Help in Analyzing ComboFix logs

Discussion in 'Malware Help (A Specialist Will Reply)' started by suzyqueue, Aug 12, 2008.

  1. suzyqueue

    suzyqueue Private E-2

    Can someone help me to analyze my Combofix log? I have followed the directions for cleaning my system and removing malware. This is the second to last step before using MGTools and I want to identify any problems I still have after running SuperAntiSpyware, Spybot, Malwarebytes Anti-Malware and Combofix.

    Thanks in advance for your help.
     
    Last edited: Aug 12, 2008
    suzyqueue, Aug 12, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You need to attach (not post inline) all 4 logs (this includes the log from MGtools) from the READ & RUN ME. We cannot and do not work from just a ComboFix log.
     
    chaslang, Aug 13, 2008
    #2
  3. suzyqueue

    suzyqueue Private E-2

    I am not sure of which logs that you need, so I am posting a few.

    Thanks.
     

    Attached Files:

    suzyqueue, Aug 14, 2008
    #3
  4. suzyqueue

    suzyqueue Private E-2

    And here is the MGLogs.zip file.
     

    Attached Files:

    suzyqueue, Aug 14, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The logs we need were listed in the cleaning instructions. ( see step 3 of Windows XP Cleaning Procedure ) They do not ask for a HijackThis log.

    You need to attach the SUPERAntiSpyware and Malwarebytes logs.

    Based on what I see thus far I do not see any malware issues. Why did you run the cleaning procedures?

    You did miss uninstalling Viewpoint Media Player as requested in step 1 of the READ & RUN ME. And you are running Spybot's Teatimer which we did specify not to use.
     
    Last edited: Aug 14, 2008
    chaslang, Aug 14, 2008
    #5
  6. suzyqueue

    suzyqueue Private E-2

    Sorry; here are the two logs that were missing. I did disable the tea timer, but I think there were somehow 2 versions of Spybot installed - one was done before.

    I also uninstalled the Viewpoint Media Player.

    I'm sorry fo rmy mistakes, I am trying to figure out what is the matter with this computer. There is definitely a problem with Windows Explorer. When I type in a webpage; i.e. CNN; it will open for about 2 seconds and then I get an error message from a Dell browser (it is a Dell computer) saying that: Sorry, we couldn't find http://ads.cnn.com/html.ng/site. Here are some related websites:

    Then, if I try and click on one of those, which would include a link to the same CNN link, I get a pop-up message box saying that "Problems from this webpage may prevent it from being displayed properly or functioning properly."

    Or if I try Yahoo, I get this message Sorry, we couldn't find http://ad.yieldmanager.com/st?ad_type. Here are some related websites. All of the websites cite Ad.yieldmanager removal tools and links for spyware removal.

    However, I don't see the ad.yyieldmanager in any of the spyware programs I've run.

    In fact, in order to get to this page, I have to use Firefox as my web browser.

    Any help on this matter would be appreciated.
     

    Attached Files:

    suzyqueue, Aug 14, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    ad.yieldmanager is not malware. It is just cookies and links to advertising sites to display ads on some of the pages you are accessing (example www.yahoo.com will show several of these). And you are blocking them because ad.yieldmanager sites have probably been added to your Restricted Zone. The URL Assistant program that DELL forced down your throat is redirecting you. So uninstall URL Assistant

    If you sure to yahoo.com and then look at the Privacy Report by double clicking on the eye with the Red Minus sign on it (see the bottom of your IE window), you will see something like the below.

    yieldmanager.jpg

    Notice the yieldmanager entries along with a few others.
     
    Last edited: Aug 14, 2008
    chaslang, Aug 14, 2008
    #7
  8. suzyqueue

    suzyqueue Private E-2

    Thank you so much for all of your invaluable help; I think that removing the URL Assistant application has solved my issue. However, I have one more quick question, should I leave the adyieldmanager in my Restricted Zone or should I remove it from that list?

    p.s. you guys Rock and made my awful week somewhat redeemable! :)
     
    suzyqueue, Aug 15, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I would just leave it there as they are just ads and most of the time you probably don't care about them anyway.
     
    chaslang, Aug 15, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds