Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

yieldmanager removal

(In Progress)
(!)

glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
24-May-2010, 11:26 PM #1
Angry yieldmanager removal
I can`t remove yieldmanager completely, I used spybot, and it will return on next day.
Please help remove this malware. I also get doubleclick.com repeatedly. Need help too.
Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:33:24, on 2010/05/25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O2 - BHO: Windows Live サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O9 - Extra button: このコンテンツを引用 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer でこのコンテンツに関する記事を書く(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.nifty.com/security/vcheck...an_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1271922840968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1271922903140
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...l_4.1.66.0.cab
O20 - AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 7624 bytes

Last edited by glassissue; 24-May-2010 at 11:34 PM..
glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
25-May-2010, 12:04 AM #2
Angry boot cd
i can`t make boot cd to format c: drive completely. i need to format c: drive to clean up virus.
please help
Rick_in_Fla's Avatar
Senior Member with 1,005 posts.
 
Join Date: Apr 2007
25-May-2010, 12:23 AM #3
Boot from your Windows XP cd.
glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
25-May-2010, 12:31 AM #4
Angry boot cd
I got windows xp cd, but it doesn`t have format option with it. I need a cd with command prompt to format c: completely. I got viruses in computer, perhaps bootsector virus, backdoor orsomething, which keep comming back after new reinstalling windows xp. please help.
glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
25-May-2010, 01:17 AM #5
Angry bootsector virus
I can`t remove bootsector viruses. I reinstalled windows xp, but viruses comming back right after the installation. Need help to clean up bootsector and any hidden, or memories on motherboard.
huggie54's Avatar
Computer Specs
Member with 2,630 posts.
 
Join Date: Feb 2008
Location: Derbyshire,UK
25-May-2010, 07:20 AM #6
hiya,before you reinstalled windows did you delete the partition first?
glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
25-May-2010, 07:29 AM #7
i can`t delete any except reinstalling the windows xp, which comes with the pc vendor.
Frank4d's Avatar
Computer Specs
Trusted Advisor with 9,126 posts.
 
Join Date: Sep 2006
Location: So. California
25-May-2010, 07:38 AM #8
You have started three threads for the same issue. Since two of them are now in the Virus Removal forum, it would be best to get help there.
valis's Avatar
Moderator with 63,289 posts.
 
Join Date: Sep 2004
Location: as above
25-May-2010, 07:45 AM #9
merging all your threads together. Please do not start more than one thread on the same topic.

thanks,

v
Frank4d's Avatar
Computer Specs
Trusted Advisor with 9,126 posts.
 
Join Date: Sep 2006
Location: So. California
25-May-2010, 08:05 AM #10
Yieldmanager and Doubleclick are web browser tracking cookies, which although they are annoying, they aren't the threats that some anti-malware programs make them to be.

The only things I see in your log that you might want to get rid of is the Bandoo and Bearshare stuff using Add/Remove Programs. Then run a scan using MalwareBytes and let us know what it finds.
glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
25-May-2010, 08:11 PM #11
The Bearshare program has macafee proof tested on may 25, I don`t know if it`s still unsafe.
It used to distribute with WhenUSearch.com malaware, which supposed to be cleared.

ref: http://www.bearshare.com

Bandoo shows that thay don`t have spywre, malware, nor virus contains.

I sacanned with Panda antiirus online.

;************************************************************************** *************************************************************************** ******************************
ANALYSIS: 2010-05-26 03:21:57
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;************************************************************************** *************************************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;========================================================================== =========================================================================== ==============================
Microsoft Security Essentials 2.1.6519.0 Yes Yes
;========================================================================== =========================================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;========================================================================== =========================================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@atdmt[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@bs.serving-sys[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@statse.webtrendslive[2].txt
03009106 W32/Xor-encoded.A Virus No 0 Yes No c:\documents and settings\all users\application data\microsoft\microsoft antimalware\localcopy\{bc12dc42-b924-85ca-bae2-1f5603528e85}-setup.exe
;========================================================================== =========================================================================== ==============================
SUSPECTS
Sent Location
;========================================================================== =========================================================================== ==============================
;========================================================================== =========================================================================== ==============================
VULNERABILITIES
Id Severity Description
;========================================================================== =========================================================================== ==============================
;========================================================================== =========================================================================== ==============================

The cookies were deleted manually from c:\documents and settings\1\cookies\.
I found out that MSN.com uses atdmt.com which is malware and is under microsoft corp. as ads company which MSN.com uses as ads company, and Doubleclick.com as research, Yahoo uses Yieldmanager.com, malware, for research.
Google also uses Doubleclick.com for research.

ref: http://en.wikipedia.org/wiki/DoubleClick
glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
25-May-2010, 08:24 PM #12
I also have
Trojan.DL.Small.CXLP(Trojan), Trojan.DL.Small.CYCX(Trojan), SpyDevastator( Rouge), Exec.Variant.E (trojan), Explorer.Policies.StartMenuLogoff (adware), Explorer.Policies.No StartMenuMo? (adwarwe)
which i can`t remove. please reply.
glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
25-May-2010, 08:29 PM #13
Those were detected on stopzilla.

The threads are not on a same topics, boot cds (windows xp), bootsector virus, and Yieldmanager ( malware program cookie which is not bootsector virus). I solved bootsector cds. though not the others. please reply.
glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
27-May-2010, 09:46 AM #14
i scanned with stopzilla the attached results.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
glassissue's Avatar
glassissue glassissue is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
27-May-2010, 09:48 AM #15
more
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
boot, bootsector, cds, doubleclick, malwafre, virus, windows, windows xp, xpsystem, yieldmanager

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
How to Remove Yieldmanager Qwerdox Virus & Other Malware Removal 5 04-May-2010 05:32 AM
ad.yieldmanager.com 5her Virus & Other Malware Removal 0 19-Apr-2010 11:23 AM
yieldmanager removal keepOnTruckin Virus & Other Malware Removal 0 02-Aug-2008 10:59 AM
Solved: ad.yieldmanager removal sought needsleep Virus & Other Malware Removal 0 05-Sep-2006 07:01 AM
ad.yieldmanager removal assistance mklombard Virus & Other Malware Removal 7 28-Aug-2005 09:50 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