|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
07-13-2008, 01:14 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 4
OS: xp
|
Malware - Yeieldmanager, Goochi Adds and Doubleclick problem
Computer seems to be riddled with spyware and adware.Getting constant popups and each time I delete the cookies they come back. Have pasted the txt from main note below
Deckard's System Scanner v20071014.68 Run by Alicia on 2008-07-13 20:49:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 7: 2008-07-13 19:49:48 UTC - RP7 - Deckard's System Scanner Restore Point 6: 2008-07-13 02:05:31 UTC - RP6 - Software Distribution Service 3.0 5: 2008-07-13 00:53:54 UTC - RP5 - System Checkpoint 4: 2008-07-07 12:55:53 UTC - RP4 - Installed iTunes 3: 2008-07-07 11:19:17 UTC - RP3 - Installed Windows Media Player 10 -- First Restore Point -- 1: 2008-07-05 17:02:57 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Alicia.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:53:25, on 13/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\netdde.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\tlntsvr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\dmadmin.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\mjc\mjc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Documents and Settings\Alicia\Local Settings\Temporary Internet Files\Content.IE5\4PIJK9MR\dss[1].exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Alicia.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {149564B3-87F4-4D5A-9700-E782DF2B1EA8} - (no file) O2 - BHO: gooochi browser optimizer - {1b40c706-f7c7-77f3-645c-a8aaf7952a19} - C:\WINDOWS\system32\{a60668af-ce36-7e9d-ee68-257990fb654e}.dll O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9FFE7CAB-EFBE-481F-8220-F770C1B50C95} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {dd155adc-b468-2a0b-ba94-93c167354aeb} - {bea45376-1c39-49ab-b0a2-864bcda551dd} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [{DC-CF-F3-3C-DW}] C:\windows\system32\jkwnw64m.exe DWram1FF O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [{4a0bc89f-efba-a686-ea79-83bd881bbfca}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{a60668af-ce36-7e9d-ee68-257990fb654e}.dll" DllStart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ac637c77a93f42209f2b1c9c2ef09140 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ac637c77a93f42209f2b1c9c2ef09140 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1CD9CD90-1C51-4B8D-A982-A85958A5BB72}: NameServer = 194.74.65.68,194.74.65.69 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: wvUmmLdB - wvUmmLdB.dll (file missing) O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 14945 bytes -- File Associations ----------------------------------------------------------- .ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys R1 Hotkey - c:\windows\system32\drivers\hotkey.sys R1 StarOpen - c:\windows\system32\drivers\staropen.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0> R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1500> R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver> R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver> R2 int15 - c:\windows\system32\drivers\int15.sys R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> R2 tvicport - c:\windows\system32\drivers\tvicport.sys <Not Verified; EnTech Taiwan; TVicPort Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> R2 zntport - c:\windows\system32\drivers\zntport.sys <Not Verified; Zeal SoftStudio; NTPort Library> R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; > S1 Wbutton - c:\windows\system32\drivers\wbutton.sys (file missing) S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1500> S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver> S3 psdfilter - c:\windows\system32\drivers\psdfilter.sys (file missing) S3 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys (file missing) S3 SI15CI - c:\elements\1stboot\blueth\si15ci.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AcerMemUsageCheckService (Memory Check Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; Acer Inc.; > R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-13 03:30:02 428 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job -- Files created between 2008-06-13 and 2008-07-13 ----------------------------- 2008-07-13 20:52:56 0 d-------- C:\Program Files\Trend Micro 2008-07-12 21:51:25 0 d-------- C:\Program Files\Panda Security 2008-07-12 21:51:18 0 d-------- C:\WINDOWS\LastGood 2008-07-08 22:42:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Ltd 2008-07-07 13:56:09 0 d-------- C:\Program Files\iPod 2008-07-07 13:56:00 0 d-------- C:\Program Files\iTunes 2008-07-02 19:43:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-01 21:33:54 106240 --a------ C:\WINDOWS\system32\cleiqqac.dll 2008-07-01 21:28:53 90960 --a------ C:\WINDOWS\system32\kqtmggty.dll 2008-06-30 17:27:55 90544 --a------ C:\WINDOWS\system32\yqxvkhhq.dll 2008-06-29 22:09:03 0 d--h----- C:\$AVG8.VAULT$ 2008-06-29 21:24:17 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-29 21:24:16 0 d-------- C:\Documents and Settings\Alicia\Application Data\AVGTOOLBAR 2008-06-29 21:23:59 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-29 19:13:00 0 d-------- C:\WINDOWS\system32\??crosoft 2008-06-29 19  08 0 d-------- C:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP2008-06-29 17:26:02 105856 --a------ C:\WINDOWS\system32\wjryzb.dll 2008-06-29 17:25:59 105856 --a------ C:\WINDOWS\system32\glyfihxs.dll 2008-06-29 17:21:32 298303 --a------ C:\WINDOWS\system32\gside.exe 2008-06-29 17:19:53 90544 --a------ C:\WINDOWS\system32\kajcdnxl.dll 2008-06-29 12:41:20 0 d-------- C:\Program Files\AVG 2008-06-28 14:05:07 105968 --a------ C:\WINDOWS\system32\jyojob.dll 2008-06-28 14:05:06 105968 --a------ C:\WINDOWS\system32\exwkvquc.dll 2008-06-28 14:04:40 90560 --a------ C:\WINDOWS\system32\fdxkgksm.dll 2008-06-27 13:35:53 0 d-------- C:\Program Files\mjc 2008-06-27 10:35:42 0 dr------- C:\Documents and Settings\LocalService\Favorites 2008-06-27 10:34:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla 2008-06-26 13:17:47 0 d-------- C:\Program Files\Common Files\??sks 2008-06-26 13:13:59 0 d-------- C:\Program Files\?icrosoft.NET 2008-06-26 13:13:32 0 d--hs---- C:\WINDOWS\QWxpY2lh 2008-06-26 13:13:12 0 d-------- C:\WINDOWS\system32\rev2 2008-06-26 13:13:12 0 d-------- C:\WINDOWS\system32\mb9 2008-06-26 13:12:58 0 d-------- C:\WINDOWS\system32\modtrux01 2008-06-26 13:12:58 0 d-------- C:\Temp 2008-06-24 17:09:37 396858 --ahs---- C:\WINDOWS\system32\NTuwyccf.ini2 2008-06-16 21:17:12 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles -- Find3M Report --------------------------------------------------------------- 2008-07-13 20:31:14 623 --a------ C:\WINDOWS\system32\mhncache.dat 2008-07-12 18:29:22 12 --a------ C:\WINDOWS\bthservsdp.dat 2008-06-26 13:17:48 0 d-------- C:\Program Files\Common Files\??sks 2008-06-26 13:14:00 0 d-------- C:\Program Files\?icrosoft.NET 2008-06-11 15:52:54 0 d-------- C:\Program Files\BrowsingEnhancer 2008-06-05 21:36:14 0 d-------- C:\Program Files\Bonjour 2008-05-27 14:31:08 370688 --a------ C:\WINDOWS\system32\{a60668af-ce36-7e9d-ee68-257990fb654e}.dll 2008-05-27 12:12:38 0 d-------- C:\Program Files\Samsung -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{149564B3-87F4-4D5A-9700-E782DF2B1EA8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1b40c706-f7c7-77f3-645c-a8aaf7952a19}] 27/05/2008 14:31 370688 --a------ C:\WINDOWS\system32\{a60668af-ce36-7e9d-ee68-257990fb654e}.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FFE7CAB-EFBE-481F-8220-F770C1B50C95}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 29/06/2008 21:24 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bea45376-1c39-49ab-b0a2-864bcda551dd}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [29/06/2008 21:24 2050816] [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 13:56] "preload"="C:\Windows\RUNXMLPL.exe" [19/05/2005 17:09] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [16/12/2005 16:32] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [11/06/2005 20:51] "AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 14:50 C:\WINDOWS\AGRSMMSG.exe] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [11/05/2005 17:15] "@"="" [] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 04:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [10/08/2004 04:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 04:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 04:00] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/01/2006 09:43] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [19/01/2006 09:43] "RTHDCPL"="RTHDCPL.EXE" [21/07/2006 17:56 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [16/05/2006 19:04 C:\WINDOWS\SkyTel.exe] "Alcmtr"="ALCMTR.EXE" [03/05/2005 19:43 C:\WINDOWS\Alcmtr.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [10/08/2004 04:00 C:\WINDOWS\system32\bthprops.cpl] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 13:36] "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [19/04/2006 15:08] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [16/09/2003 14:28] "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [25/07/2005 10:45] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [20/04/2006 09:23] "eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [30/03/2006 18:47] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [15/03/2006 22:12] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [31/03/2006 16:39] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [01/06/2006 14:40] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [23/06/2006 10:39] "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [26/06/2006 15:47] "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [26/06/2006 15:55] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 18:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [07/01/2006 02:36] "{DC-CF-F3-3C-DW}"="C:\windows\system32\jkwnw64m.exe" [] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/06/2008 21:24] "{4a0bc89f-efba-a686-ea79-83bd881bbfca}"="C:\WINDOWS\system32\{a60668af-ce36-7e9d-ee68-257990fb654e}.dll" [27/05/2008 14:31] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/06/2008 11:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/10/2007 17:45] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [26/02/2008 02:23] "mjc"="C:\Program Files\mjc\mjc.exe" [27/06/2008 13:35] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [17/01/2006 10:45:32] Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [19/09/2007 08:31:17] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmmLdB] wvUmmLdB.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccywuTN [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ -- Hosts ----------------------------------------------------------------------- 127.0.0.1 208.67.70.3 127.0.0.1 38.99.150.167 127.0.0.1 38.99.150.205 127.0.0.1 88.255.90.60 127.0.0.1 opal.spod.org 127.0.0.1 sendspace.com 127.0.0.1 ad1.ny.yieldmanager.com 127.0.0.1 ad2.ny.yieldmanager.com 127.0.0.1 ny.yieldmanager.com 127.0.0.1 yieldmanager.com 2 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-07-13 20:54:29 ------------ Last edited by olived01 : 07-13-2008 at 01:17 PM. Reason: typos |
|
     |
|
07-21-2008, 04:19 AM
|
#3 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 2,776
OS: XP
|
Re: Malware - Yeieldmanager, Goochi Adds and Doubleclick problem
Hello and welcome to TSF
Please re-download Deckard Ssystem Scanner(DSS), do not run DSS, but save to desktop, then double-click on DSS.exe and post the following logs. ========= Logs Required C:\Deckard\System Scanner\main.txt C:\Deckard\System Scanner\extra.txt<----Attached
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information.  Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
07-22-2008, 02:08 PM
|
#5 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 2,776
OS: XP
|
Re: Malware - Yeieldmanager, Goochi Adds and Doubleclick problem
Quote:
Don`t take this the wrong way, you could have posted the two logs and still asked me why i wanted you to do so, thus we could have started on the fix. I am just a volunteer here, like everyone else and only have a certain amount of time to help, so not following the instructions accordingly will add more time to fixing your computer.
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
|
07-23-2008, 02:12 PM
|
#6 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 4
OS: xp
|
Re: Malware - Yeieldmanager, Goochi Adds and Doubleclick problem
Thanks for update. I wasn't being funny, just pointing out that I had supplied the data. Anyway, I was trying to resolve this issue for a friend with partial success but they needed their laptop back so I can't now continue with it. Please close this thread.
Thanks for your help |
|
|
|
|
07-24-2008, 04:28 AM
|
#7 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 2,776
OS: XP
|
Re: Malware - Yeieldmanager, Goochi Adds and Doubleclick problem
Ok, thanks for letting us know.
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
| Thread Tools | |
|
|
