Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yieldmanager.com pop ups [CLOSED]

Started by hawaiian x , Sep 03 2005 09:27 PM

  • This topic is locked This topic is locked

#1
hawaiian x
Posted 03 September 2005 - 09:27 PM

hawaiian x

    New Member

  • Member
  • Pip
  • 1 posts
While i'm playing a game that constantly needs to be looked at while active, a pop up comes up and it annoys me.

Heres my log.

Logfile of HijackThis v1.99.1
Scan saved at 11:18:54 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM\SVCHOST.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TizzleTalk\TizzleTalk.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\system32\??rvices.exe
C:\Program Files\etea\rpen.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Bloody AzN X\Desktop\Candy75.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Bloody AzN X\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Bloody AzN X\Application Data\Mozilla\Profiles\default\68t9pplv.slt\prefs.js)
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O1 - Hosts: 205.209.184.29 yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinSP] REGEDIT.EXE -s c:/sysreg.reg
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Swebuyhy] C:\WINDOWS\system32\??rvices.exe
O4 - HKCU\..\Run: [Usrr] C:\Program Files\etea\rpen.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Record-Anything.lnk = C:\Program Files\Record-Anything\RecordAnything.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.ho...ex/HMAtchmt.ocx
O18 - Protocol hijack: mhtml -
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ntvdscm - ntvdscm.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MS Software Generic Host Process for Win32 Services (SVCHOST) - Unknown owner - C:\WINDOWS\SYSTEM\SVCHOST.exe
  • 0

Advertisements

#2
Rawe
Posted 04 September 2005 - 08:00 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

Let's start with this..

Please print these instructions out, or write them down, as you can't read them during the fix.

Download Hoster.zip;
  • Unzip Hoster to a convenient folder such as C:\Hoster.
  • Run Hoster.exe from its new home.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Original Hosts and then click OK.
  • Click the X to exit the program.
Next.. We'll download some more tools:

Download CleanUp
Install the program, dont run it yet, we will later.

Please download Ewido Security Suite it is a free version of the program.
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!" Click OK. We will fix this in a moment.
  • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT run a scan yet.
If you are having problems with the updater, you can use this link to manually update Ewido.
ewido manual updates

Download the latest version of Ad-Aware from HERE (if you already have Ad-Aware installed, make sure that it is the latest version 1.0.6 and always go online and update it before you run it).

If it's NOT the version 1.0.6, can you then uninstall your current version/delete folder: C:\Program Files\Lavasoft & empty recycle bin. Finally install the latest version.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon, Click "connect", Click "OK", Click "Finish".)

IF you are having problems with the updating, get the manual updates here; http://download.lava...public/defs.zip

Exit Ad-Aware for now, we'll run it later.

Download SpyBot S&D, Click Here.

When on the site, the download should start automatically. Save it to disk. When downloaded.. Take these precautions before installing the program:

IF you have an older version of SpyBot installed, please do the following first:

1. Undo immunization
2. If SDHelper and TeaTimer are enabled, deactivate them first.
3. If Opera Browser is installed, de-select protection for Opera Immunity
4. Uninstall old version of Spybot S&D
5. Reboot

Then install the SpyBot S&D. (Do NOT install TeaTimer at this time.)

When installed, launch the program. Go to the "Mode"- menu, and select "Advanced Mode". Hit yes if it gives you an warning. Next, click "Settings". Go to -> "Settings". Look for the following and once found, check the box next to "Display Available Beta-versions". Then click to "Search For Updates". Check every update, and install those updates. Next, click on "Immunize". Hit "Immunize" again. Exit the program.. We'll run it later.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Launch Ad-Aware...

2. Set up the Configurations as follows:
  • Click the Gear wheel at the top of the Ad-Aware window
  • Click General > Safety & Settings: Check (Green) all three.
  • Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click on "Proceed"
4. Click on "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to every "target family" for removal.
11. Click "Next", Click "OK".

Now launch SpyBot.. Go to -> Settings. Then choose to go to "Ignore Products". DEselect (Uncheck) EVERY each of the objects in the list.

Next run the scan. Remove ALL the objects found in RED color.

Exit SpyBot..

Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Finally reboot into normal mode and post me the Ewido log along with a fresh HiJackThis log.

- Rawe :tazz:
  • 0

#3
Rawe
Posted 18 September 2005 - 09:48 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP