Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Yieldmanager


  • This topic is locked This topic is locked
17 replies to this topic

#1 gideonzaidman

gideonzaidman

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 28 April 2008 - 09:14 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:04:13, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\YCIII\YankClip.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ??? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ?&?? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206113163511
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206125654500
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9A002A7-874F-483C-B86A-9D42CF467443}: NameServer = 192.117.235.235 62.219.186.7
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9542 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:55 PM

Posted 30 April 2008 - 09:41 AM

Hello gideonzaidman,

Welcome to Bleeping Computer :thumbsup:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 gideonzaidman

gideonzaidman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 02 May 2008 - 07:23 PM

Dear tea,

Thank you for your reply. I'm 61 and retired and the PC is my main joy. I'm posting here the log of Malwarebytes:

Malwarebytes' Anti-Malware 1.11
Database version: 709

Scan type: Quick Scan
Objects scanned: 33439
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

It seems it didn't find anything... I've scanned my PC with BitDEfender, Spysweeper, Spybot. They didn't find anything as well.

Thanks

Gideon

#4 gideonzaidman

gideonzaidman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 02 May 2008 - 07:27 PM

Sorry tea, I forgot to paste the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:25:18, on 03/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\YCIII\YankClip.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ??? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ?&?? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206113163511
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206125654500
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9A002A7-874F-483C-B86A-9D42CF467443}: NameServer = 62.219.186.7 192.117.235.235
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9492 bytes

Thanks a lot

Gideon

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:55 PM

Posted 02 May 2008 - 08:32 PM

Hi Gideon,

I understand about the joy of a computer. And....my mother is older than you are and she's on her computer probably just as much, if not more than, I am in a day. :thumbsup:

Can you tell me in more detail what your problem seems to be, please? We aren't seeing anything in the logs, and you said the things you ran came up clean as well. I need to know as much as I can so I know which way to look. :blink:

Thank you!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 gideonzaidman

gideonzaidman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 03 May 2008 - 09:06 AM

Dear tea,

Thanks for your prompt response. I was an operating system manager (VAX VMS) so I think I know something about computers...

The place I ALWAYS stumble upon Yieldmanager is the torrents search machine: http://www.torrentscan.com/ when I'm trying to get to btjunkie site and ONLY this site - the other sites are OK.

My machine is:

PC processor Intel Core 2 Duo CPU E6750 @ 2.66 GHz

2 GB of RAM

Operating System: Microsoft Windows XP Pro SP 2

Browsers: Mozilla Firefox and IE7 of Microsoft

Thank you again

Gideon

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:55 PM

Posted 03 May 2008 - 09:24 AM

Good morning Gideon. :thumbsup:

Before we get going on a potential wild goose chase, and before I ask you to download anything, let's try this, please:

Please rename your Hosts file to hosts.old and let me know if it still happens.

Let me know how you come out. :blink:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 gideonzaidman

gideonzaidman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 03 May 2008 - 04:08 PM

Hi,

Morning for you is evening for me (GM + 2 - Israel).

It didn't help.

Gideon

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:55 PM

Posted 03 May 2008 - 08:56 PM

Okie dokie then, let's use something tougher :

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 gideonzaidman

gideonzaidman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 04 May 2008 - 02:34 AM

Hi tea,

Here's the log:

ComboFix 08-05-01.3 - Administrator 05/04/2008 10:24:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1401 [GMT 2:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msvrc20.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 07:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-04 02:20 --------- d-----w C:\Program Files\Pazera Free MP4 to AVI Converter
2008-05-04 00:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-05-04 00:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-05-03 19:23 --------- d-----w C:\Program Files\BitDefender KeyGen + Updates Patch
2008-05-03 19:11 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-03 19:11 --------- d-----w C:\Program Files\BitDefender
2008-05-03 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-03 19:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Bitdefender
2008-05-03 19:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-03 15:50 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-03 15:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-03 02:39 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-03 02:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Desktopicon
2008-05-03 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 01:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-02 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-01 02:24 2,666 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-01 00:28 --------- d-s---w C:\Program Files\eMule
2008-04-28 06:03 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-28 06:03 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-04-27 10:34 --------- d-----w C:\Program Files\Winamp
2008-04-27 02:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\wsInspector
2008-04-27 02:47 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-04-27 02:23 --------- d-----w C:\Program Files\IObit
2008-04-24 06:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-04-23 23:11 --------- d-----w C:\Program Files\Fp-Check.85
2008-04-22 05:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Systweak
2008-04-21 09:36 --------- d-----w C:\Program Files\Apple Software Update
2008-04-21 06:37 --------- d-----w C:\Program Files\Xvid
2008-04-21 02:19 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-04-19 23:16 --------- d-----w C:\Program Files\Classic Media Player
2008-04-17 23:19 --------- d-----w C:\Program Files\Magic Video Converter
2008-04-16 01:03 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-14 04:51 --------- d-----w C:\Program Files\ActivIcons
2008-04-14 04:10 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-04-12 20:07 --------- d-----w C:\Program Files\Atomic Clock
2008-04-12 19:47 --------- d-----w C:\Program Files\Siber Systems
2008-04-12 19:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GoodSync
2008-04-11 22:21 --------- d-----w C:\Program Files\AVI Preview
2008-04-11 11:04 --------- d-----w C:\Program Files\Trend Micro
2008-04-11 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 00:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 11:49 --------- d-----w C:\Program Files\DivX
2008-04-10 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-08 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-07 18:13 --------- d-----w C:\Program Files\Gspot
2008-04-07 15:38 --------- d-----w C:\Program Files\EnhanceMovie 2.2
2008-04-07 15:37 --------- d-----w C:\Program Files\MOVAVI
2008-04-07 11:10 --------- d-----w C:\Program Files\QuickTime
2008-04-06 09:00 --------- d-----w C:\Program Files\Gabest
2008-04-06 08:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-05 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-03 11:55 --------- d-----w C:\Program Files\Setup Files
2008-04-03 11:52 --------- d-----w C:\Program Files\MSI
2008-04-03 09:15 --------- d-----w C:\Program Files\MSBuild
2008-04-03 09:15 --------- d-----w C:\Program Files\Microsoft Works
2008-04-03 09:14 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-03 09:13 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-02 12:11 --------- d-----w C:\Program Files\MSECache
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 00:28 --------- d-----w C:\Program Files\BurnInTest
2008-03-30 23:43 --------- d-----w C:\Program Files\PerformanceTest
2008-03-30 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-29 18:57 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-28 02:28 --------- d-----w C:\Program Files\YCIII
2008-03-28 02:24 --------- d-----w C:\Program Files\Ashampoo
2008-03-27 01:22 --------- d-----w C:\Program Files\Nmania
2008-03-26 23:24 --------- d-----w C:\Program Files\Gadwin Systems
2008-03-24 14:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-03-24 13:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HP
2008-03-23 22:48 --------- d-----w C:\Program Files\Webroot
2008-03-23 22:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-23 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-23 22:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-03-23 22:44 --------- d-----w C:\Program Files\SSUpdater
2008-03-23 13:22 --------- d-----w C:\Program Files\Kantaris
2008-03-23 13:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\kantaris
2008-03-23 12:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-03-23 12:43 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-03-23 12:43 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-03-23 12:43 --------- d-----w C:\Program Files\ACD Systems
2008-03-23 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-23 11:31 --------- d-----w C:\Program Files\Skype
2008-03-23 11:31 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-23 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-23 11:21 --------- d-----w C:\Program Files\Unlocker
2008-03-23 10:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CursorArts
2008-03-23 10:19 --------- d-----w C:\Program Files\Microangelo Toolset 6
2008-03-23 10:05 --------- d-----w C:\Program Files\Britannica 8.0
2008-03-22 16:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-22 16:40 --------- d-----w C:\Program Files\Microangelo
2008-03-21 23:39 --------- d-----w C:\Program Files\uTorrent
2008-03-21 23:31 --------- d-----w C:\Program Files\DFX
2008-03-21 23:17 --------- d-----w C:\Program Files\Windows Media Connect 2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [11/16/2006 07:04 PM 139264]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [08/20/2007 10:42 AM 495616]
"SpeedConnectStartUp"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [08/20/2007 09:38 AM 16384512 C:\WINDOWS\RTHDCPL.exe]
"Domino"="C:\WINDOWS\Domino.EXE" [06/28/2006 05:54 PM 49152]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 12:56 AM 33280 C:\WINDOWS\system32\rundll32.exe]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [06/30/2007 04:42 PM 499712]
"BCWipeTM Startup"="C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" [05/02/2007 02:07 PM 504824]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM 155648]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [03/01/2008 07:10 AM 15872]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/16/2008 05:45 PM 360448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Yankee Clipper III.lnk - C:\Program Files\YCIII\YankClip.exe [2008-03-21 20:38:25 1368064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [09/11/2007 12:45 AM]
R3 ZSMC0305;Vimicro USB PC Camera (VC0305);C:\WINDOWS\system32\Drivers\usbVM305.sys [08/10/2006 12:32 PM]
S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []
S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys [01/16/2007 11:10 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - 05B1F6AA
*Newly Created Service* - 7F117BEF
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-28 06:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 10:25:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
folder error: C:\WINDOWS\TEMP\

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 05/04/2008 10:25:42
ComboFix-quarantined-files.txt 2008-05-04 08:25:39

Pre-Run: 89,317,740,544 bytes free
Post-Run: 89,448,124,416 bytes free

184 --- E O F --- 2008-05-02 01:00:50
Hope this is OK...

Thanks

Gideon

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:55 PM

Posted 04 May 2008 - 02:38 AM

Well well......does anyone else use your computer? If not, I see how you most likely got infected. How is it running now please?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 gideonzaidman

gideonzaidman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 04 May 2008 - 06:08 AM

The same problem. I'm the only one using the computer.

Thanks

Gideon

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:55 PM

Posted 05 May 2008 - 12:04 PM

Hello Gideon,

I hope you had a nice weekend. :thumbsup:

Surely you know that going to the torrent sites are going to cause problems like this. I have to ask.....is this just a cookie you're seeing? Is it a popup?

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 gideonzaidman

gideonzaidman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 06 May 2008 - 01:51 PM

Hi tea,

A nice weekend to you too.

It's a popup.

Thanks.

Gideon

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:55 PM

Posted 06 May 2008 - 03:39 PM

Hello,

Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

Let me know if it's still there after that. :thumbsup:

Do you happen to have Browser Error Redirector installed? I don't see it in your logs anywhere, but it is known to cause this problem.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users