TheTechGuide Forum

General Category => Tech Clinic => Topic started by: anj on December 01, 2005, 02:45:54 PM

Title: HELLO CAN SOMEBODY HEL ME
Post by: anj on December 01, 2005, 02:45:54 PM

Hi my names anj and ive having problems with my laptop whenever i run a ewido scan it finds yieldmanger i have tried adaware and spyware and i have gone into safe mode to run ewido scan but when i return to normal mode and i run  a scan it finds this yielmanger can someplease help me below is a post of my hijack this
Logfile of HijackThis v1.99.1
Scan saved at 19:38:18, on 01/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Clevo\AutoMailChkr\MailChkr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AutoMailChecker] C:\Program Files\Clevo\AutoMailChkr\MailChkr.exe
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

Title: HELLO CAN SOMEBODY HEL ME
Post by: guestolo on December 01, 2005, 09:21:37 PM

This  would help
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
Post that whole report back here

Title: HELLO CAN SOMEBODY HEL ME
Post by: anj on December 02, 2005, 03:21:39 PM

Hi thanks for replying to my post i did another scan with ewido and below is what it found

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         20:17:37, 02/12/2005
 + Report-Checksum:      F6FE00C8

 + Scan result:

   :mozilla.29:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\OEM\Application Data\Mozilla\Firefox\Profiles\liscd1l1.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup


::Report End

Title: HELLO CAN SOMEBODY HEL ME
Post by: guestolo on December 02, 2005, 11:52:48 PM

Can you do the following please
 Can you install this free tool
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

Check for updates every couple of weeks
after every update just simply click the "enable protection...."

afterwards
do the following
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done
Reboot the computer

Anymore problems with yieldmanager?