1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Yieldmanager Tracking cookie detected

Discussion in 'Virus & Other Malware Removal' started by abhijith01, Jan 4, 2010.

Thread Status:
Not open for further replies.
  1. abhijith01

    abhijith01 Thread Starter

    Joined:
    Jan 4, 2010
    Messages:
    1
    Hi,

    I had Trojan Vundo problem on my pc reported couple of months back. I had my pc re-imaged.
    But recently i got a popup ad of bmng sysguard from a news website (which turned out to be a fake anti-virus). By mistake i clicked on the pop-up and it installed some tools on my machine. Later i found out that this had created a start-up for bmngsysguard.exe which was causing my pc to behave unexpectedly. So i disabled this tool from Start - run - Msconfig - Startup and then manually deleted the exe file from the path provided there.

    But after that i'm having strange problems of yieldmanager cookies being created on my PC. Now I have stopped connecting to internet on that machine, but still i can see those cookies come-up time and again (now i can see them created in c:\windows\system32\config\systemprofile\cookies)

    I have installed AVG 8.5 with latest updates installed, microsoft Software Essentials latest version (i installed this last week), Search and Destroy, Registry Cleanup, etc. Still i'm unable to trace the source that is causing these cookies. I found a thread with similar problem on this forum on link:
    http://forums.techguy.org/malware-r...ing-cookies-yieldmanager-tacoda-problems.html

    Can you please help me in resolving this problem. Below is the logs from hijack this.

    Thanks in advance:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:44:48 PM, on 1/4/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\drivers\dell\audio\r206243_a05\wdm\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    C:\insight\tools\aiclient.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Oracle\ora10g\bin\omtsreco.exe
    C:\insight\tools\AIDRVR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Lgnserv.exe
    C:\WINDOWS\system32\tnsnames_service.exe
    C:\WINDOWS\system32\cccredmgr.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\insight\tools\BP_CPUINFO.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscript.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\EnableProxy\EnableProxy.exe
    C:\Program Files\Microsoft Office Communicator\communicator.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

    Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O4 - HKLM\..\Run: [ICFCheck] wscript.exe //Job:main C:\WINDOWS\ICF\ICF.WSF
    O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
    O4 - HKLM\..\Run: [Enterprise Vault Offline Vault Size] C:\Program Files\Enterprise Vault\EVreg\EVCREG13.exe /Q
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
    O4 - HKLM\..\Run: [C2C MaX Compression initial registry keys] C:\Program Files\MaXCompression\RegMaxComp54.exe /Q
    O4 - HKLM\..\Run: [NAGP Software Update] J:\ReadOnly\NAGMpkgs\Splash\Splash.exe
    O4 - HKLM\..\Run: [NAGP BBS Patches] J:\ReadOnly\NAGMpkgs\AppsList\AutoUpdt\BBS_Patches\BBS_Patches.exe
    O4 - HKLM\..\Run: [RealTray] _C:\PROGRA~1\Real\REALPL~1\realplay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [CCDoctorLogonTesting] "C:\Program Files\Rational\ClearCase\bin\ccdoctor.exe" /LogonStartup
    O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
    O4 - HKLM\..\Run: [AeXSWDUsr] C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Enable or Disable Proxy Server.lnk = ?
    O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System

    Manager\DCPSysMgr.exe
    O4 - Global Startup: NAGP_AutoUpdate2.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1227191672672
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227192455968
    O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: ccnotify - C:\WINDOWS\SYSTEM32\ccnotify.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
    O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    O23 - Service: Asset Insight Client (AICLIENT) - Unknown owner - C:\insight\tools\aiclient.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell

    ControlPoint\DCPButtonSvc.exe
    O23 - Service: Rational Cred Manager (cccredmgr) - IBM Corporation - C:\WINDOWS\system32\cccredmgr.exe
    O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom

    USH Host Components\CV\bin\HostControlService.exe
    O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host

    Components\CV\bin\HostStorageService.exe
    O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System

    Manager\DCPSysMgrSvc.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program

    Files\Citrix\GoToAssist\516\g2aservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common

    Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\ora10g\bin\omtsreco.exe
    O23 - Service: OracleOraHome10ClientCache - Unknown owner - C:\BIN\ONRSD.EXE (file missing)
    O23 - Service: OracleOraHome10gClientCache - Unknown owner - C:\BIN\ONRSD.EXE (file missing)


    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\dell\audio\r206243_a05\wdm\stacsv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Tnsnames Service (TNSNAMES_SERVICE) - Unknown owner - C:\WINDOWS\system32\tnsnames_service.exe
    --
    End of file - 12395 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/891153

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice