Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IS THIS AN INFECTION: Sorry, we couldn't find http://ad.yieldmanager.com/st%3Fad_type. Here are some related websites:


  • Please log in to reply
19 replies to this topic

#1 mrboyertown

mrboyertown

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 03 April 2009 - 07:25 PM

When I am on the iternet I get this message when i am on yahoo or walmart websites. As soon as I go to these websites i immediately and automatically get redirected to a google search results page (google is my home page) and on the top of the page the message Sorry, we couldn't find <http://ad.yieldmanager.com/st%3Fad_type>. Here are some related websites: is always there. I've run spybot search and destroy, ad-aware, and symantec anti-virus with all recent updates and they can't find anything. I've also tried running the search all files and folders option to try and find any folders with yieldmanager in it but have come up with nothing. Please help.....it is driving me crazy. And if you have any suggestions to any other anti-virus or spyware software I should be running along with what I already have, to keep this problem from happening again would be greatly appreciated. Thank you.
I posted this problem on the virus and malware forum on this website but no one seems to be contacting me. It has been a few days and am looking for some direction. :thumbsup:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 03 April 2009 - 09:16 PM

Hello and welcome .. Yes these are spywares.

Please download Malwarebytes Anti-Malware (v1.35) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mrboyertown

mrboyertown
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 04 April 2009 - 10:49 AM

Thanks for the quick reply. I saved and ran the malware bytes and it found two infections. My computer needed to reboot to complete the disinfection process. When my computer rebooted it seemed to load much slower.....at least it seemed to boot slower. Here is my log that you requested:
Malwarebytes' Anti-Malware 1.35
Database version: 1939
Windows 5.1.2600 Service Pack 3

4/4/2009 11:40:02 AM
mbam-log-2009-04-04 (11-40-02).txt

Scan type: Quick Scan
Objects scanned: 83776
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Edited by mrboyertown, 04 April 2009 - 10:49 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 04 April 2009 - 11:09 AM

Possibly just the registry be updated after the scan.. but let's run 2 more tools and clean somethings out.

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mrboyertown

mrboyertown
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 04 April 2009 - 09:06 PM

I followed all of your instructions with regards to downloading and running the programs you wanted me to. After completeing your instructions I rebooted into normal mode and when going onto the walmart website (which is the website where i most frequently run into this problem) after a few seconds I was again redirected to a google search results page with the message....Sorry, we couldn't find http://ad.yieldmanager.com/st%3Fad_type. Here are some related websites: at the top of the page. I also notice when restarting my computer when it is still in the middle of loading up, a windows installer dialog box pops up that says preparing to install for a few moments, than it goes away. I dont know if this has anything to do with the problem or not. Here is the log you requested from Super Antispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/04/2009 at 09:52 PM

Application Version : 4.26.1000

Core Rules Database Version : 3829
Trace Rules Database Version: 1785

Scan type : Complete Scan
Total Scan Time : 00:43:36

Memory items scanned : 243
Memory threats detected : 0
Registry items scanned : 6793
Registry threats detected : 0
File items scanned : 28643
File threats detected : 0

It said that it didn't find any problems. Any other suggestions? And thanks for all your time and help so far.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 04 April 2009 - 10:42 PM

Hello, if that installer item doesn't go away remind me,thanks.

Let's check 2 more items.

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.


Now run part 1 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mrboyertown

mrboyertown
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 05 April 2009 - 06:53 AM

Downloaded an ran both programs as you instructed and here is what I came up with.
Gooredfix:
GooredFix v1.92 by jpshortstuff
Log created at 07:39 on 05/04/2009 running Option #1 (Mark Richards)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

SmitFraud:
SmitFraudFix v2.406

Scan done at 7:41:39.10, Sun 04/05/2009
Run from C:\Documents and Settings\Mark Richards\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\MotorolaDAP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\AOL\1170410798\ee\AOLSoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mark Richards\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mark Richards


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARKRI~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mark Richards\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARKRI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.64.146
DNS Server Search Order: 68.87.75.194
DNS Server Search Order: 68.87.71.226

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4F02842D-4496-4492-8084-F52100F4B0B7}: DhcpNameServer=68.87.64.146 68.87.75.194 68.87.71.226
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4F02842D-4496-4492-8084-F52100F4B0B7}: DhcpNameServer=68.87.64.146 68.87.75.194 68.87.71.226
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194 68.87.71.226
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194 68.87.71.226


