Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help On Ad.yieldmanager Adware


  • This topic is locked This topic is locked
28 replies to this topic

#16 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:32 PM

Posted 20 January 2006 - 01:28 PM

Ugh, I can't attach it, my reply just won't load with it. :thumbsup:

Which Internet browser are you trying to use to get the 2 week trial?
Hi there, stranger!

BC AdBot (Login to Remove)

 


#17 nixx

nixx
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 21 January 2006 - 02:02 AM

hello again

the link worked already.. sorry about that :thumbsup:
anyway, i did as requested :flowers:

here's the session log of the spysweeper. thanks again!




********
1:44 PM: | Start of Session, Saturday, January 21, 2006 |
1:44 PM: Spy Sweeper started
1:44 PM: Sweep initiated using definitions version 603
1:44 PM: Starting Memory Sweep
1:47 PM: Memory Sweep Complete, Elapsed Time: 00:03:14
1:47 PM: Starting Registry Sweep
1:47 PM: Found Adware: 7adpower
1:47 PM: HKCR\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (3 subtraces) (ID = 831505)
1:47 PM: HKLM\software\classes\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (3 subtraces) (ID = 831694)
1:47 PM: Found Adware: ist yoursitebar
1:47 PM: HKU\S-1-5-21-2160291182-3208703888-1140339157-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147853)
1:47 PM: Registry Sweep Complete, Elapsed Time:00:00:20
1:47 PM: Starting Cookie Sweep
1:47 PM: Found Spy Cookie: yieldmanager cookie
1:47 PM: administrator@ad.yieldmanager[1].txt (ID = 3751)
1:47 PM: Found Spy Cookie: go.com cookie
1:47 PM: administrator@adisney.go[1].txt (ID = 2729)
1:47 PM: Found Spy Cookie: pointroll cookie
1:47 PM: administrator@ads.pointroll[2].txt (ID = 3148)
1:47 PM: Found Spy Cookie: revenue.net cookie
1:47 PM: administrator@ads1.revenue[1].txt (ID = 3258)
1:47 PM: Found Spy Cookie: advertising cookie
1:47 PM: administrator@advertising[1].txt (ID = 2175)
1:47 PM: Found Spy Cookie: atlas dmt cookie
1:47 PM: administrator@atdmt[2].txt (ID = 2253)
1:47 PM: Found Spy Cookie: banner cookie
1:47 PM: administrator@banner[1].txt (ID = 2276)
1:47 PM: Found Spy Cookie: belnk cookie
1:47 PM: administrator@belnk[1].txt (ID = 2292)
1:47 PM: Found Spy Cookie: casalemedia cookie
1:47 PM: administrator@casalemedia[1].txt (ID = 2354)
1:47 PM: administrator@disney.go[1].txt (ID = 2729)
1:47 PM: administrator@dist.belnk[2].txt (ID = 2293)
1:47 PM: Found Spy Cookie: ru4 cookie
1:47 PM: administrator@edge.ru4[2].txt (ID = 3269)
1:47 PM: Found Spy Cookie: fastclick cookie
1:47 PM: administrator@fastclick[2].txt (ID = 2651)
1:47 PM: administrator@go[2].txt (ID = 2728)
1:47 PM: administrator@media.fastclick[1].txt (ID = 2652)
1:47 PM: administrator@revenue[1].txt (ID = 3257)
1:47 PM: Found Spy Cookie: rn11 cookie
1:47 PM: administrator@rn11[2].txt (ID = 3261)
1:47 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:47 PM: Starting File Sweep
2:51 PM: File Sweep Complete, Elapsed Time: 01:03:48
2:51 PM: Full Sweep has completed. Elapsed time 01:07:27
2:51 PM: Traces Found: 26
2:52 PM: Removal process initiated
2:52 PM: Quarantining All Traces: 7adpower
2:52 PM: Quarantining All Traces: ist yoursitebar
2:52 PM: Quarantining All Traces: advertising cookie
2:52 PM: Quarantining All Traces: atlas dmt cookie
2:52 PM: Quarantining All Traces: banner cookie
2:52 PM: Quarantining All Traces: belnk cookie
2:52 PM: Quarantining All Traces: casalemedia cookie
2:52 PM: Quarantining All Traces: fastclick cookie
2:52 PM: Quarantining All Traces: go.com cookie
2:52 PM: Quarantining All Traces: pointroll cookie
2:52 PM: Quarantining All Traces: revenue.net cookie
2:52 PM: Quarantining All Traces: rn11 cookie
2:52 PM: Quarantining All Traces: ru4 cookie
2:52 PM: Quarantining All Traces: yieldmanager cookie
2:52 PM: Removal process completed. Elapsed time 00:00:04
********
1:58 AM: | Start of Session, Saturday, January 21, 2006 |
1:58 AM: Spy Sweeper started
1:58 AM: Sweep initiated using definitions version 603
1:58 AM: Starting Memory Sweep
2:01 AM: Memory Sweep Complete, Elapsed Time: 00:03:07
2:01 AM: Starting Registry Sweep
2:01 AM: Found Adware: 7adpower
2:01 AM: HKCR\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (3 subtraces) (ID = 831505)
2:01 AM: HKLM\software\classes\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (3 subtraces) (ID = 831694)
2:01 AM: Found Adware: ist yoursitebar
2:01 AM: HKU\S-1-5-21-2160291182-3208703888-1140339157-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147853)
2:02 AM: Registry Sweep Complete, Elapsed Time:00:00:20
2:02 AM: Starting Cookie Sweep
2:02 AM: Found Spy Cookie: yieldmanager cookie
2:02 AM: administrator@ad.yieldmanager[1].txt (ID = 3751)
2:02 AM: Found Spy Cookie: go.com cookie
2:02 AM: administrator@adisney.go[1].txt (ID = 2729)
2:02 AM: Found Spy Cookie: revenue.net cookie
2:02 AM: administrator@ads1.revenue[1].txt (ID = 3258)
2:02 AM: Found Spy Cookie: advertising cookie
2:02 AM: administrator@advertising[1].txt (ID = 2175)
2:02 AM: Found Spy Cookie: atlas dmt cookie
2:02 AM: administrator@atdmt[2].txt (ID = 2253)
2:02 AM: Found Spy Cookie: banner cookie
2:02 AM: administrator@banner[1].txt (ID = 2276)
2:02 AM: Found Spy Cookie: belnk cookie
2:02 AM: administrator@belnk[1].txt (ID = 2292)
2:02 AM: Found Spy Cookie: casalemedia cookie
2:02 AM: administrator@casalemedia[1].txt (ID = 2354)
2:02 AM: administrator@disney.go[1].txt (ID = 2729)
2:02 AM: administrator@dist.belnk[2].txt (ID = 2293)
2:02 AM: Found Spy Cookie: ru4 cookie
2:02 AM: administrator@edge.ru4[2].txt (ID = 3269)
2:02 AM: Found Spy Cookie: fastclick cookie
2:02 AM: administrator@fastclick[2].txt (ID = 2651)
2:02 AM: administrator@go[2].txt (ID = 2728)
2:02 AM: administrator@media.fastclick[1].txt (ID = 2652)
2:02 AM: administrator@revenue[2].txt (ID = 3257)
2:02 AM: Found Spy Cookie: rn11 cookie
2:02 AM: administrator@rn11[2].txt (ID = 3261)
2:02 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
2:02 AM: Starting File Sweep
2:59 AM: Warning: Unhandled Archive Type
2:59 AM: File Sweep Complete, Elapsed Time: 00:57:39
2:59 AM: Full Sweep has completed. Elapsed time 01:01:11
2:59 AM: Traces Found: 25
********
1:55 AM: | Start of Session, Saturday, January 21, 2006 |
1:55 AM: Spy Sweeper started
1:56 AM: Your spyware definitions have been updated.
1:58 AM: | End of Session, Saturday, January 21, 2006 |
:huh: :huh:

#18 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:32 PM

Posted 21 January 2006 - 06:24 AM

Ok..

You can now uninstall SpySweeper if you want to. Since it's only 2 week trial, and not an important part of the cleaning process, go ahead.

Now, please download SpywareBlaster by Javacool

It's a freeware program and quite small as well, it won't take memory. And it does a good job.

Choose one of the download mirrors (Doesn't matter which one, although the first one is the most used so it might take some time to download from it.)

Once downloaded, install the program. Finish the installation and launch SpywareBlaster. You can just click "Next" everytime it shows you an tutorial-like window at first. Once the tutorial is gone.. Update SpywareBlaster. Click "Updates" -> "Check for Updates". It will check for any current definition updates, and once finished, click "Back". Then go to the "Protection"- tab. Click "Enable all Protection". Close the program. It doesn't need to be open to protect your computer from bad spyware/malware download & installation attempts. Just update it from time to time. Once done, please post a fresh HijackThis log and let me know how's the system running. :thumbsup:
Hi there, stranger!

#19 nixx

nixx
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 21 January 2006 - 03:14 PM

hi there! huh.gif

followed your instructions.. here's the hijackthis logfile


Logfile of HijackThis v1.99.1
Scan saved at 3:56:57 AM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Host Integration Server\system\ddmserv.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\\FaxCtrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [z-WrDialer] C:\Program Files\WinPoET Broadband Connection\WrDialer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124361280343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129563541140
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://removed/photos/uploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EAA702-3B15-496E-B93F-64F702C41D1A}: NameServer = 203.172.11.21 203.172.11.25
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



hmm ad.yieldmanager still bugs me because when i go to some sites such as removed to post photos, when its loading theres something written at the bottom part of the window that says "opening page http://...." right? well after a few seconds that would change to "opening page http://ad.yieldmanager.com/imp?z=1&s=4082&...2F..........its really long" then the page won't load anymore because it would switch back to the first "opening page" then switch back to the opening ad.yieldmanager.com something huh.gif

Edited by Orange Blossom, 02 March 2018 - 04:31 PM.


#20 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:32 PM

Posted 22 January 2006 - 08:15 AM

Download Ewido Anti-Malware MicroScanner (English language only)

Double-click ewido_micro.exe

If your active Firewall prompts you, please allow all the connections to this program.

Now, make sure all 4 boxes are checked and click "Start Scan"

Once the Scan has completed, be sure all items found have a check by them and click "Remove Infections"

Click " Yes" to the prompt that follows.

Now, please reboot. After reboot..

Post a fresh HijackThis log and tell me about this entry, is it needed for something;

O17 - HKLM\System\CCS\Services\Tcpip\..\{79EAA702-3B15-496E-B93F-64F702C41D1A}: NameServer = 203.172.11.21 203.172.11.25 :thumbsup:
Hi there, stranger!

#21 nixx

nixx
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 January 2006 - 10:48 AM

hello

is that the same ewido program that you told me to download before? because thats the program im getting :thumbsup:

#22 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:32 PM

Posted 22 January 2006 - 11:12 AM

Nope.. It's not the same. It's an online scan, the earlier was a full software. Are you sure you're getting the same installer? But anyways, that's not critical. Could you tell me about the 017 line in HijackThis.. I'll research on it though, but if you can save me from researching and know if you need it or not, could be helpful. It might be the problem, or not :thumbsup:
Hi there, stranger!

#23 nixx

nixx
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 January 2006 - 12:06 PM

hey

yeah i was getting the same program but i searched it off the net and found the program you wanted me to download.. with the four checkboxes huh.gif anyway, here's the fresh hijackthis logfile


Logfile of HijackThis v1.99.1
Scan saved at 1:00:03 AM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Host Integration Server\system\ddmserv.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\\FaxCtrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [z-WrDialer] C:\Program Files\WinPoET Broadband Connection\WrDialer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124361280343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129563541140
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://removed/photos/uploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EAA702-3B15-496E-B93F-64F702C41D1A}: NameServer = 203.172.11.21 203.172.11.25
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



as for the O17 thingy, i dont know what thats for but a certain website wasnt loading before so i called my dsl provider. they told me that they changed their DNS whatever that is and gave me those values to put in the primary and alternate DNS's. huh.gif

Edited by Orange Blossom, 02 March 2018 - 04:32 PM.


#24 nixx

nixx
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 January 2006 - 12:10 PM

oh by the way, the ad.yieldmanager.com pop-ups were already popping up even before i put those values in the DNS, i dont know if that information helps..but im guessing thats not the problem then since the pop-ups were present even before i changed the DNS? i dont think im making sense. haha :thumbsup:

#25 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:32 PM

Posted 23 January 2006 - 11:11 AM

Umm, I'm starting to drop out of this situation. You're log has been seeming just fine.

Fix these,

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


Then, could you do me a favor and try Firefox, then tell me if Ad yealdmanager bugs you with it aswell;

Mozilla Firefox

Post back and let me know. :thumbsup:
Hi there, stranger!

#26 nixx

nixx
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 23 January 2006 - 12:37 PM

done as requested :thumbsup:

hmm the mozilla firefox works fine. its fast too huh? and the ad.yieldmanager.com thing at the bottom still appears but it loads!! amazing! :flowers: maybe my ie's busted then?

thanks for the help rawe! :huh:

#27 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:32 PM

Posted 24 January 2006 - 01:23 AM

Well, I refuse to believe we can't get ya cleaned up.. Although I would recommend Mozilla Firefox once we do that, anyways. As for now, you could keep up with it (do any modifications necessary.. Loads of themes/Plug-ins/add-ons downloadable :thumbsup: )

I'll ask for a bit of help from other Staff members.. If they'd have an idea.

Although, you could post this and I'll look if there's something unnecessary (or bad):
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post

Hi there, stranger!

#28 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:32 PM

Posted 28 January 2006 - 05:13 AM

Hi, do you still need help with the problem? :thumbsup:
Hi there, stranger!

#29 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:32 PM

Posted 12 February 2006 - 10:33 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users