Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ad.YieldManager Problem

Started by Toddc13 , Mar 08 2008 04:49 PM

  • Please log in to reply

#1
Toddc13
Posted 08 March 2008 - 04:49 PM

Toddc13

    New Member

  • Member
  • Pip
  • 1 posts
I have the yieldmanager problem on my computer. I have already ran spyware doctor, cc cleaner, avg anti spyware, hijackthis and rogue remover. The problem is still here. I appreciate any help you can give me. Thank You

Here is my Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:35 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {10EC6CEC-5A1D-4E4E-AB85-8CC516F2A687} (AICPAViewer.clsViewer) - http://www.cpa-exam....AICPAViewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam....tall/SSItem.cab
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam....ll/SimItems.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186733559156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186778064593
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam....all/General.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam....tall/CRItem.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam....CPAViewerIL.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Here is the combo fix log:
ComboFix 08-03-07.4 - Todd Carriveau 2008-03-08 16:35:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.445 [GMT -6:00]
Running from: C:\Documents and Settings\Todd Carriveau\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Todd Carriveau\Application Data\inst.exe
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\hosts

.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-07 18:19 . 2008-03-07 18:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-07 18:19 . 2008-03-07 18:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-28 15:29 . 2008-02-28 15:29 92,544 --a------ C:\WINDOWS\system32\drivers\av5flt.sys
2008-02-28 13:51 . 2008-02-28 14:05 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-02-28 12:59 . 2008-02-28 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-02-27 23:33 . 2008-02-27 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-27 23:28 . 2008-02-28 16:03 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-27 22:48 . 2008-02-27 22:48 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-27 22:48 . 2008-02-27 22:48 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-27 15:36 . 2008-02-27 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-27 14:43 . 2008-02-27 14:43 4,918 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-27 14:37 . 2008-02-27 14:37 268 --ah----- C:\sqmdata01.sqm
2008-02-27 14:37 . 2008-02-27 14:37 244 --ah----- C:\sqmnoopt01.sqm
2008-02-27 14:32 . 2008-02-27 14:32 <DIR> d-------- C:\Program Files\CCleaner
2008-02-27 14:24 . 2008-02-27 14:24 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-02-26 23:39 . 2008-02-26 23:39 268 --ah----- C:\sqmdata00.sqm
2008-02-26 23:39 . 2008-02-26 23:39 244 --ah----- C:\sqmnoopt00.sqm
2008-02-26 16:32 . 2008-02-26 16:33 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\DellFaxCtr
2008-02-26 15:59 . 2006-10-28 08:31 344,064 --a------ C:\WINDOWS\system32\dlcxcoin.dll
2008-02-26 15:59 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-02-26 15:59 . 2006-04-24 13:09 40,960 --a------ C:\WINDOWS\system32\dlcxvs.dll
2008-02-26 15:44 . 2006-08-08 13:58 692,224 --a------ C:\WINDOWS\system32\dlcxdrs.dll
2008-02-26 15:44 . 2006-09-22 05:42 65,536 --a------ C:\WINDOWS\system32\dlcxcaps.dll
2008-02-26 15:44 . 2006-03-19 18:03 61,440 --a------ C:\WINDOWS\system32\dlcxcnv4.dll
2008-02-26 15:39 . 2006-10-06 06:06 45,056 --a------ C:\WINDOWS\system32\DLPRMON.DLL
2008-02-26 15:39 . 2006-10-06 06:05 32,768 --a------ C:\WINDOWS\system32\DLPMONUI.DLL
2008-02-26 15:38 . 2006-04-24 13:58 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-02-26 15:38 . 2006-04-24 13:58 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-02-26 15:37 . 2008-02-26 15:44 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 926
2008-02-24 16:43 . 2008-02-24 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-24 14:40 . 2008-02-24 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-24 14:40 . 2008-02-24 14:39 218,504 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-02-24 14:39 . 2008-02-24 14:40 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-02-24 14:18 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-24 14:18 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-24 14:18 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-24 14:18 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-24 12:36 . 2008-02-24 12:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 10:35 . 2002-01-05 06:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-02-24 10:35 . 2002-01-05 05:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-02-24 09:36 . 2008-02-24 09:36 <DIR> d-------- C:\WINDOWS\wt
2008-02-24 09:36 . 2008-02-24 09:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-24 09:34 . 2008-02-24 09:34 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-22 17:23 . 2008-02-22 17:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-22 17:23 . 2008-02-22 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 15:55 . 2008-02-24 09:32 <DIR> d-------- C:\Documents and Settings\Todd Carriveau\.housecall6.6
2008-02-22 09:57 . 2008-02-24 10:46 792 --a------ C:\WINDOWS\win.tmp
2008-02-22 09:57 . 2008-02-24 10:46 227 --a------ C:\WINDOWS\system.tmp
2008-02-22 09:40 . 2008-02-22 09:40 <DIR> d-------- C:\Program Files\AML Products
2008-02-21 20:05 . 2008-02-21 20:05 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-02-21 20:05 . 2008-02-21 20:05 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-02-21 20:04 . 2008-02-21 20:04 <DIR> d-------- C:\Documents and Settings\Todd Carriveau\Application Data\Sunbelt Software
2008-02-21 18:51 . 2008-02-21 18:53 164 --a------ C:\install.dat
2008-02-21 17:39 . 2008-02-24 09:34 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-02-21 17:27 . 2008-02-24 09:34 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-02-21 17:24 . 2008-02-24 12:23 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-21 15:27 . 2008-02-27 23:17 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-17 19:37 . 2008-02-24 09:38 <DIR> d-------- C:\Program Files\Kontiki
2008-02-17 19:37 . 2008-02-17 19:37 <DIR> d-------- C:\Program Files\Entriq
2008-02-17 19:37 . 2008-02-17 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-02-17 19:37 . 2008-02-24 09:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Entriq
2008-02-17 17:23 . 2008-02-17 17:23 <DIR> d-------- C:\Documents and Settings\Todd Carriveau\Application Data\DellFaxCtr
2008-02-17 16:53 . 2008-02-28 21:33 <DIR> d-------- C:\Program Files\Dl_cats
2008-02-17 16:48 . 2008-02-17 16:48 <DIR> d-------- C:\Documents and Settings\Todd Carriveau\Application Data\Corel
2008-02-17 16:45 . 2008-02-26 15:41 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-02-17 16:44 . 2008-02-17 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DellFaxCtr
2008-02-17 16:44 . 2006-04-24 13:58 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-02-17 16:44 . 2006-04-24 13:58 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-02-17 16:44 . 2006-04-24 13:58 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-02-17 16:43 . 2008-02-26 15:38 <DIR> d-------- C:\Program Files\Dell PC Fax
2008-02-17 16:40 . 2008-02-24 09:35 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 926(2)
2008-02-17 16:40 . 2006-10-11 15:52 585,728 --a------ C:\WINDOWS\system32\dlcxlmpm(2).dll
2008-02-17 16:40 . 2006-10-11 15:48 532,480 --a------ C:\WINDOWS\system32\dlcxcoms(3).exe
2008-02-17 16:40 . 2006-08-28 14:57 532,462 --a------ C:\WINDOWS\system32\dlcxhelp.chm
2008-02-17 16:40 . 2006-09-06 04:13 73,728 --a------ C:\WINDOWS\system32\dlcxcfg(2).dll
2008-02-17 16:40 . 2008-02-26 16:00 26,103 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-02-17 16:40 . 2006-11-02 06:23 1,840 --a------ C:\WINDOWS\system32\dlcx.loc
2008-02-16 23:30 . 2008-02-24 09:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 23:30 . 2008-02-16 23:30 <DIR> d-------- C:\Documents and Settings\Todd Carriveau\Application Data\SUPERAntiSpyware.com
2008-02-16 23:16 . 2008-02-16 23:16 276 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-02-16 22:20 . 2008-02-16 22:20 <DIR> d-------- C:\Program Files\Lavasoft(2)
2008-02-16 22:20 . 2008-02-16 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 22:12 . 2008-02-24 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 15:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-08 22:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 22:09 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-29 00:59 --------- d-----w C:\Documents and Settings\Todd Carriveau\Application Data\LimeWire
2008-02-28 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 21:40 --------- d-----w C:\Program Files\Dell
2008-02-24 19:45 --------- d-----w C:\Documents and Settings\Todd Carriveau\Application Data\Uniblue
2008-02-21 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-17 22:47 --------- d-----w C:\Program Files\Corel
2008-02-17 04:03 --------- d-----w C:\Documents and Settings\Todd Carriveau\Application Data\Lavasoft
2008-02-05 05:33 --------- d-----w C:\Program Files\Microsoft Works
2008-02-05 05:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-30 02:26 --------- d-----w C:\Program Files\HP
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-08-29 06:01 47,360 ----a-w C:\Documents and Settings\Todd Carriveau\Application Data\pcouffin.sys
2007-09-08 18:45 88 --sh--r C:\WINDOWS\system32\C3EC1FBE98.sys
2007-09-08 18:45 4,182 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
----a-w 14,336 2004-08-04 10:00:00 C:\WINDOWS\system32\svchost.exe

b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
----a-w 577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
-c----w 577,024 2004-08-04 10:00:00 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
-c----w 577,024 2005-03-02 18:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
----a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\user32.dll
------w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\user32.dll

2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2004-08-04 10:00:00 C:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2004-08-04 10:00:00 C:\WINDOWS\system32\dllcache\ws2_32.dll

812fee31c3d7db6579b5979939c95375 C:\WINDOWS\system32\wininet.dll
----a-w 662,016 2006-01-09 18:02:00 C:\WINDOWS\$hf_mig$\KB912945\SP2QFE\wininet.dll
-c----w 663,552 2006-05-10 05:25:22 C:\WINDOWS\$NtUninstallie7beta2$\wininet.dll
-c----w 658,432 2006-01-09 18:08:41 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
-c----w 663,552 2006-03-04 03:58:52 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
----a-w 723,456 2006-04-14 04:29:58 C:\WINDOWS\system32\wininet.dll
------w 723,456 2006-04-14 04:29:58 C:\WINDOWS\system32\dllcache\wininet.dll

90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,040 2004-08-04 10:00:00 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
------w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\drivers\tcpip.sys

01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2004-08-04 10:00:00 C:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2004-08-04 10:00:00 C:\WINDOWS\system32\dllcache\winlogon.exe

558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
----a-w 182,912 2004-08-04 10:00:00 C:\WINDOWS\system32\drivers\ndis.sys

4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
----a-w 29,056 2004-08-04 10:00:00 C:\WINDOWS\system32\drivers\ip6fw.sys

2dfb215e291e3d9b1cf9a6739b3bf16c C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,056,832 2005-03-02 00:36:40 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
-c----w 2,015,744 2005-06-23 00:05:49 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
-c----w 2,017,280 2006-12-19 16:12:19 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
------w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
----a-w 2,017,280 2007-02-28 09:15:59 C:\WINDOWS\system32\ntkrnlpa.exe
------w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

e6679c3023b17d8b78946bc5df53fa20 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,179,456 2005-03-02 01:04:22 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
-c----w 2,136,064 2005-06-23 00:30:54 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
-c----w 2,137,600 2006-12-19 16:49:02 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
------w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 2,137,600 2007-02-28 09:53:04 C:\WINDOWS\system32\ntoskrnl.exe
------w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,032,192 2004-08-04 10:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
------w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 24576 C:\WINDOWS\MIDIDEF.EXE]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 04:17 81920]
"Aim6"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 10:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 10:56 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 15:30 282624 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 13:58 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 10:48 761947]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15 290816]
"MBMon"="CTMBHA.DLL" [2006-03-03 02:18 1355938 C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-21 23:17 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-06 13:55 180269]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"RegistryMechanic"="" []
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 16:09 312200]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 10:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 16:04 304008]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 23:31 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01 437160]

C:\Documents and Settings\Todd Carriveau\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 11:57:16 2913584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 19:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 18:24 50760 C:\Program Files\Common Files\AOL\1154053119\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ufc62countdown]
c:\program files\ufc 62\ufc62countdown.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-01-02 08:13 1126400 C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1154053119\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1154053119\\ee\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"31580:TCP"= 31580:TCP:127.0.0.1/255.255.255.255:Enabled:CPAexcel v4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-02-24 14:39]
R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 15:48]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 22:11:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-05 18:18:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-24 18:18:15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 16:39:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 16:40:20
ComboFix-quarantined-files.txt 2008-03-08 22:40:17
.
2008-03-07 18:21:54 --- E O F ---
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP