Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

yoog search provider


  • This topic is locked This topic is locked
2 replies to this topic

#1 lindasue1718

lindasue1718

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 08 February 2009 - 08:08 PM

Ive tried everything to get rid of yoog except for combofix. Below are my logs. Thanks.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Jim Diehl at 18:49:42.56 on Sun 02/08/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.104 [GMT -6:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\ge security supra\syncservice.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\hiwhrlnk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Runtime Software\DriveImage XML\dixml.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Jim Diehl\Local Settings\Temporary Internet Files\Content.IE5\NX1QZSIZ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = www.satx.rr.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TBSB05288 Class: {6714adbd-c6c1-42a8-bd84-9c9339059421} - c:\program files\ietoolbar\eco bar\ecobar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {934d0796-93c4-8847-75e5-67a11b306101} - c:\windows\system32\nsdC.dll
TB: ECO Bar: {10000000-1000-1000-1000-100000000000} - c:\program files\ietoolbar\eco bar\ecobar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\4.0"
mRun: [hiwhrlnk] "c:\windows\system32\hiwhrlnk.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\jimdie~1\startm~1\programs\startup\p2pmax.lnk - c:\program files\p2pmax\p2pmax.exe
StartupFolder: c:\docume~1\jimdie~1\startm~1\programs\startup\ppcb_32.lnk - c:\program files\ppcbooster\ppcb_32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\displa~1.lnk - c:\program files\ge security supra\SyncInfoApp.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: Sweet Tooth 2 by Pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/sweettooth2/sweettooth2-en_US.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0854D220-A90A-466D-BC02-6683183802B7} - hxxp://sabor.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193240405015
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://sapdnortheast.axiscam.net:800/activex/AMC.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-5 64160]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-5-29 26376]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-5-29 21128]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-6-4 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-5-29 21512]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-5-29 32264]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2009-2-4 41456]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-5-29 144960]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2007-10-23 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2007-10-23 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2007-10-23 34789]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-6-4 108368]
S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wftvfm\WFIOCTL.sys [2007-10-23 9446]

=============== Created Last 30 ================

2009-02-08 18:43 <DIR> --d----- c:\program files\Runtime Software
2009-02-08 18:11 <DIR> --d----- c:\program files\Cobian Backup 9
2009-02-07 22:52 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-07 22:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-07 19:38 85,647 a------- c:\windows\system32\cbc24312-eac5-62f6-9313-c19625d7fd7c.exe
2009-02-06 03:54 674,304 a------- c:\windows\system32\nsdC.dll
2009-02-05 14:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-05 14:16 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-05 14:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-05 14:13 <DIR> --d----- c:\program files\Lavasoft
2009-02-05 12:37 347,019 a------- c:\windows\qprkh0425.exe
2009-02-05 12:37 142,607 a------- c:\windows\xpuxv3478.exe
2009-02-05 12:37 <DIR> --d----- c:\program files\ppcbooster
2009-02-05 12:37 1,458,176 a------- c:\windows\system32\hiwhrlnk.exe
2009-02-05 12:37 478,208 a------- c:\windows\rgmonsvc.exe
2009-02-05 12:37 85,460 a------- c:\windows\bhme8845.exe
2009-02-05 12:37 10,752 a------- c:\windows\lkmf4732.exe
2009-02-05 12:37 <DIR> --d----- c:\program files\IEToolbar
2009-02-05 12:37 905,670 a------- c:\windows\qvaw4788.exe
2009-02-05 12:36 <DIR> --d----- c:\program files\p2pmax
2009-02-05 12:36 4,627,576 a------- c:\windows\enjf6330.exe
2009-02-05 12:36 56,320 a------- c:\windows\sbxpv3802.exe
2009-02-05 12:36 32,768 a------- c:\windows\efeg78577.exe
2009-02-05 12:36 <DIR> --d----- c:\program files\runit
2009-02-05 12:36 69,697 a------- c:\windows\fqcn3581.exe
2009-02-05 12:36 28,672 a------- c:\windows\ishj72420.exe
2009-02-05 12:36 85,289 a------- c:\windows\system32\cont_blueskyadagency-remove.exe
2009-02-05 12:36 93,696 a------- c:\windows\jaeed8785.exe
2009-02-05 12:36 185,239 a------- c:\windows\fnmw7881.exe
2009-02-04 21:10 <DIR> --d----- c:\program files\HandBrake
2009-02-04 20:58 <DIR> -cd----- c:\docume~1\jimdie~1\applic~1\AVS4YOU
2009-02-04 20:58 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-02-04 20:57 <DIR> --d----- c:\program files\common files\AVSMedia
2009-02-04 20:56 <DIR> --d----- c:\program files\AVS4YOU
2009-02-04 20:07 198,144 -------- c:\windows\system32\_psisdecd.dll
2009-02-04 20:07 44,544 a------- c:\windows\system32\msxml4a.dll
2009-02-04 19:59 24,576 a------- c:\windows\system32\msxml3a.dll
2009-02-04 19:57 <DIR> -cd----- C:\MyWorks
2009-02-04 19:55 <DIR> --d----- c:\program files\Digital Photo Navigator 1.5
2009-02-02 11:59 <DIR> --d----- c:\program files\Enigma Software Group
2009-01-22 12:58 <DIR> -cd----- c:\docume~1\jimdie~1\applic~1\Intuit
2009-01-22 12:56 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-01-22 12:51 <DIR> --d----- c:\program files\TurboTax
2009-01-15 15:06 <DIR> --d----- c:\program files\Gamenext
2009-01-15 15:06 <DIR> --d----- c:\program files\common files\Oberon Media
2009-01-15 12:34 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\MinigolfAdventures
2009-01-15 12:33 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-01-15 12:19 <DIR> --d----- c:\program files\BitLord
2009-01-15 11:58 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Azureus
2009-01-15 11:58 <DIR> -cd----- c:\docume~1\jimdie~1\applic~1\Azureus
2009-01-15 11:55 <DIR> --d----- c:\program files\Azureus
2009-01-10 20:32 112,423 a------- c:\windows\hpoins07.dat
2009-01-10 20:32 21,124 -------- c:\windows\hpomdl07.dat

==================== Find3M ====================

2009-02-08 17:59 154,714 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-08 17:59 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-08 17:59 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-08 17:59 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-08 17:59 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-08 17:59 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-08 17:59 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-08 17:59 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
1996-09-16 01:00 5,904 ac------ c:\documents and settings\jim diehl\SETUP.EXE

============= FINISH: 18:52:06.62 ===============

Attached Files


Edited by lindasue1718, 08 February 2009 - 08:21 PM.


BC AdBot (Login to Remove)

 


#2 lindasue1718

lindasue1718
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 10 February 2009 - 11:58 PM

My husband had a go at combofix and found all the files and registry keys that needed to be removed. We now have a clean computer again. THanks anyway.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:18 AM

Posted 18 February 2009 - 11:08 AM

Thanks for informing us.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users