1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

yieldmanager removal

Discussion in 'Virus & Other Malware Removal' started by glassissue, May 24, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    I can`t remove yieldmanager completely, I used spybot, and it will return on next day.
    Please help remove this malware. I also get doubleclick.com repeatedly. Need help too.
    Thanks

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:33:24, on 2010/05/25
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\Bandoo\Bandoo.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\HPZinw12.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\PROGRA~1\Bandoo\BndCore.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
    O2 - BHO: Windows Live サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
    O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
    O9 - Extra button: このコンテンツを引用 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer でこのコンテンツに関する記事を書く(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.nifty.com/security/vcheck/kav/kavwebscan_unicode.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271922840968
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1271922903140
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    O20 - AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    --
    End of file - 7624 bytes
     
  2. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    i can`t make boot cd to format c: drive completely. i need to format c: drive to clean up virus.
    please help
     
  3. Rick_in_Fla

    Rick_in_Fla

    Joined:
    Apr 1, 2007
    Messages:
    1,005
    Boot from your Windows XP cd.
     
  4. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    I got windows xp cd, but it doesn`t have format option with it. I need a cd with command prompt to format c: completely. I got viruses in computer, perhaps bootsector virus, backdoor orsomething, which keep comming back after new reinstalling windows xp. please help.
     
  5. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    I can`t remove bootsector viruses. I reinstalled windows xp, but viruses comming back right after the installation. Need help to clean up bootsector and any hidden, or memories on motherboard.
     
  6. huggie54

    huggie54

    Joined:
    Feb 17, 2008
    Messages:
    2,631
    hiya,before you reinstalled windows did you delete the partition first?
     
  7. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    i can`t delete any except reinstalling the windows xp, which comes with the pc vendor.
     
  8. Frank4d

    Frank4d Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    You have started three threads for the same issue. Since two of them are now in the Virus Removal forum, it would be best to get help there.
     
  9. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,502
    merging all your threads together. Please do not start more than one thread on the same topic.

    thanks,

    v
     
  10. Frank4d

    Frank4d Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    Yieldmanager and Doubleclick are web browser tracking cookies, which although they are annoying, they aren't the threats that some anti-malware programs make them to be.

    The only things I see in your log that you might want to get rid of is the Bandoo and Bearshare stuff using Add/Remove Programs. Then run a scan using MalwareBytes and let us know what it finds.
     
  11. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    The Bearshare program has macafee proof tested on may 25, I don`t know if it`s still unsafe.
    It used to distribute with WhenUSearch.com malaware, which supposed to be cleared.

    ref: http://www.bearshare.com

    Bandoo shows that thay don`t have spywre, malware, nor virus contains.

    I sacanned with Panda antiirus online.

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2010-05-26 03:21:57
    PROTECTIONS: 1
    MALWARE: 13
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Microsoft Security Essentials 2.1.6519.0 Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@atdmt[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@tribalfusion[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@mediaplex[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@com[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@ad.yieldmanager[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@apmebf[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@bs.serving-sys[2].txt
    00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@server.iad.liveperson[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@advertising[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\1\cookies\q@statse.webtrendslive[2].txt
    03009106 W32/Xor-encoded.A Virus No 0 Yes No c:\documents and settings\all users\application data\microsoft\microsoft antimalware\localcopy\{bc12dc42-b924-85ca-bae2-1f5603528e85}-setup.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

    The cookies were deleted manually from c:\documents and settings\1\cookies\.
    I found out that MSN.com uses atdmt.com which is malware and is under microsoft corp. as ads company which MSN.com uses as ads company, and Doubleclick.com as research, Yahoo uses Yieldmanager.com, malware, for research.
    Google also uses Doubleclick.com for research.

    ref: http://en.wikipedia.org/wiki/DoubleClick
     
  12. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    I also have
    Trojan.DL.Small.CXLP(Trojan), Trojan.DL.Small.CYCX(Trojan), SpyDevastator( Rouge), Exec.Variant.E (trojan), Explorer.Policies.StartMenuLogoff (adware), Explorer.Policies.No StartMenuMo? (adwarwe)
    which i can`t remove. please reply.
     
  13. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    Those were detected on stopzilla.

    The threads are not on a same topics, boot cds (windows xp), bootsector virus, and Yieldmanager ( malware program cookie which is not bootsector virus). I solved bootsector cds. though not the others. please reply.
     
  14. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    i scanned with stopzilla the attached results.
     

    Attached Files:

  15. glassissue

    glassissue Thread Starter

    Joined:
    May 24, 2010
    Messages:
    30
    more
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/925050