Post #1
My computer has the ad.yieldmanager problem. When I go my Yahoo mail account and sign in, I get redirected to another site. It only happens once I sign in to My Mail account.
Unfortunately, it just says Internet Explorer cannot open this site. I have now blocked this URL.
I have Norton’s and Avast AV programs plus Sygate firewall and use Adaware. None of them flagged ad.yieldmanager. They are automatically updated as well as XP SP2. I have read the forums about this and have used: Spybot, Spysweeper, Xoft Spy, Norton, Avast, Adaware, AVG and a few other programs as recommended on this site. They do not pick this up. I ran them also in safe mode. Nothing improved. Symantec even did a remote check of my harddrive and could not find anything. I only have this problem when I log into my mail account, no where else. Here is my HiJackThis report. I would appreciate some help in taking care of this as I can no longer get my email. Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:13 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SYSTEM TOOLS\Lavasoft\Ad-Aware SE Personal\aawservice.exe
C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\SYSTEM~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CD and DVD Makers\CyberLink Powder DVD 7\PDVDServ.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MISC\WeatherBug\WeatherBug\Weather.exe
C:\PROGRA~1\GRAPHICS\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\HARDWARE\Fax\WINFAX\WFXCTL32.EXE
C:\PROGRA~1\GRAPHICS\WebShots\Webshots\Webshots.scr
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SYSTEM~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SYSTEM~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\HARDWARE\Fax\WINFAX\WFXMOD32.EXE
C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SYSTEM TOOLS\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\INTERNET TOOLS\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https:/www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\INTERN~2\COPERN~2\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\SYSTEM TOOLS\Haute Secure\CtBho.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\HARDWARE\All In One\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\INTERNET TOOLS\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\HARDWARE\All In One\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\SYSTEM TOOLS\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\COMPAQ and HP and DELL\COMPAQ\COMPAQ\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] "C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\SYSTEM~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\Program Files\COMMUNICATIONS\ALLTEL DSL Check-up Center\ALLTEL DSL Check-up Center\bin\MotiveSB.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\SYSTEM TOOLS\Norton Systemworks\osCheck.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CD and DVD Makers\CyberLink Powder DVD 7\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CD and DVD Makers\CyberLink Powder DVD 7\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINDOWS\system32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\SYSTEM TOOLS\Norton Systemworks\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\MISC\WeatherBug\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\GRAPHICS\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE" /FU "C:\WINDOWS\TEMP\E_SE7.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\RunOnce: [*LogMeInRescue_552069356] "C:\WINDOWS\LMI5.tmp\lmi_rescue.exe" -runonce -gui (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [*LogMeInRescue_552069356] "C:\WINDOWS\LMI5.tmp\lmi_rescue.exe" -runonce -gui (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\GRAPHICS\WebShots\Webshots\Launcher.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\HARDWARE\Fax\WINFAX\WFXCTL32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\INTERNET TOOLS\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\INTERN~2\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\INTERN~2\COPERN~2\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\SYSTEM TOOLS\Norton Systemworks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\SYSTEM TOOLS\Norton Systemworks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\INTERN~2\COPERN~2\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\SYSTEM TOOLS\Lavasoft\Ad-Aware SE Personal\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\SYSTEM TOOLS\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\SYSTEM TOOLS\Norton Systemworks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\SYSTEM~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\SYSTEM~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax Basic Edition (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
--
End of file - 11818 bytes