Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: ad.yieldmanager.com infection


(!)

GidgNMoon's Avatar
GidgNMoon GidgNMoon is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Aug 2004
Location: Anaheim, CA
Experience: Intermediate
07-Feb-2009, 10:17 PM #1
ad.yieldmanager.com infection
Hello Tech Support Guy geniuses,

This is the only sure fire place I know of to come for help.

We purchased a new computer a while ago (over a year) and only just now have had the time and motivation to switch our usage from the old one to the new one.

We use Carbonite, so we restored our backed up data from Carbonite to the new computer. That took WAY TOO LONG! But I digress. We also run Spybot, Clamwin and Windows Defender (WD was loaded after I found out we have yieldmanager thingy). I have Spybot set to run a scan every morning and every morning it catches that stinking ad.yieldmanager.com cookie. It fixes it and the very next day it happens again.

The old computer is not infected. The new computer is running XP Professional and IE7.

Here is my Hijackthis scan log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:36 PM, on 2/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Rice%20Jim%20and%20Carol/My%20Documents/blank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134415597281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1232431095500
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 4908 bytes

Anything you can do to help would be greatly appreciated!
Carol & Jim
GidgNMoon's Avatar
GidgNMoon GidgNMoon is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Aug 2004
Location: Anaheim, CA
Experience: Intermediate
09-Feb-2009, 11:09 AM #2
Bumping back up to the top-Ad.Yieldmanager Issue
Just wanted to get some help. Spybot catches this cookie every day, fixes it and then it's back again the next morning. I noticed yesterday the clock on my computer was set to 24 hour time all of a sudden. I didn't do it. I had to go through some gyrations to get it back to 12 hour. Not sure if it's related.

Thanks,
Carol & Jim
GidgNMoon's Avatar
GidgNMoon GidgNMoon is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Aug 2004
Location: Anaheim, CA
Experience: Intermediate
11-Feb-2009, 01:59 PM #3
Bumping back up to the top-2nd time
Ok. I'm beginning to feel ignored. I know this is not an easy fix, but I really need help.

Thanks,
Carol & Jim
GidgNMoon's Avatar
GidgNMoon GidgNMoon is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Aug 2004
Location: Anaheim, CA
Experience: Intermediate
12-Feb-2009, 12:18 PM #4
Bumping back up to the top-3rd time
Just trying to get some help...
GidgNMoon's Avatar
GidgNMoon GidgNMoon is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Aug 2004
Location: Anaheim, CA
Experience: Intermediate
15-Feb-2009, 01:54 PM #5
Unhappy 4th try
I don't need patience, I need a frontal lobotomy.
GidgNMoon's Avatar
GidgNMoon GidgNMoon is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Aug 2004
Location: Anaheim, CA
Experience: Intermediate
16-Feb-2009, 12:39 PM #6
Thumbs up I think I fixed it!
I read a previous thread where Cheeseball told the member to change the privacy settings to prompt for first party cookies and block for third party cookies and it seems to have worked, at least on my morning spybot scan there was no Ad.Yieldmanager.com found.

The down side is you have to allow cookies from the sites you visit frequently but you only have to do it once and IE7 will remember. There is a check box that says "Apply my decision to all cookies from this website" and then click on "allow cookie" and you will be fine.

I think I get this nuisance from Yahoo. So if you go there, you will get boraged with cookie requests (first party) when you logon and you have to allow most of them or Yahoo won't let you in. I think this really applies to the third party cookies, however.

Carol & Jim
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