Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yieldmanager Taking Over Computer...help Please!


  • This topic is locked This topic is locked
6 replies to this topic

#1 lqgrady

lqgrady

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 01 January 2008 - 10:59 PM

When trying to view pages I am redirected to a yieldmanager error. I'm not sure what yieldmanager is, but this happens very often. I have recently ran Ad-Aware, and it cleaned up some of it. I've done this over and over and I continue to have this same problem. Please help me!!! Here is my Hijack log after my last Ad-Aware scan was ran. Any suggestions are welcomed. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:03 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Allume\ZipMagic\MXTask.exe
C:\PROGRA~1\Allume\ZipMagic\mxtask.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files\Lexmark 9300 Series\ezprint.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX7122
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SMSI Loader] C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe /PRNDRV
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.familylobby.com/common/ImageUpl...geUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6028\SAService.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: ZipMagic Task Manager - Allume Systems, Inc. - C:\PROGRA~1\Allume\ZipMagic\MXTask.exe

--
End of file - 9386 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:35 AM

Posted 02 January 2008 - 09:32 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 lqgrady

lqgrady
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 03 January 2008 - 01:53 AM

Thanks for your quick response to my problem. Here is the log that ComboFix came up with:

ComboFix 08-01-03.3 - Owner 2008-01-03 1:46:06.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.98 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 01:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 00:31 . 2008-01-02 00:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-02 00:31 . 2008-01-02 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-01 23:47 . 2008-01-01 23:47 <DIR> d-------- C:\Documents and Settings\Administrator.POOTIE\Application Data\AT&T
2008-01-01 23:43 . 2008-01-01 23:43 <DIR> d-------- C:\Documents and Settings\Administrator.POOTIE\Application Data\Lavasoft
2008-01-01 18:36 . 2008-01-01 18:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-29 02:47 . 2007-12-29 02:47 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2007-12-26 23:49 . 2007-12-26 23:55 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-26 21:46 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-26 21:46 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-26 21:46 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-26 21:46 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-26 21:46 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-26 21:46 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-26 21:46 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-26 21:46 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-26 21:46 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2007-12-23 23:24 . 2007-12-23 23:24 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-23 23:20 . 2007-12-23 23:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-23 23:20 . 2007-12-23 23:21 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-23 11:30 . 2007-12-23 11:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-12-23 11:30 . 2007-12-23 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-23 05:06 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-23 05:02 . 2007-12-23 05:02 <DIR> d----c--- C:\ATI
2007-12-23 01:40 . 2007-12-23 01:48 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2007-12-23 00:59 . 2007-12-23 00:59 2 --a------ C:\WINDOWS\msoffice.ini
2007-12-22 22:24 . 2007-12-22 22:24 <DIR> d-------- C:\Program Files\UPHClean
2007-12-22 20:45 . 2007-12-27 03:06 579 --a------ C:\WINDOWS\FORCEDRV.INI
2007-12-22 19:16 . 2007-12-22 19:16 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-12-22 18:56 . 2003-05-05 05:50 585,728 -ra------ C:\WINDOWS\system32\ankppage.dll
2007-12-22 18:56 . 2003-04-09 12:10 69,632 -ra------ C:\WINDOWS\system32\ankpdfor.dll
2007-12-22 18:56 . 2004-08-03 23:08 36,224 --a------ C:\WINDOWS\system32\hidclass.sys
2007-12-22 18:56 . 2004-08-03 23:08 24,960 --a------ C:\WINDOWS\system32\hidparse.sys
2007-12-22 18:56 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\hidusb.sys
2007-12-22 18:45 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-21 15:22 . 2007-12-21 15:22 <DIR> d-------- C:\Program Files\3DGroove
2007-12-21 15:09 . 2007-12-29 02:56 <DIR> d-------- C:\Program Files\Lx_cats
2007-12-21 15:08 . 2006-10-25 03:16 344,064 --a------ C:\WINDOWS\system32\lxcqcoin.dll
2007-12-21 15:08 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-12-21 15:08 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-12-21 15:08 . 2005-06-23 21:37 40,960 --a------ C:\WINDOWS\system32\lxcqvs.dll
2007-12-21 15:06 . 2007-12-21 15:07 277 --a------ C:\WINDOWS\LogInfo.ini
2007-12-21 15:04 . 2007-12-21 15:04 <DIR> d-------- C:\WINDOWS\system32\color
2007-12-21 15:04 . 2004-07-30 12:06 28,672 --a------ C:\WINDOWS\hookdllX.dll
2007-12-21 15:04 . 1997-10-14 05:19 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2007-12-21 15:04 . 2007-12-21 15:07 257 --a------ C:\WINDOWS\setup.iss
2007-12-21 15:03 . 2007-12-21 15:04 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-21 15:02 . 2006-10-26 02:03 45,056 --a------ C:\WINDOWS\system32\lxcqpmon.dll
2007-12-21 15:02 . 2006-10-26 02:02 32,768 --a------ C:\WINDOWS\system32\LXCQFXPU.DLL
2007-12-21 15:01 . 2007-12-21 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\9300 Series
2007-12-21 15:01 . 2006-04-24 11:00 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-12-21 15:01 . 2006-04-24 11:00 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-12-21 15:01 . 2006-10-26 02:09 12,288 --a------ C:\WINDOWS\system32\lxcqpmrc.dll
2007-12-21 15:00 . 2007-12-21 15:09 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-12-21 15:00 . 2006-10-24 04:33 31 --a------ C:\WINDOWS\system32\lxcqrwrd.ini
