Browser redirecting to "http://ad.yieldmanager.com/st%3Fad_typ

Welcome to Major Geeks!


Is the below registry setting something you recognize?

Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
• It will create a folder named HostsXpert in whatever folder you extract it to.
• Run HostsXpert.exe by double clicking on it.
• Click the Make Writeable? button.
• Click Restore Microsoft's Hosts File and then click OK.
• Click the X to exit the program

Also Click Start > Run and type in cmd

• Click OK.
• This will open a command prompt.
• Type or copy and paste the following line in the command window:
  ipconfig /flushdns
• Hit Enter
• Exit the command window

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After clicking Fix, exit HJT.


Delete the below file:
C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (LAPTOP-Ara Metjian).job



Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!



Now let's flush the Java Cache

• Click Start > Settings > Control Panel
• Double click the Java icon (be patient, it may take a while to open)
• Now click the General tab and under the Temporary Internet File area
• