:19 247326 -c--a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-31_20.53.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-11 00:45 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2006-11-11 00:45 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2005-08-16 09:18 . 2009-10-20 07:38 53640 c:\windows\system32\perfc009.dat
+ 2005-08-16 09:18 . 2009-11-01 07:43 53640 c:\windows\system32\perfc009.dat
- 2006-11-29 00:35 . 2009-10-27 01:51 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2006-11-29 00:35 . 2009-10-27 01:51 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-11-03 02:43 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2009-11-03 02:43 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB950974\spmsg.dll
- 2006-11-29 00:35 . 2009-10-27 01:52 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-09-12 15:44 . 2009-11-02 05:16 387644 c:\windows\system32\Restore\rstrlog.dat
- 2005-08-16 09:18 . 2009-10-20 07:38 382022 c:\windows\system32\perfh009.dat
+ 2005-08-16 09:18 . 2009-11-01 07:43 382022 c:\windows\system32\perfh009.dat
+ 2006-11-11 00:52 . 2005-09-08 10:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE
+ 2006-11-29 00:35 . 2009-11-07 12:05 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-11-03 02:43 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2009-11-03 02:43 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2009-11-03 02:43 . 2005-07-26 04:20 243200 c:\windows\$NtUninstallKB950974$\es.dll
+ 2009-11-03 02:43 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2009-11-03 02:43 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2009-11-03 02:43 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2008-07-07 20:23 . 2008-07-07 20:23 253952 c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2008-07-07 20:26 . 2008-07-07 20:26 253952 c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2005-08-16 09:18 . 2009-10-20 00:00 3070976 c:\windows\system32\mshtml.dll
- 2005-08-16 09:18 . 2009-09-25 05:49 3070976 c:\windows\system32\mshtml.dll
+ 2006-11-11 00:40 . 2009-10-20 00:00 3070976 c:\windows\system32\dllcache\mshtml.dll
- 2006-11-11 00:40 . 2009-09-25 05:49 3070976 c:\windows\system32\dllcache\mshtml.dll
+ 2008-03-31 21:35 . 2008-03-31 21:35 8309760 c:\windows\Installer\394faef.msp
+ 2006-02-22 14:41 . 2006-02-22 14:41 2815488 c:\windows\Installer\394fadc.msp
+ 2009-11-04 14:59 . 2009-11-04 14:59 1728512 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{EC391058-A292-41C5-92C7-95C5A09793B8}\HP Update.msi
+ 2009-10-31 21:49 . 2009-10-02 15:01 25198016 c:\windows\system32\MRT.exe
+ 2004-01-30 08:19 . 2004-01-30 08:19 56269996 c:\windows\Installer\6e9b6a.msp
+ 2009-07-20 17:03 . 2009-07-20 17:03 16465408 c:\windows\Installer\394faf1.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-30 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2009-10-08 14348]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 252704]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
2009-11-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
2009-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKLM-Run-badibokebu - zafufovi.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 15:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-11-07 15:36
ComboFix-quarantined-files.txt 2009-11-07 20:36
ComboFix2.txt 2009-11-02 20:58
ComboFix3.txt 2009-11-02 16:34
ComboFix4.txt 2009-11-01 15:47
ComboFix5.txt 2009-11-07 20:19
Pre-Run: 41,627,107,328 bytes free
Post-Run: 41,803,116,544 bytes free
- - End Of File - - BF32B3A8A584BEFD7DD36E1E9B86EDBD
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:16 on 07/11/2009 by Mayra Soto (Administrator - Elevation successful)
========== regfind ==========
Searching for "ghkjika.exe"
No data found.
-=End Of File=-
ComboFix log:
ComboFix 09-11-07.02 - Mayra Soto 11/07/2009 15:20.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.183 [GMT -5:00]
Running from: c:\documents and settings\Mayra Soto\Desktop\azuleno.exe
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.