2007-12-21 14:59 . 2007-12-21 15:10 <DIR> d-------- C:\Program Files\Lexmark 9300 Series
2007-12-20 18:45 . 2003-07-17 17:40 745,472 --------- C:\WINDOWS\system32\BCMWLCPL.CPL
2007-12-20 18:45 . 2003-07-17 17:40 483,328 --------- C:\WINDOWS\system32\BCMWLTRY.EXE
2007-12-20 18:45 . 2003-07-17 17:40 143,360 --------- C:\WINDOWS\system32\BCMWLU00.EXE
2007-12-20 18:45 . 2003-07-17 17:40 57,344 --------- C:\WINDOWS\system32\BCMWLD2K.EXE
2007-12-20 18:45 . 2003-07-17 17:40 45,056 --------- C:\WINDOWS\system32\WLTRYSVC.EXE
2007-12-20 12:14 . 2007-12-20 12:14 <DIR> d-------- C:\Program Files\Virtools
2007-12-20 02:47 . 2007-12-20 02:47 <DIR> d-------- C:\SWSetup
2007-12-20 02:01 . 2007-12-20 02:01 <DIR> d-------- C:\Program Files\Gateway
2007-12-20 02:01 . 2007-12-20 20:04 <DIR> d-------- C:\Cabs
2007-12-20 00:59 . 2007-12-20 00:59 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-20 00:53 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2007-12-20 00:52 . 2007-12-20 00:52 <DIR> d-------- C:\Program Files\Raxco
2007-12-20 00:52 . 2007-12-20 00:52 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-20 00:52 . 2007-12-20 00:52 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-12-20 00:52 . 2007-12-20 00:52 <DIR> d-------- C:\Program Files\CA
2007-12-20 00:52 . 2007-12-20 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2007-12-20 00:52 . 2007-04-19 11:24 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2007-12-20 00:49 . 2007-12-20 00:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-12-19 23:44 . 2007-12-20 00:51 <DIR> d-------- C:\Program Files\AT&T
2007-12-19 23:44 . 2007-12-20 00:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AT&T
2007-12-19 23:44 . 2007-01-10 09:06 538,112 -ra------ C:\WINDOWS\system32\drivers\bcmwl6.sys
2007-12-19 23:43 . 2007-12-20 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2007-12-19 22:35 . 2007-05-14 17:03 445,696 -ra------ C:\WINDOWS\system32\drivers\rt73.sys
2007-12-19 22:24 . 2007-12-19 23:32 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-12-19 22:24 . 2007-12-19 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-12-19 22:24 . 2005-07-12 01:28 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2007-12-19 22:24 . 2002-02-13 20:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2007-12-19 22:24 . 2005-07-12 01:28 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2007-12-04 22:05 . 2007-12-04 22:05 368,640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-04 21:48 . 2007-12-04 21:48 9,535,488 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-12-04 21:33 . 2007-12-04 21:33 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-12-04 21:33 . 2007-12-04 21:33 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-12-04 21:33 . 2007-12-04 21:33 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2007-12-04 21:14 . 2007-12-04 21:14 180,224 --a------ C:\WINDOWS\system32\atiok3x2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 05:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 05:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-12-27 04:19 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
2007-12-26 08:24 --------- d-----w C:\Program Files\The Print Shop 21
2007-12-23 10:10 --------- d-----w C:\Program Files\ATI Technologies
2007-12-23 10:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 07:21 --------- d-----w C:\Program Files\Pure Networks
2007-12-23 06:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-23 06:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\URSoft
2007-12-23 06:09 --------- d-----w C:\Program Files\PrivacyEraser Computing
2007-12-23 06:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-23 05:59 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-23 01:44 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-22 23:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-21 20:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\9300 Series
2007-12-20 04:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-03 01:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 08:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\Tutor
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 08:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 08:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 20:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 20:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-08-19 01:50 284 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-05-14 22:03 445,696 ------w C:\WINDOWS\inf\rt73.sys
2002-06-04 07:06 65,536 ------w C:\WINDOWS\inf\copyinf.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-19 00:58 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 21:05 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 09:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 09:47 688218]
"SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [2004-05-26 19:57 139264]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SMSI Loader"="C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe" [2004-10-12 13:01 32768]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 16:09 310000]
"-FreedomNeedsReboot"="C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [2007-06-28 16:09 13552]
"lxcqmon.exe"="C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" [2006-10-23 09:51 286720]
"Lexmark 9300 Series Fax Server"="C:\Program Files\Lexmark 9300 Series\fm3032.exe" [2006-10-26 01:33 299008]
"EzPrint"="C:\Program Files\Lexmark 9300 Series\ezprint.exe" [2006-10-06 04:01 77824]
"LXCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-10-15 20:25 106496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 14:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 11:09 63712 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-11 00:26 406016 --a------ C:\WINDOWS\system32\\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2007-02-19 00:58 171448 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 05:01 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-02-19 00:58 171448 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

R2 lxcq_device;lxcq_device;C:\WINDOWS\system32\lxcqcoms.exe [2006-11-06 11:21]
R2 ZipMagic Task Manager;ZipMagic Task Manager;C:\PROGRA~1\Allume\ZipMagic\MXTask.exe [2005-05-09 13:27]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 17:18]
S3 AMDMSRIO;AMDMSRIO;C:\DOCUME~1\Owner\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys []
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-15 22:41]
S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-04 14:00]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2006-10-30 18:27:41 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-10-30 18:27:42 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 01:47:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCQCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 1:48:02
ComboFix-quarantined-files.txt 2008-01-03 06:47:43
ComboFix2.txt 2008-01-03 06:43:29
.
2007-12-27 17:57:33 --- E O F ---

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:35 AM

Posted 03 January 2008 - 10:09 AM

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 lqgrady

lqgrady
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 03 January 2008 - 10:39 PM

I just ran the last system scan on my laptop that you suggested. It completed and was restarting, but instead of restarting I received a message that said: NTLDR is missing press Ctrl+Alt+Del to restart. Now I'm worse off then I was in the first place. I'm not sure if I have a disc that will reboot my gateway computer...Aaaaah Help Me!!!!

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:35 AM

Posted 03 January 2008 - 11:06 PM

This is unrelated to the malware issue, but take a look at this info and it should take you through some steps to get your computer booted back up normally again.

http://www.lockergnome.com/blade/2006/12/1...-how-to-repair/
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:35 AM

Posted 30 January 2008 - 05:27 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users