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

When running the SmitFraud program, at the end, a dialog box appeared saying: Process Blocked - Ad-Watch Live! has blocked the process 404fix.exe(3080) from starting on your system. The process has been identified as Win32.Worm.LovGate.....before i could copy down the rest of what it said the dialog box disappeared but there wasn't much left to copy down. I do have Ad-Aware loaded onto my computer but Im not sure if I should run the SmitFraud without Ad-Aware on my computer. I'll wait to here from you to see what you think. And if you want me to run SmitFraud without Ad-Aware should I totally uninstall it from my computer or is there away to just turn it off while I'm using SmitFraud. Thanks Again.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 05 April 2009 - 11:46 AM

OK let's run the Cleaner for S!Ri's SmitfraudFix and are you running FireFox browser?

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 mrboyertown

mrboyertown
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 05 April 2009 - 01:19 PM

No I am not running FireFox Browser. I run internet explorer i think it's 7.0. I ran smitfraud as you requested in safemode. Here are my results:
SmitFraudFix v2.406

Scan done at 14:00:24.06, Sun 04/05/2009
Run from C:\Documents and Settings\Mark Richards\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4F02842D-4496-4492-8084-F52100F4B0B7}: DhcpNameServer=68.87.64.146 68.87.75.194 68.87.71.226
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4F02842D-4496-4492-8084-F52100F4B0B7}: DhcpNameServer=68.87.64.146 68.87.75.194 68.87.71.226
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194 68.87.71.226
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194 68.87.71.226


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

After running the smitfraud in safemode i restarted back into normal mode. When the computer was loading the windows installer dialog box appeared again for a few seconds and then dissapeared. My Super Anti-spyware also notified me that my web homepage was trying to change. I blocked the change but im not sure if cleaning with the smitfraud was responsible for this or maybe part of the problem. I also couldn't find the rapport.txt file icon on my desktop I had to use the search utility to find it.(once again, not sure if this is a symptom of the problem or not, but just trying to be thorough in my details of what is going on with my computer)I am also still experiencing the browser redirect problem when going onto walmart and yahoo websites. Thanks again...... I also just noticed that my time display in the sys tray is in military time now ie..14:20.

Edited by mrboyertown, 05 April 2009 - 01:26 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:55 PM

Posted 06 April 2009 - 06:54 PM

Hi mrb, yes the chande was SmitfraudFix trying ti resyore defaults. Ok that you stopped that. You still have redirects so we need to do this. We are going to swap your hosts file..
Tell if we still have redirects.

Download hosts.zip and extract (unzip) to its own folder C:\hosts
(Click here for information on how to do this if not sure.)
You can read more about what we are doing here.

Open up the hosts folder and double-click on the mvps.bat file.
The script will rename your present HOSTS file to HOSTS.MVP and copy the new HOSTS file to the correct location on your system. Here are the MVPS HOSTS File Install Instructions with graphics if you need them..


Now Rerun MBAM like this

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 mrboyertown

mrboyertown
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 07 April 2009 - 04:07 AM

Okay so I did everything you instructed me to....Ran the hosts.zip and re-ran malware bytes. Here is the log:
Logfile created: 4/7/2009 4:31:58
Lavasoft Ad-Aware version: 8.0.3
Extended engine version: 8.1
User performing scan: Mark Richards

*********************** Definitions database information ***********************
Lavasoft definition file: 148.4
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 40592
Objects detected: 8


Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 6
Browser hijacks.: 0
MRU objects.....: 0



Skipped items:
Description: sfsync03 Family Name: unknown Clean status: Success Item ID: 0 Family ID: 0

Removed items:
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *247realmedia* Family Name: Cookies Clean status: Failed Item ID: 408945 Family ID: 0
Description: *realmedia* Family Name: Cookies Clean status: Failed Item ID: 409139 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *bizrate.co* Family Name: Cookies Clean status: Success Item ID: 409154 Family ID: 0
Description: *tacoda* Family Name: Cookies Clean status: Success Item ID: 409123 Family ID: 0

Quarantined items:
Description: C:\Documents and Settings\Mark Richards\Desktop\SmitfraudFix\VACFix.exe Family Name: Win32.Trojan.Spy Clean status: Success Item ID: 556307 Family ID: 983

Scan and cleaning complete: Finished correctly after 68 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Sat Mar 07 06:41:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Sat Mar 07 06:41:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: MARK
Processor name: Intel® Pentium® D CPU 3.00GHz
Processor identifier: x86 Family 15 Model 6 Stepping 4
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1540, number of processors 2
Physical memory available: 1388892160 bytes
Physical memory total: 2145472512 bytes
Virtual memory available: 2004553728 bytes
Virtual memory total: 2147352576 bytes
Memory load: 35%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 744 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 800 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 824 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 868 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 880 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1076 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1124 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1220 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1252 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1444 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1564 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1676 name: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1792 name: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1800 name: C:\WINDOWS\Explorer.EXE owner: Mark Richards domain: MARK
PID: 184 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1424 name: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1360 name: C:\Program Files\Symantec AntiVirus\DefWatch.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1516 name: C:\WINDOWS\System32\GEARSec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1588 name: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1616 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1736 name: C:\WINDOWS\system32\MotorolaDAP.exe owner: SYSTEM domain: NT AUTHORITY
PID: 260 name: C:\Program Files\Norton Ghost\Agent\VProSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 476 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 512 name: C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 792 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 160 name: C:\Program Files\Symantec AntiVirus\Rtvscan.exe owner: SYSTEM domain: NT AUTHORITY
PID: 304 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1464 name: C:\WINDOWS\wanmpsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2684 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2716 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3124 name: C:\WINDOWS\stsystra.exe owner: Mark Richards domain: MARK
PID: 3256 name: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe owner: Mark Richards domain: MARK
PID: 3264 name: C:\Program Files\Dell\Media Experience\DMXLauncher.exe owner: Mark Richards domain: MARK
PID: 3272 name: C:\Program Files\Real\RealPlayer\RealPlay.exe owner: Mark Richards domain: MARK
PID: 3292 name: C:\Program Files\Common Files\Symantec Shared\ccApp.exe owner: Mark Richards domain: MARK
PID: 3312 name: C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe owner: Mark Richards domain: MARK
PID: 3328 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: Mark Richards domain: MARK
PID: 3336 name: C:\WINDOWS\System32\DLA\DLACTRLW.EXE owner: Mark Richards domain: MARK
PID: 3364 name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe owner: Mark Richards domain: MARK
PID: 3384 name: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe owner: Mark Richards domain: MARK
PID: 3416 name: C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe owner: Mark Richards domain: MARK
PID: 3688 name: C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe owner: Mark Richards domain: MARK
PID: 3708 name: C:\PROGRA~1\SYMANT~1\VPTray.exe owner: Mark Richards domain: MARK
PID: 3816 name: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe owner: Mark Richards domain: MARK
PID: 3820 name: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe owner: Mark Richards domain: MARK
PID: 3832 name: C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe owner: Mark Richards domain: MARK
PID: 3872 name: C:\Program Files\Support.com\bin\tgcmd.exe owner: Mark Richards domain: MARK
PID: 3904 name: C:\Program Files\Common Files\AOL\1170410798\ee\AOLSoftware.exe owner: Mark Richards domain: MARK
PID: 4004 name: C:\Program Files\Norton Ghost\Agent\GhostTray.exe owner: Mark Richards domain: MARK
PID: 4024 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Mark Richards domain: MARK
PID: 4056 name: C:\Program Files\Messenger\msmsgs.exe owner: Mark Richards domain: MARK
PID: 4072 name: C:\WINDOWS\system32\ctfmon.exe owner: Mark Richards domain: MARK
PID: 364 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Mark Richards domain: MARK
PID: 408 name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe owner: Mark Richards domain: MARK
PID: 3280 name: C:\Program Files\Digital Line Detect\DLG.exe owner: Mark Richards domain: MARK
PID: 3580 name: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe owner: Mark Richards domain: MARK
PID: 1480 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3552 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Mark Richards domain: MARK
PID: 592 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3632 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Mark Richards domain: MARK

Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: SigmatelSysTrayApp
imagepath: stsystra.exe
Name: IAAnotif
imagepath: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
Name: DMXLauncher
imagepath: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
Name: RealTray
imagepath: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: ccApp
imagepath: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Name: MimBoot
imagepath: C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
Name: MMTray
imagepath: "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
Name: ISUSPM Startup
imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
Name: ISUSScheduler
imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Name:
Name: DLA
imagepath: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
Name: Google Desktop Search
imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Name: Corel Photo Downloader
imagepath: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
Name: MSKDetectorExe
imagepath: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
Name: vptray
imagepath: C:\PROGRA~1\SYMANT~1\VPTray.exe
Name: Acrobat Assistant 7.0
imagepath: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Name: tgcmd
imagepath: C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
Name: HostManager
imagepath: C:\Program Files\Common Files\AOL\1170410798\ee\AOLSoftware.exe
Name: KernelFaultCheck
imagepath: %systemroot%\system32\dumprep 0 -k
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Norton Ghost 10.0
imagepath: "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
imagepath: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
imagepath: C:\Program Files\America Online 9.0\aoltray.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
imagepath: C:\Program Files\Digital Line Detect\DLG.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
imagepath: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AOL ACS
displayname: AOL Connectivity Service
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: ccEvtMgr
displayname: Symantec Event Manager
Name: ccSetMgr
displayname: Symantec Settings Manager
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: DefWatch
displayname: Symantec AntiVirus Definition Watcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: GEARSecurity
displayname: GEARSecurity
Name: helpsvc
displayname: Help and Support
Name: IAANTMon
displayname: Intel® Matrix Storage Event Monitor
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MotorolaDAP
displayname: Motorola Digital Audio Player Manager
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: Norton Ghost
displayname: Norton Ghost
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: QBCFMonitorService
displayname: QBCFMonitorService
Name: RasMan
displayname: Remote Access Connection Manager
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: Symantec AntiVirus
displayname: Symantec AntiVirus
Name: Symantec Core LC
displayname: Symantec Core LC
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: w32time
displayname: Windows Time
Name: WANMiniportService
displayname: WAN Miniport (ATW) Service
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: WZCSVC
displayname: Wireless Zero Configuration

It didn't seem to find any infections. So i restarted my computer and when doing this as windows was closing down I had a dialog box appear saying Ending Program - ShellIcon Hidden Window - not really sure what that was about. Then the window closed and the computer completed the restart with the usual windows installer dialog box appearing during the start up for a few seconds as it has been lately. Then I logged onto the internet and went to the walmart website via google. When reaching walmarts homepage there was no browser redirect with ad.yieldmanager popping up.....great i thougt problem fixed.....but then when i clicked on one of the options (ie. house furniture) I was then redirected again as before to a google search results page with this at the top: [i]Sorry, we couldn't find http://fls.doubleclick.net/activityi%3Bsrc. Here are some related websites:[/i] I also updated and ran my adaware and it actually found some malware and trojans here is the log for that if it is of any help:
Logfile created: 4/7/2009 4:31:58
Lavasoft Ad-Aware version: 8.0.3
Extended engine version: 8.1
User performing scan: Mark Richards

*********************** Definitions database information ***********************
Lavasoft definition file: 148.4
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 40592
Objects detected: 8


Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 6
Browser hijacks.: 0
MRU objects.....: 0



Skipped items:
Description: sfsync03 Family Name: unknown Clean status: Success Item ID: 0 Family ID: 0

Removed items:
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *247realmedia* Family Name: Cookies Clean status: Failed Item ID: 408945 Family ID: 0
Description: *realmedia* Family Name: Cookies Clean status: Failed Item ID: 409139 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *bizrate.co* Family Name: Cookies Clean status: Success Item ID: 409154 Family ID: 0
Description: *tacoda* Family Name: Cookies Clean status: Success Item ID: 409123 Family ID: 0

Quarantined items:
Description: C:\Documents and Settings\Mark Richards\Desktop\SmitfraudFix\VACFix.exe Family Name: Win32.Trojan.Spy Clean status: Success Item ID: 556307 Family ID: 983

Scan and cleaning complete: Finished correctly after 68 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Sat Mar 07 06:41:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Sat Mar 07 06:41:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: MARK
Processor name: Intel® Pentium® D CPU 3.00GHz
Processor identifier: x86 Family 15 Model 6 Stepping 4
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1540, number of processors 2
Physical memory available: 1388892160 bytes
Physical memory total: 2145472512 bytes
Virtual memory available: 2004553728 bytes
Virtual memory total: 2147352576 bytes
Memory load: 35%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 744 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 800 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 824 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 868 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 880 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1076 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1124 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1220 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1252 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1444 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1564 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1676 name: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1792 name: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1800 name: C:\WINDOWS\Explorer.EXE owner: Mark Richards domain: MARK
PID: 184 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1424 name: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1360 name: C:\Program Files\Symantec AntiVirus\DefWatch.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1516 name: C:\WINDOWS\System32\GEARSec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1588 name: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1616 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1736 name: C:\WINDOWS\system32\MotorolaDAP.exe owner: SYSTEM domain: NT AUTHORITY
PID: 260 name: C:\Program Files\Norton Ghost\Agent\VProSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 476 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 512 name: C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 792 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 160 name: C:\Program Files\Symantec AntiVirus\Rtvscan.exe owner: SYSTEM domain: NT AUTHORITY
PID: 304 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1464 name: C:\WINDOWS\wanmpsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2684 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2716 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3124 name: C:\WINDOWS\stsystra.exe owner: Mark Richards domain: MARK
PID: 3256 name: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe owner: Mark Richards domain: MARK
PID: 3264 name: C:\Program Files\Dell\Media Experience\DMXLauncher.exe owner: Mark Richards domain: MARK
PID: 3272 name: C:\Program Files\Real\RealPlayer\RealPlay.exe owner: Mark Richards domain: MARK
PID: 3292 name: C:\Program Files\Common Files\Symantec Shared\ccApp.exe owner: Mark Richards domain: MARK
PID: 3312 name: C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe owner: Mark Richards domain: MARK
PID: 3328 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: Mark Richards domain: MARK
PID: 3336 name: C:\WINDOWS\System32\DLA\DLACTRLW.EXE owner: Mark Richards domain: MARK
PID: 3364 name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe owner: Mark Richards domain: MARK
PID: 3384 name: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe owner: Mark Richards domain: MARK
PID: 3416 name: C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe owner: Mark Richards domain: MARK
PID: 3688 name: C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe owner: Mark Richards domain: MARK
PID: 3708 name: C:\PROGRA~1\SYMANT~1\VPTray.exe owner: Mark Richards domain: MARK
PID: 3816 name: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe owner: Mark Richards domain: MARK
PID: 3820 name: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe owner: Mark Richards domain: MARK
PID: 3832 name: C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe owner: Mark Richards domain: MARK
PID: 3872 name: C:\Program Files\Support.com\bin\tgcmd.exe owner: Mark Richards domain: MARK
PID: 3904 name: C:\Program Files\Common Files\AOL\1170410798\ee\AOLSoftware.exe owner: Mark Richards domain: MARK
PID: 4004 name: C:\Program Files\Norton Ghost\Agent\GhostTray.exe owner: Mark Richards domain: MARK
PID: 4024 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Mark Richards domain: MARK
PID: 4056 name: C:\Program Files\Messenger\msmsgs.exe owner: Mark Richards domain: MARK
PID: 4072 name: C:\WINDOWS\system32\ctfmon.exe owner: Mark Richards domain: MARK
PID: 364 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Mark Richards domain: MARK
PID: 408 name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe owner: Mark Richards domain: MARK
PID: 3280 name: C:\Program Files\Digital Line Detect\DLG.exe owner: Mark Richards domain: MARK
PID: 3580 name: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe owner: Mark Richards domain: MARK
PID: 1480 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3552 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Mark Richards domain: MARK
PID: 592 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3632 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Mark Richards domain: MARK

Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: SigmatelSysTrayApp
imagepath: stsystra.exe
Name: IAAnotif
imagepath: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
Name: DMXLauncher
imagepath: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
Name: RealTray
imagepath: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: ccApp
imagepath: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Name: MimBoot
imagepath: C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
Name: MMTray
imagepath: "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
Name: ISUSPM Startup
imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
Name: ISUSScheduler
imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Name:
Name: DLA
imagepath: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
Name: Google Desktop Search
imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Name: Corel Photo Downloader
imagepath: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
Name: MSKDetectorExe
imagepath: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
Name: vptray
imagepath: C:\PROGRA~1\SYMANT~1\VPTray.exe
Name: Acrobat Assistant 7.0
imagepath: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Name: tgcmd
imagepath: C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
Name: HostManager
imagepath: C:\Program Files\Common Files\AOL\1170410798\ee\AOLSoftware.exe
Name: KernelFaultCheck
imagepath: %systemroot%\system32\dumprep 0 -k
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Norton Ghost 10.0
imagepath: "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
imagepath: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
imagepath: C:\Program Files\America Online 9.0\aoltray.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
imagepath: C:\Program Files\Digital Line Detect\DLG.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
imagepath: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AOL ACS
displayname: AOL Connectivity Service
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: ccEvtMgr
displayname: Symantec Event Manager
Name: ccSetMgr
displayname: Symantec Settings Manager
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: DefWatch
displayname: Symantec AntiVirus Definition Watcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: GEARSecurity
displayname: GEARSecurity
Name: helpsvc
displayname: Help and Support
Name: IAANTMon
displayname: Intel® Matrix Storage Event Monitor
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MotorolaDAP
displayname: Motorola Digital Audio Player Manager
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: Norton Ghost
displayname: Norton Ghost
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: QBCFMonitorService
displayname: QBCFMonitorService
Name: RasMan
displayname: Remote Access Connection Manager
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: Symantec AntiVirus
displayname: Symantec AntiVirus
Name: Symantec Core LC
displayname: Symantec Core LC
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: w32time
displayname: Windows Time
Name: WANMiniportService
displayname: WAN Miniport (ATW) Service
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: WZCSVC
displayname: Wireless Zero Configuration

Adaware then told me to reboot my computer to completely remove these infections and when I did a screen popped up during reboot that said: Boot Cleaner and that this boot cleaner was removing the smitfraud.exe file and some other file but the screen disappeared before I could see the name of the file. I hope I didn't do anything to mess up what we've been trying to do. Please let me know. It seems we've gotten rid of the ad.yieldmanager redirect as far as i can tell but now i have this new redirect. Sorry if Im making your job harder by running adaware with out your instruction to do so. If you need any other information on what is happening just let me know. I will be home from work around 5:30.....what's next?

Edited by mrboyertown, 07 April 2009 - 04:08 AM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:55 PM

Posted 07 April 2009 - 09:45 AM

boopme asked for a new MBAM log after rescanning. Please post that log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 mrboyertown

mrboyertown
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 07 April 2009 - 04:24 PM

Sorry I must have accidentally posted my adaware log twice. I've also been getting this browser redirect message when I am on the "cnbc.com" website....Sorry, we couldn't find hxxp://view.atdmt.com/APM/iview/108958984/...i.90/01%3Fclick. Here are some related websites: The problem seems to be getting worse and i have only been going to a few trusted websites since the problem has started. I'm afraid soon I wont be able to log onto this website to find out what to do and this is the only computer I have access to.

Here is my latest Malwarebyte log as you requested:
Malwarebytes' Anti-Malware 1.36
Database version: 1949
Windows 5.1.2600 Service Pack 3

4/7/2009 5:19:45 PM
mbam-log-2009-04-07 (17-19-45).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 173788
Time elapsed: 43 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Sorry it took so long for me to reply I have been at work.

Edited by quietman7, 08 April 2009 - 09:17 AM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:55 PM

Posted 08 April 2009 - 09:59 AM

I get this message when i am on yahoo or walmart websites...after a few seconds I was again redirected to a google search results page with the message....Sorry, we couldn't find hxxp://ad.yieldmanager.com/st%3Fad_type. Here are some related websites: at the top of the page

Ad.yieldmanager.com is a known adware site that adds cookies to track your personal information and browsing habits as you surf the web. Although it is used by some websites as part of their advertising, it is often blocked my various security tools/programs.

Why do I get a Google /Dell search page instead of a blocked ad?

If you are using a Dell computer, remove the URL Assistant (and Search Assistant) via Add/Remove Programs. The URL Assistant redirects you when ad frames are missing on some websites and this complaint is common among Dell users but its not a malware related issue.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 mrboyertown

mrboyertown
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 08 April 2009 - 03:15 PM

Hey thanks for the info. Are you saying then that these browser redirect problems are not really infections but just these two programs interfering with my searches.... and if so why haven't I had problems like this before? Have the URL Assistant and Search Assistant been loaded without my knowledge from a website that I might have visited? Im just curious as to what exactly these programs are that I will be removing. Could you give me anymore information on them. Are these programs anything that i will need in the future for anything? Or are they irrelavent programs that just cause trouble and are perfectly okay to delete. I don't know much about computers and Im just a little nervous of removing programs when Im not sure exactly what they do. I'll be stepping out for a few hours but I'll wait to hear from you before I remove any of the programs. Thanks again for your help and time. I think it's really great what you guys (and girls) have going on here with this website. It's a true life saver for computer novices and experts alike.

Edited by mrboyertown, 08 April 2009 - 03:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users