2009-11-06 17:00 . 2009-11-07 16:17 -------- dc----w- c:\program files\MSECACHE
2009-11-04 14:59 . 2009-11-04 14:59 -------- dc----w- c:\windows\Hewlett-Packard
2009-11-03 19:57 . 2009-11-03 19:57 -------- dc----w- c:\program files\CCleaner
2009-11-02 20:28 . 2008-07-07 20:06 253952 -c--a-w- c:\windows\system32\es.dll
2009-11-02 20:28 . 2008-07-07 20:06 253952 -c--a-w- c:\windows\system32\dllcache\es.dll
2009-11-02 05:27 . 2009-11-03 01:42 195456 -c----w- c:\windows\system32\MpSigStub.exe
2009-11-02 05:15 . 2009-11-02 05:15 -------- dc----w- c:\windows\system32\wbem\Repository
2009-10-31 20:08 . 2009-10-31 21:20 -------- dc----w- C:\azuleno
2009-10-31 00:49 . 2009-10-31 00:57 -------- dc----w- C:\rsit
2009-10-28 08:35 . 2009-09-10 18:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 08:35 . 2009-09-10 18:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-10-27 12:31 . 2009-10-27 12:31 -------- dc----w- c:\program files\Windows Defender
2009-10-23 22:58 . 2009-10-23 22:58 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-19 14:04 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\drivers\bthport.sys
2009-10-19 14:04 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-19 14:02 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-19 14:02 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-19 14:02 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-19 14:02 . 2009-02-06 16:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-10-19 14:02 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-10-19 14:02 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-19 14:02 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-19 14:02 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-19 14:02 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-19 14:02 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-19 13:59 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-19 13:54 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-19 13:51 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-10-19 13:40 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-19 13:35 . 2009-10-19 13:38 -------- dc----w- c:\windows\system32\CatRoot_bak
2009-10-19 12:25 . 2009-10-19 12:25 -------- dc----w- c:\windows\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2009-10-18 03:08 . 2009-10-19 12:25 -------- dc----w- C:\RECYCLER(2)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 16:12 . 2009-09-26 16:50 -------- dc----w- c:\program files\Trend Micro
2009-11-07 15:51 . 2009-09-11 23:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-07 15:51 . 2006-11-11 00:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-04 14:36 . 2006-11-18 06:00 -------- dc----w- c:\program files\AIM6
2009-11-04 14:36 . 2006-11-16 01:51 -------- dc----w- c:\program files\iTunes
2009-11-04 14:36 . 2006-11-16 01:50 -------- dc----w- c:\program files\QuickTime
2009-11-02 16:18 . 2007-09-06 00:23 -------- dc----w- c:\program files\MSN Messenger
2009-11-01 03:57 . 2009-09-11 22:51 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 20:49 . 2008-03-10 22:42 -------- dc----w- c:\program files\eSoftware
2009-10-28 14:20 . 2009-09-11 23:21 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-10-20 07:36 . 2006-11-15 23:35 77712 -c--a-w- c:\documents and settings\Mayra Soto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 07:07 . 2006-11-11 00:55 -------- dc----w- c:\program files\Microsoft Works
2009-10-19 12:29 . 2006-11-11 00:53 -------- dc----w- c:\program files\BAE
2009-10-08 05:05 . 2009-10-08 05:05 -------- dc----w- c:\program files\VS Revo Group
2009-09-25 05:49 . 2005-08-16 09:18 668672 -c----w- c:\windows\system32\wininet.dll
2009-09-25 05:48 . 2005-08-16 09:18 81920 -c--a-w- c:\windows\system32\ieencode.dll
2009-09-11 23:09 . 2009-09-11 23:09 -------- dc----w- c:\program files\COMODO
2009-09-11 22:51 . 2009-09-11 22:51 -------- dc----w- c:\documents and settings\Mayra Soto\Application Data\Malwarebytes
2009-09-11 22:51 . 2009-09-11 22:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-11 14:33 . 2005-08-16 09:18 133632 -c--a-w- c:\windows\system32\msv1_0.dll
2009-09-06 02:15 . 2006-12-03 22:33 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-06 02:14 . 2006-12-03 22:33 88 -csh--r- c:\windows\system32\22F9E0E6EB.sys
2009-09-04 20:45 . 2005-08-16 09:18 58880 -c--a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2005-08-16 09:19 247326 -c--a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-31_20.53.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-11 00:45 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2006-11-11 00:45 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2005-08-16 09:18 . 2009-10-20 07:38 53640 c:\windows\system32\perfc009.dat
+ 2005-08-16 09:18 . 2009-11-01 07:43 53640 c:\windows\system32\perfc009.dat
- 2006-11-29 00:35 . 2009-10-27 01:51 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2006-11-29 00:35 . 2009-10-27 01:51 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-11-03 02:43 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2009-11-03 02:43 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB950974\spmsg.dll
- 2006-11-29 00:35 . 2009-10-27 01:52 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-09-12 15:44 . 2009-11-02 05:16 387644 c:\windows\system32\Restore\rstrlog.dat
- 2005-08-16 09:18 . 2009-10-20 07:38 382022 c:\windows\system32\perfh009.dat
+ 2005-08-16 09:18 . 2009-11-01 07:43 382022 c:\windows\system32\perfh009.dat
+ 2006-11-11 00:52 . 2005-09-08 10:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE
+ 2006-11-29 00:35 . 2009-11-07 12:05 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-11-29 00:35 . 2009-10-27 01:52 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2006-11-29 00:35 . 2009-11-07 12:05 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-11-03 02:43 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2009-11-03 02:43 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2009-11-03 02:43 . 2005-07-26 04:20 243200 c:\windows\$NtUninstallKB950974$\es.dll
+ 2009-11-03 02:43 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2009-11-03 02:43 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2009-11-03 02:43 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2008-07-07 20:23 . 2008-07-07 20:23 253952 c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2008-07-07 20:26 . 2008-07-07 20:26 253952 c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2005-08-16 09:18 . 2009-10-20 00:00 3070976 c:\windows\system32\mshtml.dll
- 2005-08-16 09:18 . 2009-09-25 05:49 3070976 c:\windows\system32\mshtml.dll
+ 2006-11-11 00:40 . 2009-10-20 00:00 3070976 c:\windows\system32\dllcache\mshtml.dll
- 2006-11-11 00:40 . 2009-09-25 05:49 3070976 c:\windows\system32\dllcache\mshtml.dll
+ 2008-03-31 21:35 . 2008-03-31 21:35 8309760 c:\windows\Installer\394faef.msp
+ 2006-02-22 14:41 . 2006-02-22 14:41 2815488 c:\windows\Installer\394fadc.msp
+ 2009-11-04 14:59 . 2009-11-04 14:59 1728512 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{EC391058-A292-41C5-92C7-95C5A09793B8}\HP Update.msi
+ 2009-10-31 21:49 . 2009-10-02 15:01 25198016 c:\windows\system32\MRT.exe
+ 2004-01-30 08:19 . 2004-01-30 08:19 56269996 c:\windows\Installer\6e9b6a.msp
+ 2009-07-20 17:03 . 2009-07-20 17:03 16465408 c:\windows\Installer\394faf1.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-30 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2009-10-08 14348]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 252704]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
2009-11-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
2009-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKLM-Run-badibokebu - zafufovi.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 15:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-11-07 15:36
ComboFix-quarantined-files.txt 2009-11-07 20:36
ComboFix2.txt 2009-11-02 20:58
ComboFix3.txt 2009-11-02 16:34
ComboFix4.txt 2009-11-01 15:47
ComboFix5.txt 2009-11-07 20:19
Pre-Run: 41,627,107,328 bytes free
Post-Run: 41,803,116,544 bytes free
- - End Of File - - BF32B3A8A584BEFD7DD36E1E9B86EDBD
#51
nasdaq
- Forum Deity
-
- Group: Global Moderator
- Posts: 44,805
- Joined: 24-May 04
Posted 07 November 2009 - 04:05 PM
Sorry that was my mistake.
I looked for the wrong file.
Please repeat the search with the Systemlook tool.
Post the results.
I looked for the wrong file.
Please repeat the search with the Systemlook tool.
