1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ad.yieldmanager.com infection

Discussion in 'Virus & Other Malware Removal' started by GidgNMoon, Feb 7, 2009.

Thread Status:
Not open for further replies.
  1. GidgNMoon

    GidgNMoon Thread Starter

    Aug 26, 2004
    Hello Tech Support Guy geniuses,

    This is the only sure fire place I know of to come for help.

    We purchased a new computer a while ago (over a year) and only just now have had the time and motivation to switch our usage from the old one to the new one.

    We use Carbonite, so we restored our backed up data from Carbonite to the new computer. That took WAY TOO LONG! But I digress. We also run Spybot, Clamwin and Windows Defender (WD was loaded after I found out we have yieldmanager thingy). I have Spybot set to run a scan every morning and every morning it catches that stinking ad.yieldmanager.com cookie. It fixes it and the very next day it happens again.

    The old computer is not infected. The new computer is running XP Professional and IE7.

    Here is my Hijackthis scan log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:58:36 PM, on 2/7/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ClamWin\bin\ClamTray.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Rice%20Jim%20and%20Carol/My%20Documents/blank.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134415597281
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232431095500
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    End of file - 4908 bytes

    Anything you can do to help would be greatly appreciated!
    Carol & Jim
  2. GidgNMoon

    GidgNMoon Thread Starter

    Aug 26, 2004
    Just wanted to get some help. Spybot catches this cookie every day, fixes it and then it's back again the next morning. I noticed yesterday the clock on my computer was set to 24 hour time all of a sudden. I didn't do it. I had to go through some gyrations to get it back to 12 hour. Not sure if it's related.

    Carol & Jim
  3. GidgNMoon

    GidgNMoon Thread Starter

    Aug 26, 2004
    Ok. I'm beginning to feel ignored. I know this is not an easy fix, but I really need help.

    Carol & Jim
  4. GidgNMoon

    GidgNMoon Thread Starter

    Aug 26, 2004
    Just trying to get some help...
  5. GidgNMoon

    GidgNMoon Thread Starter

    Aug 26, 2004
    I don't need patience, I need a frontal lobotomy.
  6. GidgNMoon

    GidgNMoon Thread Starter

    Aug 26, 2004
    I read a previous thread where Cheeseball told the member to change the privacy settings to prompt for first party cookies and block for third party cookies and it seems to have worked, at least on my morning spybot scan there was no Ad.Yieldmanager.com found.

    The down side is you have to allow cookies from the sites you visit frequently but you only have to do it once and IE7 will remember. There is a check box that says "Apply my decision to all cookies from this website" and then click on "allow cookie" and you will be fine.

    I think I get this nuisance from Yahoo. So if you go there, you will get boraged with cookie requests (first party) when you logon and you have to allow most of them or Yahoo won't let you in. I think this really applies to the third party cookies, however.

    Carol & Jim(y)
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/798586