I need major help fixing ad.yieldmanager

Joined
Feb 8, 2008
Messages
4
Reaction score
0
My Compaq Evo needs help removing ad.yieldmanager
I am using windows XP SP 2,
I can generate an Everest report if needed.
I am using Nortons, Avast and AVG, AdAware, Haute Secure, ATF Cleaner, Sygate Personal Firewall, RootkitBuster. All are updated, as is Windows.
When I go to Yahoo.com and log into my mail account, this is what I get redirected to that malware [link removed to protect others: mucks]

and now I cannot get my mail. This has been going on for a month and no one seems to be able to offer any suggestions.
I have run all the above programs over and over and in safe mode also. No Luck. Does anyone have any suggestions??? Thanks in advance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:44 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SYSTEM TOOLS\Lavasoft\Ad-Aware SE Personal\aawservice.exe
C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\PROGRA~1\SYSTEM~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CD and DVD Makers\CyberLink Powder DVD 7\PDVDServ.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\SYSTEM TOOLS\AVG Anti Spy\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MISC\WeatherBug\WeatherBug\Weather.exe
C:\PROGRA~1\GRAPHICS\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\HARDWARE\Fax\WINFAX\WFXCTL32.EXE
C:\PROGRA~1\GRAPHICS\WebShots\Webshots\Webshots.scr
C:\Program Files\SYSTEM TOOLS\AVG Anti Spy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SYSTEM TOOLS\Norton Systemworks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\SYSTEM~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SYSTEM~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\HARDWARE\Fax\WINFAX\WFXMOD32.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SYSTEM TOOLS\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\INTERNET TOOLS\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\INTERN~2\COPERN~2\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\SYSTEM TOOLS\Haute Secure\CtBho.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\HARDWARE\All In One\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\INTERNET TOOLS\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\HARDWARE\All In One\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\SYSTEM TOOLS\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\COMPAQ and HP and DELL\COMPAQ\COMPAQ\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] "C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\SYSTEM~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\Program Files\COMMUNICATIONS\ALLTEL DSL Check-up Center\ALLTEL DSL Check-up Center\bin\MotiveSB.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\SYSTEM TOOLS\Norton Systemworks\osCheck.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CD and DVD Makers\CyberLink Powder DVD 7\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CD and DVD Makers\CyberLink Powder DVD 7\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINDOWS\system32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\SYSTEM TOOLS\Norton Systemworks\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\SYSTEM TOOLS\AVG Anti Spy\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\MISC\WeatherBug\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\GRAPHICS\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE" /FU "C:\WINDOWS\TEMP\E_SE7.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\RunOnce: [*LogMeInRescue_552069356] "C:\WINDOWS\LMI5.tmp\lmi_rescue.exe" -runonce -gui (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [*LogMeInRescue_552069356] "C:\WINDOWS\LMI5.tmp\lmi_rescue.exe" -runonce -gui (User 'Default user')
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\GRAPHICS\WebShots\Webshots\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\GRAPHICS\WebShots\Webshots\Launcher.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\GRAPHICS\WebShots\Webshots\Launcher.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\HARDWARE\Fax\WINFAX\WFXCTL32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\INTERNET TOOLS\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\INTERN~2\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\INTERN~2\COPERN~2\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\SYSTEM TOOLS\Norton Systemworks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\SYSTEM TOOLS\Norton Systemworks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\INTERN~2\COPERN~2\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\SYSTEM TOOLS\Lavasoft\Ad-Aware SE Personal\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\SYSTEM TOOLS\AVG Anti Spy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\SYSTEM TOOLS\Norton Systemworks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\SYSTEM~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\SYSTEM~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax Basic Edition (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 12454 bytes


END OF MESSAGE
 
ad yieldmanager problem solved

Since it has been awhile since I posted and I know you were really busy, I posted this same problem on another forum (sorry guys) and here is what I was told to do:

"We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix



When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system."




Well, I did as I was told and installed and ran the ComboFix. I did not have to do anything except walk away for about 15 minutes (which I didn't, but I could have). When it finished, and generated a report, I tried to get into my mail account. Hey, it worked!!!!!!! This morning, I tried again, and Hurray, no sign of Ad. yieldmanager!!! So far so good. I have no idea what ComboFix did, but whatever it did, it worked.



So, thank you for your forum, and I hope the above "fix" might help someone else with this problem.
 
cheriebono said:
So, thank you for your forum, and I hope the above "fix" might help someone else with this problem.

Thanks for posting the solution, it's great to hear when people report back and fix problems :)
 
ad yieldmanager problem solved

I am told that "It was a bug with Yahoo! mail and their advertising sponsors. ComboFix restored whatever setting got off-track."

That's comforting to know...:rolleyes: Anyway, thanks for your time and this forum.
 
Last edited:
Back
Top