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code:regfind webdriver.dll
Post the results.
nasdaq
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
#52
azuleno
- Advanced Member
-
- Group: Full Member
- Posts: 123
- Joined: 16-June 04
Posted 07 November 2009 - 04:54 PM
Here is the System Look log:
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:53 on 07/11/2009 by Mayra Soto (Administrator - Elevation successful)
========== regfind ==========
Searching for "webdriver.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32]
@="C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32]
@="C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32]
@="C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\0\win32]
@="C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
-=End Of File=-
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:53 on 07/11/2009 by Mayra Soto (Administrator - Elevation successful)
========== regfind ==========
Searching for "webdriver.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32]
@="C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32]
@="C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32]
@="C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\0\win32]
@="C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
-=End Of File=-
#53
nasdaq
- Forum Deity
-
- Group: Global Moderator
- Posts: 44,805
- Joined: 24-May 04
Posted 08 November 2009 - 08:32 AM
This should take care of the webdriver.dll isue.
; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix2.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.
Delete the Fix2.reg file when done.
Restart the computer normally.
Where do we go from here?
; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix2.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
Quote
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\0\win32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\0\win32]
; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.
Delete the Fix2.reg file when done.
Restart the computer normally.
Where do we go from here?
nasdaq
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
#54
azuleno
- Advanced Member
-
- Group: Full Member
- Posts: 123
- Joined: 16-June 04
Posted 08 November 2009 - 04:06 PM
Hi nasdaq,
Performed suggested registry fix: Fix2.reg shown below
Uninstalled, then reinstalled SpyBot; looks good, since Accept/Decline box option is not popping anymore.
No more "Error loading zafufovi.dll" window. Good!
Photo Gallery installer still shows, but ..hey! no biggy since I click Cancel once or twice and it is gone!
Reboot is fast. I love that!
I am happy :-) with current performance. Unless you consider that there is a need to submit another HJT log, or other type of log, I believe this PC is doing well now.
Performed suggested registry fix: Fix2.reg shown below
Uninstalled, then reinstalled SpyBot; looks good, since Accept/Decline box option is not popping anymore.
No more "Error loading zafufovi.dll" window. Good!
Photo Gallery installer still shows, but ..hey! no biggy since I click Cancel once or twice and it is gone!
Reboot is fast. I love that!
I am happy :-) with current performance. Unless you consider that there is a need to submit another HJT log, or other type of log, I believe this PC is doing well now.
#55
nasdaq
- Forum Deity
-
- Group: Global Moderator
- Posts: 44,805
- Joined: 24-May 04
Posted 08 November 2009 - 04:40 PM
Time for some housekeeping
You are looking good.
Google this string Photo Gallery installer
See is you can find a easy fix.
- The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /u
ComboFix /Uninstall <- use this if the previous command fails.
Quote
No more "Error loading zafufovi.dll" window. Good!
Photo Gallery installer still shows, but ..hey! no biggy since I click Cancel once or twice and it is gone!
Reboot is fast. I love that!
I am happy :-) with current performance. Unless you consider that there is a need to submit another HJT log, or other type of log, I believe this PC is doing well
Photo Gallery installer still shows, but ..hey! no biggy since I click Cancel once or twice and it is gone!
Reboot is fast. I love that!
I am happy :-) with current performance. Unless you consider that there is a need to submit another HJT log, or other type of log, I believe this PC is doing well
You are looking good.
Google this string Photo Gallery installer
See is you can find a easy fix.
nasdaq
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
#56
azuleno
- Advanced Member
-
- Group: Full Member
- Posts: 123
- Joined: 16-June 04
Posted 09 November 2009 - 12:16 AM
ComboFix was uninstalled. I will look into the other [Photo Gallery/minor] issue.
I will send in my donation Tuesday... Monday will be a really hectic day for me. I will post shortly on my other PC PF usage issue.. that is another story as they say.
Thanks
I will send in my donation Tuesday... Monday will be a really hectic day for me. I will post shortly on my other PC PF usage issue.. that is another story as they say.
Thanks
#57
nasdaq
- Forum Deity
-
- Group: Global Moderator
- Posts: 44,805
- Joined: 24-May 04
Posted 24 November 2009 - 09:58 AM
Glad we could help. 
If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]
My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.
========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760