Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ad.yieldmanager.com and other IE ads pop ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 13th, 2010, 5:28 am

Please run a quick scan with Malwarebytes, post the log in your next reply and let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 13th, 2010, 8:44 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4397

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/12/2010 15:35:21
mbam-log-2010-08-12 (15-35-21).txt

Scan type: Quick scan
Objects scanned: 150591
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



IE ad pop ups still open by themselves once in a while, but not that often anymore.
Wireshark still has some dns queries to sites like ad.xxxxxxxxxxxxx.com etc..
it seems better, though.
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 13th, 2010, 8:55 am

Hi ThreadKiller,

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.

Download Bootkit remover to your desktop
This is a rar file if you do not have a program to open it then download and install Peazip

  • Extract Remover.exe to your desktop
  • Double click Remover.exe to run it
  • It will show a Black screen with some data on it
  • Right click on the screen and select > Select All
  • Press Control+C
  • Now open a notepad and press Control+V
  • Post the resultant log here please
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 13th, 2010, 9:03 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000013c

Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EB4000 spre.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E6E000 ACPI.sys
0xB7E5D000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7E3E000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E18000 dmio.sys
0xB8330000 PartMgr.sys
0xB8338000 pavboot.sys
0xB80C8000 VolSnap.sys
0xB7E00000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DE0000 fltmgr.sys
0xB7DCE000 sr.sys
0xB80F8000 PxHelp20.sys
0xB7DB7000 KSecDD.sys
0xB7D2A000 Ntfs.sys
0xB7CFD000 NDIS.sys
0xB7CE3000 Mup.sys
0xB7599000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6BA6000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6B92000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6B6E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6B46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6B2C000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB7589000 \SystemRoot\system32\drivers\es1371mp.sys
0xB6B08000 \SystemRoot\system32\drivers\portcls.sys
0xB7579000 \SystemRoot\system32\drivers\drmk.sys
0xB6AE5000 \SystemRoot\system32\drivers\ks.sys
0xB7569000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB7CB3000 \SystemRoot\system32\drivers\pfc.sys
0xB8128000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8138000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8470000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB6AAC000 \SystemRoot\System32\Drivers\a3lv0bmf.SYS
0xB8785000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8148000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7C9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6A95000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8168000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6A84000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8178000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6A54000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8188000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB83C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB5D36000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C83000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8580000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xB35E7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB860A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87D0000 \SystemRoot\System32\Drivers\Null.SYS
0xB860C000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8400000 \SystemRoot\System32\drivers\vga.sys
0xB860E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8610000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8408000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8410000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB5D26000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3564000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB350B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB34E3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB34BD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xB349B000 \SystemRoot\System32\drivers\afd.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3470000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB87DA000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB3400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8208000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8218000 \SystemRoot\system32\DRIVERS\easdrv.sys
0xB4BF6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8248000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB4BEA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB4BE6000 \SystemRoot\system32\DRIVERS\wdcsam.sys
0xB8420000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB35E3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB33C0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8616000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB35BF000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8428000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB873A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB308C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2D83000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB2CE6000 \SystemRoot\system32\DRIVERS\eamon.sys
0xB2C3E000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB2C1A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB2BC3000 \SystemRoot\system32\DRIVERS\srv.sys
0xB3108000 \SystemRoot\system32\drivers\npf.sys
0xB30F8000 \??\C:\WINDOWS\system32\Drivers\NvNdis.sys
0xB2A83000 \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
0xB2A5B000 \??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
0xB84B0000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xB251E000 \SystemRoot\system32\drivers\wdmaud.sys
0xB29FB000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1819000 \SystemRoot\System32\Drivers\HTTP.sys
0xB21D8000 \SystemRoot\System32\Drivers\usbaapl.sys
0xB17AD000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB11B1000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 41):
0 System Idle Process
4 System
668 C:\WINDOWS\system32\smss.exe
1236 csrss.exe
1340 C:\WINDOWS\system32\winlogon.exe
1416 C:\WINDOWS\system32\services.exe
1436 C:\WINDOWS\system32\lsass.exe
1636 C:\WINDOWS\system32\nvsvc32.exe
1684 C:\WINDOWS\system32\svchost.exe
1920 C:\WINDOWS\system32\svchost.exe
1932 svchost.exe
2036 C:\WINDOWS\system32\svchost.exe
292 svchost.exe
476 svchost.exe
604 C:\WINDOWS\system32\spoolsv.exe
996 C:\WINDOWS\system32\svchost.exe
1024 svchost.exe
1072 C:\Program Files\Bonjour\mDNSResponder.exe
1104 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1280 C:\Program Files\Java\jre6\bin\jqs.exe
1308 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1856 C:\WINDOWS\system32\PnkBstrA.exe
1876 C:\WINDOWS\system32\PnkBstrB.exe
1980 C:\WINDOWS\system32\svchost.exe
2000 C:\WINDOWS\system32\TUProgSt.exe
852 alg.exe
2564 C:\WINDOWS\explorer.exe
2180 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2152 C:\WINDOWS\RTHDCPL.EXE
2160 C:\Program Files\iTunes\iTunesHelper.exe
3196 C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
828 C:\WINDOWS\system32\ctfmon.exe
3056 C:\Program Files\SpywareGuard\sgmain.exe
3544 C:\Program Files\SpywareGuard\sgbhp.exe
4068 C:\Program Files\iPod\bin\iPodService.exe
2308 C:\Program Files\FlashGet\flashget.exe
2768 C:\PROGRA~1\THEKMP~1\KMPlayer.exe
2864 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2408 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3920 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3780 C:\Documents and Settings\Omer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000037`675d8200 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-65YGA0, Rev: 12.01C02
PhysicalDrive1 Model Number: WDMy Book 1111, Rev: 2003

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 5633D023980EBC9FD69EF1D492E6A8D840545412
1396 GB \\.\PhysicalDrive1 RE: Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 5633D023980EBC9FD69EF1D492E6A8D840545412


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!








Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: dbaa48723986907e522e05e4d0070f24

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 13th, 2010, 9:38 am

Hi ThreadKiller,

The infection that you have is stored in the boot section of your hard disk. Failure of this "MBR" to do its job properly would result in a machine that could not boot up at all, so any changes to the MBR have to be done very carefully.

In your case, a replacement of the MBR with a standard one would most likely work, but is not without risk. If you understand the risks involved and are prepared to reinstall the operating system if things go wrong we can proceed.

Please let me know what you would like to do.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 13th, 2010, 9:51 am

Hi deltalima,

in addition to the internal HD (which has 2 partitions C: and F:) i also have an External 1.5TB HD (I:).
as far as i know, when trying to fix MBR viruses, worst case scenario is that C: will be problematic and may not boot at all (until reinstalling the OS) but the external HD will not be effected in any way.
in that case, i would like us to proceed. if we think that the data on my external HD might get effected in the process, i will have to consider my actions.
in any event, i will NOT hold you responsible for any damage to the existing data. i would just like to hear your professional opinion in this matter.

ThreadKiller
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 13th, 2010, 9:55 am

Hi ThreadKiller,

worst case scenario is that C: will be problematic and may not boot at all (until reinstalling the OS) but the external HD will not be effected in any way.


That is correct.

As an extra precaution it may be wise to disconnect the external drive while we do the fix.


Run Combofix

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 13th, 2010, 10:29 am

ComboFix 10-08-12.03 - Omer 08/12/2010 17:15:29.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3326.2903 [GMT 2:00]
Running from: c:\documents and settings\Omer\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.

2010-08-11 18:01 . 2010-08-11 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-08-10 01:43 . 2010-08-10 01:43 3584 ----a-r- c:\documents and settings\Omer\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-08-10 01:43 . 2010-08-10 01:43 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-08-10 01:43 . 2010-08-10 01:43 -------- d-----w- c:\program files\MSECACHE
2010-08-08 21:44 . 2010-08-08 21:44 388096 ----a-r- c:\documents and settings\Omer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-05 17:31 . 2010-08-05 18:45 -------- d-----w- c:\program files\Fraps
2010-08-05 11:25 . 2010-08-05 13:46 -------- d-----w- c:\documents and settings\Omer\.shsh
2010-08-05 00:57 . 2010-08-05 00:57 -------- d-----w- c:\program files\Nuclear Coffee
2010-08-05 00:36 . 2010-08-05 00:36 -------- d-----w- c:\documents and settings\Omer\Local Settings\Application Data\Thinstall
2010-08-05 00:08 . 2010-08-05 00:08 -------- d-----w- c:\program files\FDRLab
2010-08-04 23:40 . 2010-08-04 23:40 -------- d-----w- c:\program files\Neoretix
2010-08-04 23:38 . 2010-08-04 23:39 -------- d-----w- c:\program files\SpywareGuard
2010-08-04 22:51 . 2010-08-04 22:51 -------- d-----w- c:\documents and settings\Omer\Application Data\Malwarebytes
2010-08-04 22:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 22:51 . 2010-08-04 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 22:51 . 2010-08-04 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-04 22:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 21:45 . 2010-08-04 21:45 -------- d-----w- c:\documents and settings\Omer\Application Data\Scooter Software
2010-08-04 21:44 . 2010-08-04 21:45 -------- d-----w- c:\program files\Beyond Compare 3
2010-08-04 21:25 . 2010-08-07 19:02 -------- d-----w- C:\HijackThis
2010-08-04 20:40 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-04 20:40 . 2010-08-04 20:40 -------- d-----w- c:\program files\Panda Security
2010-08-04 20:23 . 2010-08-04 20:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-08-04 20:23 . 2010-08-04 20:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-04 19:46 . 2010-08-04 19:46 -------- d-----w- c:\program files\iPod
2010-08-04 19:46 . 2010-08-04 19:47 -------- d-----w- c:\program files\iTunes
2010-08-04 19:38 . 2010-08-04 19:38 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 20:58 . 2010-07-31 08:29 -------- d-----w- c:\program files\InCode Solutions
2010-07-24 15:25 . 2010-07-24 15:25 -------- d-----w- c:\documents and settings\Omer\Local Settings\Application Data\Threat Expert
2010-07-24 09:58 . 2010-07-24 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-24 09:16 . 2010-07-24 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-24 09:16 . 2010-07-24 09:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-24 09:03 . 2010-07-24 09:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-07-22 23:40 . 2010-07-22 23:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-22 23:29 . 2010-07-22 23:29 -------- d-----w- c:\documents and settings\Omer\Local Settings\Application Data\Sunbelt Software
2010-07-22 23:29 . 2010-08-03 20:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-22 23:29 . 2010-07-12 08:56 2979280 -c----w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-22 23:29 . 2010-08-03 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-22 23:29 . 2010-07-22 23:29 -------- d-----w- c:\program files\Lavasoft
2010-07-22 21:33 . 2010-07-22 21:33 -------- d-----w- c:\program files\Trend Micro
2010-07-22 21:29 . 2009-01-13 23:24 0 ----a-w- c:\documents and settings\Omer\Application Data\WinPatrol\Config.sys
2010-07-22 21:29 . 2009-01-13 23:24 0 ----a-w- c:\documents and settings\Omer\Application Data\WinPatrol\Autoexec.bat
2010-07-22 21:29 . 2010-07-22 21:29 -------- d-----w- c:\documents and settings\Omer\Application Data\WinPatrol
2010-07-22 17:30 . 2010-07-22 17:30 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-22 17:30 . 2010-07-22 17:30 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-19 19:04 . 2010-06-30 15:24 424960 ---h--w- c:\documents and settings\Omer\Application Data\Any Video Converter Professional.exe.Exe
2010-07-14 19:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 14:51 . 2009-01-14 18:48 -------- d-----w- c:\program files\FlashGet
2010-08-11 19:50 . 2009-01-14 18:17 -------- d-----w- c:\program files\ESET
2010-08-11 19:46 . 2010-04-08 15:14 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-11 19:25 . 2010-04-08 15:14 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-10 01:06 . 2009-01-14 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-07 21:28 . 2009-11-06 15:19 -------- d-----w- c:\program files\MP3 Speed Changer
2010-08-07 21:28 . 2009-01-14 18:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-07 18:44 . 2009-01-13 23:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 18:44 . 2009-06-21 19:18 -------- d-----w- c:\program files\CyberLink
2010-08-07 18:42 . 2009-06-21 19:15 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-08-04 20:22 . 2010-04-08 06:37 -------- d-----w- c:\program files\TeamViewer
2010-08-04 20:22 . 2009-10-04 08:12 -------- d-----w- c:\documents and settings\Omer\Application Data\Dropbox
2010-08-04 19:46 . 2009-10-14 21:06 -------- d-----w- c:\program files\Common Files\Apple
2010-08-03 20:10 . 2009-06-20 17:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-03 18:36 . 2009-02-13 11:57 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-07-28 23:51 . 2010-03-30 12:02 -------- d-----w- c:\program files\The KMPlayer
2010-07-26 22:14 . 2009-03-30 18:08 -------- d-----w- c:\documents and settings\Omer\Application Data\U3
2010-07-23 19:21 . 2010-05-12 22:23 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-23 17:19 . 2010-07-02 16:07 -------- d-----w- c:\program files\PCFriendly
2010-07-23 17:13 . 2009-01-14 18:47 -------- d-----w- c:\program files\Babylon
2010-07-23 17:08 . 2010-06-10 12:11 -------- d-----w- c:\program files\Blur
2010-07-22 23:48 . 2009-03-27 19:05 -------- d-----w- c:\program files\UlisesSoft
2010-07-19 22:15 . 2009-09-23 16:00 -------- d-----w- c:\documents and settings\Omer\Application Data\vlc
2010-07-19 19:04 . 2009-01-14 00:31 145048 ----a-w- c:\documents and settings\Omer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 10:26 . 2009-03-21 17:03 -------- d-----w- c:\documents and settings\Omer\Application Data\dvdcss
2010-07-10 16:26 . 2010-07-10 16:26 -------- d-----w- c:\documents and settings\Omer\Application Data\Wireshark
2010-07-10 15:22 . 2010-07-10 15:22 -------- d-----w- c:\program files\Wireshark
2010-07-10 15:22 . 2010-07-10 15:22 -------- d-----w- c:\program files\WinPcap
2010-07-10 08:56 . 2010-07-10 08:37 -------- d-----w- c:\documents and settings\Omer\Application Data\CUE Tools
2010-07-10 08:37 . 2010-07-10 08:36 -------- d-----w- c:\program files\CUETools_2.0.9
2010-07-10 08:37 . 2010-07-10 08:37 -------- d-----w- c:\documents and settings\Omer\Application Data\CUERipper
2010-07-10 08:34 . 2010-07-09 20:52 -------- d-----w- c:\program files\LucasArts
2010-07-09 23:08 . 2009-08-21 10:25 -------- d-----w- c:\documents and settings\Omer\Application Data\LucasArts
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 19:42 . 2010-06-27 19:42 -------- d-----w- c:\program files\Steinberg
2010-06-27 19:42 . 2009-04-03 10:48 -------- d-----w- c:\program files\Vstplugins
2010-06-27 19:41 . 2009-08-14 06:39 -------- d-----w- c:\program files\PowerTracks DirectX Plugins
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 09:52 . 2010-06-18 09:52 -------- d-----w- c:\program files\Bonjour
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 01:47 . 2010-06-15 01:47 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-14 14:31 . 2009-01-13 23:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-11-20 155904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

c:\documents and settings\Omer\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\I:\0autocheck autochk *

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
"Google Update"="c:\documents and settings\Omer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe"
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"M-Audio Taskbar Icon"=c:\windows\System32\M-AudioTaskBarIcon.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Omer\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\eclipse\\eclipse.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/4/2010 22:40 28552]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/13/2008 16:52 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/13/2008 16:49 472320]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 20:19 50704]
R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [8/14/2009 8:39 188276]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 EsetNod32Fix;Nod32 AV;c:\windows\regedit.exe [8/4/2004 14:00 146432]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/14/2009 1:43 1691480]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MADFU;M-Audio KeyStudio 49i DFU Driver;c:\windows\system32\drivers\M-Audio_KeyStudio49i_DFU.sys [10/6/2009 23:43 23048]
S3 MAUSBKS;Service for M-Audio KeyStudio IO (WDM);c:\windows\system32\drivers\mausbks.sys [10/6/2009 23:43 138760]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 16:53 55664]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4/16/2010 18:43 11520]
S3 Wirelecf;Friendly WI-FI Wirelesscfg Util Win2000 XP;c:\windows\system32\drivers\Wirelecf.SYS [9/7/2005 11:09 17230]
S4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [4/3/2009 4:01 1680704]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/15/2009 9:02 691696]
S4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2/26/2010 8:58 110592]
S4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 20480]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]

2010-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-963894560-682003330-1003Core.job
- c:\documents and settings\Omer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-18 20:08]

2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-963894560-682003330-1003UA.job
- c:\documents and settings\Omer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-18 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///E:/setup/RiffLick.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 17:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,05,88,53,f6,df,75,40,8e,7a,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,05,88,53,f6,df,75,40,8e,7a,a7,\

[HKEY_USERS\S-1-5-21-1614895754-963894560-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:f5,1a,e7,5b,bc,9b,3f,c9,90,28,86,db,d7,a8,8a,71,d5,46,34,a7,f8,5f,b9,
30,1a,34,49,a7,9e,a7,48,0e,29,1c,a2,6e,e3,f2,f1,9b,4a,b7,07,c7,33,45,31,3b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1614895754-963894560-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e9,2b,97,2a,96,f1,ad,9c,e3,fd,99,75,5c,06,73,06,14,c0,68,99,bf,
08,35,04,af,e5,1b,44,a2,cd,dc,1c,07,ae,79,ec,6a,e6,5e,56,29,a1,e2,fe,4b,d2,\
"rkeysecu"=hex:0b,a6,50,cd,15,73,68,4d,84,9a,d7,97,21,91,c9,78
.
Completion time: 2010-08-12 17:26:32
ComboFix-quarantined-files.txt 2010-08-12 15:26

Pre-Run: 160,042,225,664 bytes free
Post-Run: 160,866,013,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2C054E0DFCEB8DFF8F67B2098C499A52
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 13th, 2010, 12:53 pm

Hi ThreadKiller,

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Next reboot the computer.

Now please run a new scan with MBRCheck, post the log in your next reply and let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 13th, 2010, 4:29 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000012c

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB8338000 pavboot.sys
0xB80C8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltmgr.sys
0xB7ED9000 sr.sys
0xB80F8000 PxHelp20.sys
0xB7EC2000 KSecDD.sys
0xB7E35000 Ntfs.sys
0xB7E08000 NDIS.sys
0xB7DEE000 Mup.sys
0xB76FC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6CF9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6CE5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8450000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6CC1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8458000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6C99000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6C7F000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB76EC000 \SystemRoot\system32\drivers\es1371mp.sys
0xB6C5B000 \SystemRoot\system32\drivers\portcls.sys
0xB76DC000 \SystemRoot\system32\drivers\drmk.sys
0xB6C38000 \SystemRoot\system32\drivers\ks.sys
0xB76CC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85A0000 \SystemRoot\system32\drivers\pfc.sys
0xB76BC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8138000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8460000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8784000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8148000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7DCA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6C21000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8168000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8468000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6C10000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8178000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8470000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8478000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6BE0000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8198000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8480000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8488000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85DE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6B82000 \SystemRoot\system32\DRIVERS\update.sys
0xB7DAE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8574000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xB81D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB863E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB4433000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB8642000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8709000 \SystemRoot\System32\Drivers\Null.SYS
0xB8644000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83D0000 \SystemRoot\System32\drivers\vga.sys
0xB8646000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8648000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83D8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6B7A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB43D8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB437F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB432F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4309000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8218000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB8228000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xB42E7000 \SystemRoot\System32\drivers\afd.sys
0xB8238000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB42BC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB8714000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB424C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8248000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8258000 \SystemRoot\system32\DRIVERS\easdrv.sys
0xB4A52000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8278000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB4A4E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8288000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB83E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB4A3A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB420C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB864A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB442F000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83F0000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB879D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3F04000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3C87000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3D5C000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2FE6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB2ED1000 \SystemRoot\system32\DRIVERS\eamon.sys
0xB2E29000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB2E05000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB2D86000 \SystemRoot\system32\DRIVERS\srv.sys
0xB3E3C000 \SystemRoot\system32\drivers\npf.sys
0xB3C47000 \??\C:\WINDOWS\system32\Drivers\NvNdis.sys
0xB2C96000 \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
0xB2C6E000 \??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
0xB83A0000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xB2845000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8448000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB4248000 \SystemRoot\system32\DRIVERS\wdcsam.sys
0xB1B4F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
764 csrss.exe
868 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1148 C:\WINDOWS\system32\nvsvc32.exe
1180 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1360 C:\WINDOWS\system32\svchost.exe
1484 svchost.exe
1528 svchost.exe
1676 C:\WINDOWS\system32\spoolsv.exe
156 C:\WINDOWS\explorer.exe
276 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
404 C:\WINDOWS\RTHDCPL.EXE
416 C:\Program Files\iTunes\iTunesHelper.exe
472 C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
480 C:\WINDOWS\system32\ctfmon.exe
788 C:\Program Files\SpywareGuard\sgmain.exe
816 C:\Program Files\SpywareGuard\sgbhp.exe
792 svchost.exe
844 C:\Program Files\Bonjour\mDNSResponder.exe
916 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1332 C:\Program Files\Java\jre6\bin\jqs.exe
1448 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1792 C:\WINDOWS\system32\PnkBstrA.exe
1808 C:\WINDOWS\system32\PnkBstrB.exe
1860 C:\WINDOWS\system32\svchost.exe
1936 C:\WINDOWS\system32\TUProgSt.exe
1004 C:\Program Files\iPod\bin\iPodService.exe
2636 alg.exe
3984 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
552 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4068 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
812 C:\Documents and Settings\Omer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000037`675d8200 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-65YGA0, Rev: 12.01C02
PhysicalDrive1 Model Number: WDMy Book 1111, Rev: 2003

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
1396 GB \\.\PhysicalDrive1 RE: Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 5633D023980EBC9FD69EF1D492E6A8D840545412


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


it seems that my external HD MBR is still infected, but C: is clean!!
in addition, not even one IE pop up in the last 4 hours.
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 13th, 2010, 4:47 pm

Hi ThreadKiller,

it seems that my external HD MBR is still infected, but C: is clean!!
in addition, not even one IE pop up in the last 4 hours.


Great, looks like main infection has been removed.

We need to fix that external disk to make sure it can't infect another system if it tries to boot off that disk.

Same warnings as before apply.


Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    "%userprofile%\desktop\remover.exe" fix \\.\PhysicalDrive1 >> results.txt
    start notepad results.txt
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.


Now run MBRCheck again and post the log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby ThreadKiller » August 13th, 2010, 5:08 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000012c

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB8338000 pavboot.sys
0xB80C8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltmgr.sys
0xB7ED9000 sr.sys
0xB80F8000 PxHelp20.sys
0xB7EC2000 KSecDD.sys
0xB7E35000 Ntfs.sys
0xB7E08000 NDIS.sys
0xB7DEE000 Mup.sys
0xB76FC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6CF9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6CE5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8450000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6CC1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8458000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6C99000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6C7F000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB76EC000 \SystemRoot\system32\drivers\es1371mp.sys
0xB6C5B000 \SystemRoot\system32\drivers\portcls.sys
0xB76DC000 \SystemRoot\system32\drivers\drmk.sys
0xB6C38000 \SystemRoot\system32\drivers\ks.sys
0xB76CC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85A0000 \SystemRoot\system32\drivers\pfc.sys
0xB76BC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8138000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8460000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8784000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8148000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7DCA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6C21000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8168000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8468000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6C10000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8178000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8470000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8478000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6BE0000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8198000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8480000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8488000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85DE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6B82000 \SystemRoot\system32\DRIVERS\update.sys
0xB7DAE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8574000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xB81D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB863E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB4433000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB8642000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8709000 \SystemRoot\System32\Drivers\Null.SYS
0xB8644000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83D0000 \SystemRoot\System32\drivers\vga.sys
0xB8646000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8648000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83D8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6B7A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB43D8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB437F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB432F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4309000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8218000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB8228000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xB42E7000 \SystemRoot\System32\drivers\afd.sys
0xB8238000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB42BC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB8714000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB424C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8248000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8258000 \SystemRoot\system32\DRIVERS\easdrv.sys
0xB4A52000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8278000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB4A4E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8288000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB83E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB4A3A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB420C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB864A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB442F000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83F0000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB879D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3F04000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3C87000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3D5C000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2FE6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB2ED1000 \SystemRoot\system32\DRIVERS\eamon.sys
0xB2E29000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB2E05000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB2D86000 \SystemRoot\system32\DRIVERS\srv.sys
0xB3E3C000 \SystemRoot\system32\drivers\npf.sys
0xB3C47000 \??\C:\WINDOWS\system32\Drivers\NvNdis.sys
0xB2C96000 \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
0xB2C6E000 \??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
0xB83A0000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xB2845000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8448000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB4248000 \SystemRoot\system32\DRIVERS\wdcsam.sys
0xB19C2000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
764 csrss.exe
868 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1148 C:\WINDOWS\system32\nvsvc32.exe
1180 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1360 C:\WINDOWS\system32\svchost.exe
1484 svchost.exe
1528 svchost.exe
1676 C:\WINDOWS\system32\spoolsv.exe
156 C:\WINDOWS\explorer.exe
276 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
404 C:\WINDOWS\RTHDCPL.EXE
416 C:\Program Files\iTunes\iTunesHelper.exe
472 C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
480 C:\WINDOWS\system32\ctfmon.exe
788 C:\Program Files\SpywareGuard\sgmain.exe
816 C:\Program Files\SpywareGuard\sgbhp.exe
792 svchost.exe
844 C:\Program Files\Bonjour\mDNSResponder.exe
916 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1332 C:\Program Files\Java\jre6\bin\jqs.exe
1448 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1792 C:\WINDOWS\system32\PnkBstrA.exe
1808 C:\WINDOWS\system32\PnkBstrB.exe
1860 C:\WINDOWS\system32\svchost.exe
1936 C:\WINDOWS\system32\TUProgSt.exe
1004 C:\Program Files\iPod\bin\iPodService.exe
2636 alg.exe
3984 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
552 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4068 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3688 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3128 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3336 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4040 C:\Documents and Settings\Omer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1036 C:\Documents and Settings\Omer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000037`675d8200 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-65YGA0, Rev: 12.01C02
PhysicalDrive1 Model Number: WDMy Book 1111, Rev: 2003

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
1396 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


Done!



deltalima, you are my hero!! there are not enough words to express my appreciation :D :D :D
you are truly a professional, and a VERY good Malware Fighter :king:
you have helped me greatly. this nasty malware has been driving me crazy for almost a month now.
worst thing was when i was playing Bad Company 2, and just as i started firing at an enemy soldier, a pop up would appear (minimizing the game and taking me back to Windows),
and when i closed it and got back to the game, of course i was already dead :lol:

thanks again for all your help, you have been wonderful!
ThreadKiller
Regular Member
 
Posts: 15
Joined: August 8th, 2010, 2:43 pm

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby deltalima » August 13th, 2010, 5:14 pm

Hi ThreadKiller,

Glad we could help!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version


Remove GMER

Delete the GMER icon from your desktop.

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ad.yieldmanager.com and other IE ads pop ups

Unread postby Dakeyras » August 14th, 2010, 11:46 am

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware