Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help ad.yieldmanager removal

Started by gmm150 , Mar 01 2008 12:24 PM

  • Please log in to reply

#1
gmm150
Posted 01 March 2008 - 12:24 PM

gmm150

    New Member

  • Member
  • Pip
  • 3 posts
Hello everyone!

I am new to this forum. I bought a new computer about 2 weeks ago. Everything was going well with transfering things from my old PC until about 4 days ago when I was redirected to a google page that had ad.yieldmanager in the search field and I believe in the address bar. It is hard to say if this happens only when going to certain sites or not. It is not constant but pops up everynow and then. I ran spybot, AVG virus scan, window defender scan, and ad aware with no luck. I then ran Combo fix and deleted my cookies, internet temp files, and history. This seemed to work for about 1-2 days but today the ad.yieldmanager came back :) I deleted cookies again, ran combofix, and ran CClean. I haven't gotten the ad.yieldmanager problem yet but I am afraid that I really didn't remove it in its entirety. Also besides getting this removed I was also wondering how I can prevent getting this (is it from a specific site?). Here is my Hijackthis log along with the uninstall log. I will also post the combofix log at the bottom. Thank you.

HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:38 PM, on 3/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...P&M=GT5648E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...P&M=GT5648E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5740 bytes




UNINSTALL LOG
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Apple Mobile Device Support
Apple Software Update
AVG 7.5
Bejeweled 2 Deluxe
BlackBerry Desktop Software 4.3
BlackBerry Desktop Software 4.3
Blackhawk Striker 2
Bonjour
Browser Address Error Redirector
Digital Media Reader
Diner Dash
Family Feud 2
FastStone Image Viewer 3.5
Gateway Connect
Gateway Recovery Center Installer
HijackThis 2.0.2
iTunes
Java™ SE Runtime Environment 6 Update 1
Marvell Miniport Driver
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NVIDIA Drivers
Power2Go 5.0
QuickTime
Realtek High Definition Audio Driver
Roxio Media Manager
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Windows Driver Package - NVIDIA Corporation (nvstor32) HDC (07/02/2007 5.10.2600.0995)




COMBOFIX LOG

ComboFix 08-02-25.3 - Miller 2008-02-29 23:09:18.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1829 [GMT -5:00]
Running from: C:\Users\Miller\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-29 22:59 . 2008-02-29 22:59 <DIR> d-------- C:\Program Files\CCleaner
2008-02-29 22:13 . 2008-02-29 22:17 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-29 22:13 . 2008-02-29 22:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-29 17:40 . 2008-02-29 17:40 54,156 --ah----- C:\Windows\QTFont.qfn
2008-02-29 17:40 . 2008-02-29 17:40 1,409 --a------ C:\Windows\QTFont.for
2008-02-29 17:39 . 2008-02-29 17:39 <DIR> d-------- C:\Users\Miller\AppData\Roaming\Apple Computer
2008-02-29 17:39 . 2008-02-29 17:39 <DIR> d-------- C:\Program Files\iTunes
2008-02-29 17:39 . 2008-02-29 17:39 <DIR> d-------- C:\Program Files\iPod
2008-02-29 17:39 . 2008-02-29 17:39 <DIR> d-------- C:\Program Files\Bonjour
2008-02-29 17:38 . 2008-02-29 17:38 <DIR> d-------- C:\Windows\LastGood
2008-02-29 17:38 . 2008-02-29 17:39 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-02-29 17:38 . 2008-02-29 17:38 <DIR> d-------- C:\Users\All Users\Apple
2008-02-29 17:38 . 2008-02-29 17:39 <DIR> d-------- C:\Program Files\QuickTime
2008-02-29 17:38 . 2008-02-29 17:38 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-29 17:38 . 2008-02-29 17:38 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-24 20:17 . 2008-02-24 20:21 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-24 20:17 . 2008-02-24 20:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-24 20:06 . 2008-02-29 22:23 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-24 18:18 . 2008-02-29 16:19 <DIR> d-------- C:\Users\Miller\AppData\Roaming\Roxio
2008-02-24 17:24 . 2008-02-24 17:24 <DIR> d-------- C:\Users\Miller\AppData\Roaming\FastStone
2008-02-24 17:22 . 2008-02-24 17:22 <DIR> d-------- C:\Program Files\FastStone Image Viewer
2008-02-24 16:56 . 2008-02-24 19:16 <DIR> d-------- C:\Users\Miller\Blackberry
2008-02-24 09:22 . 2008-02-24 09:22 <DIR> d-------- C:\Users\Miller\AppData\Roaming\Research In Motion
2008-02-23 18:20 . 2008-02-24 18:55 256 --a------ C:\Windows\System32\pool.bin
2008-02-23 18:05 . 2008-02-23 18:05 <DIR> d-------- C:\Users\All Users\Sonic
2008-02-23 18:05 . 2008-02-23 18:05 <DIR> d-------- C:\Users\All Users\InstallShield
2008-02-23 18:04 . 2008-02-23 18:05 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-02-23 18:03 . 2008-02-29 17:07 <DIR> d-------- C:\Users\All Users\Roxio
2008-02-23 18:03 . 2008-02-23 18:04 <DIR> d-------- C:\Program Files\Roxio
2008-02-23 18:03 . 2008-02-23 18:05 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-02-23 18:03 . 2008-02-23 18:04 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-02-23 18:00 . 2007-01-18 10:24 26,496 --a------ C:\Windows\System32\drivers\RimSerial.sys
2008-02-23 17:59 . 2008-02-23 17:59 <DIR> d-------- C:\Program Files\Research In Motion
2008-02-23 17:59 . 2008-02-23 18:00 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-02-23 17:51 . 2008-02-23 17:51 <DIR> d--hs---- C:\Windows\ftpcache
2008-02-18 20:59 . 2008-02-18 20:59 <DIR> d-------- C:\Windows\Sun
2008-02-17 11:15 . 2003-06-18 17:31 17,920 --a------ C:\Windows\System32\mdimon.dll
2008-02-17 11:15 . 2008-02-17 11:15 376 --a------ C:\Windows\ODBC.INI
2008-02-17 11:14 . 2008-02-17 11:14 <DIR> d-------- C:\Windows\PCHEALTH
2008-02-17 11:14 . 2008-02-17 11:14 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-17 11:14 . 2008-02-17 11:14 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-17 10:21 . 2008-02-17 10:21 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-17 10:14 . 2006-01-30 11:00 106,496 --a------ C:\Windows\System32\VSHP1020.DLL
2008-02-17 10:14 . 2006-01-30 11:00 28,672 --a------ C:\Windows\System32\ZLM.DLL
2008-02-17 10:14 . 2006-01-30 11:00 28,672 --a------ C:\Windows\System32\IMF32.DLL
2008-02-17 10:14 . 2006-01-30 11:00 24,576 --a------ C:\Windows\System32\ZTAG32.DLL
2008-02-17 10:14 . 2006-01-30 11:00 7,294 --a------ C:\Windows\System32\ZSHP1020.HLP
2008-02-16 14:17 . 2008-02-25 22:18 <DIR> d-------- C:\Users\Miller\AppData\Roaming\AVG7
2008-02-16 14:16 . 2008-02-16 14:16 <DIR> d-------- C:\Users\All Users\Grisoft
2008-02-16 14:16 . 2008-02-20 09:11 <DIR> d-------- C:\Users\All Users\avg7
2008-02-16 14:16 . 2008-02-16 14:16 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-02-16 14:16 . 2008-02-16 14:16 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-02-16 14:16 . 2008-02-16 14:16 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-02-16 12:41 . 2008-02-16 12:41 <DIR> d-------- C:\Users\All Users\Geek Squad
2008-02-16 12:34 . 2008-02-16 12:42 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-02-16 10:23 . 2008-02-16 10:31 <DIR> d-------- C:\Temp
2008-02-16 08:47 . 2008-01-10 00:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 03:05 . 2008-02-13 03:05 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:05 . 2008-02-13 03:05 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:03 . 2008-02-13 03:03 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 03:03 . 2008-02-13 03:03 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 03:03 . 2008-02-13 03:03 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 03:03 . 2008-02-13 03:03 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 03:03 . 2008-02-13 03:03 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 03:03 . 2008-02-13 03:03 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 03:03 . 2008-02-13 03:03 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-13 03:02 . 2008-02-13 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 03:02 . 2008-02-13 03:02 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 03:02 . 2008-02-13 03:02 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 03:02 . 2008-02-13 03:02 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 03:02 . 2008-02-13 03:02 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 03:02 . 2008-02-13 03:02 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 03:02 . 2008-02-13 03:02 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-10 22:08 . 2008-02-10 22:08 <DIR> d-------- C:\Users\Miller\AppData\Roaming\SampleView
2008-02-10 21:57 . 2008-02-10 21:57 <DIR> d-------- C:\Users\Miller\AppData\Roaming\Template
2008-02-10 21:57 . 2008-02-10 21:57 0 --a------ C:\Users\Miller\AppData\Roaming\wklnhst.dat
2008-02-10 21:12 . 2008-02-10 21:12 2,923,520 --a------ C:\Windows\explorer.exe
2008-02-10 21:11 . 2008-02-10 21:11 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-02-10 21:11 . 2008-02-10 21:11 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-02-10 21:11 . 2008-02-10 21:11 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-02-10 21:11 . 2008-02-10 21:11 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-02-10 21:11 . 2008-02-10 21:11 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-02-10 21:09 . 2008-02-10 21:09 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-02-10 21:09 . 2008-02-10 21:09 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-02-10 21:09 . 2008-02-10 21:09 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-02-10 21:09 . 2008-02-10 21:09 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-02-10 21:09 . 2008-02-10 21:09 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-02-10 21:09 . 2008-02-10 21:09 2,048 --a------ C:\Windows\System32\asferror.dll
2008-02-10 21:08 . 2008-02-10 21:08 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-02-10 21:08 . 2008-02-10 21:08 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-02-10 21:08 . 2008-02-10 21:08 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-02-10 21:08 . 2008-02-10 21:08 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-02-10 21:08 . 2008-02-10 21:08 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-02-10 21:08 . 2008-02-10 21:08 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-02-10 21:08 . 2008-02-10 21:08 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-02-10 21:07 . 2008-02-10 21:07 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-02-10 21:07 . 2008-02-10 21:07 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-02-10 21:07 . 2008-02-10 21:07 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-02-10 21:07 . 2008-02-10 21:07 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-02-10 21:06 . 2008-02-10 21:06 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 03:10 --------- d-----w C:\Program Files\Google
2008-02-23 23:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-17 15:44 --------- d-----w C:\Program Files\Microsoft Works
2008-02-16 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 17:30 --------- d-----w C:\Program Files\CONEXANT
2008-02-16 15:54 --------- d-----w C:\Program Files\Gateway Games
2008-02-13 08:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:02 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:02 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 08:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 08:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 08:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 08:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 02:14 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-11 02:14 --------- d-----w C:\Program Files\Windows Mail
2008-02-11 02:12 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-02-11 02:12 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-02-11 02:12 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-02-11 02:12 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-02-11 02:12 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-02-11 02:12 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-02-11 02:12 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-02-11 02:12 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-02-11 02:12 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-02-11 02:12 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-02-11 02:12 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-02-11 02:12 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-15 02:26 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-14 20:45 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-16 14:16 579072]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-16 14:16 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-16 14:16 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
c:\program files\Bigfix\bigfix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-16 08:56 236016 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-04-23 17:51 4435968 C:\Windows\RtHDVCpl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{70A11C4C-1746-4FCA-BFE6-4F0A0941CBC2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{00C35627-F270-48BF-8A87-6594AB9A76AA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{6A3F554B-5E11-4193-BDE2-C2E4C1690614}C:\program files\java\jre1.6.0_01\bin\javaw.exe"= UDP:C:\program files\java\jre1.6.0_01\bin\javaw.exe:Java™ Platform SE binary|Desc=Java™ Platform SE binary
"UDP Query User{39D20C18-D419-401A-947D-9E2DA9BFD655}C:\program files\java\jre1.6.0_01\bin\javaw.exe"= TCP:C:\program files\java\jre1.6.0_01\bin\javaw.exe:Java™ Platform SE binary|Desc=Java™ Platform SE binary
"{C2AE78EF-FDE1-4A27-9127-B03D8177ED5E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{283A2446-B894-48E3-8432-7F03DC27C8B7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{167B1E66-BD17-4C5A-8037-C8A566786B2F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7876C3AE-6433-476A-B024-44E172FD48A7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 09:11]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 23:10:03
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-29 23:10:26
ComboFix-quarantined-files.txt 2008-03-01 04:10:25
ComboFix2.txt 2008-02-25 14:59:00
.
2008-02-29 12:13:52 --- E O F ---
  • 0

Advertisements

#2
gmm150
Posted 04 March 2008 - 07:07 AM

gmm150

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Anyone?
  • 0

#3
gmm150
Posted 12 March 2008 - 06:09 AM

gmm150

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Why no responses? Am I doing something wrong?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP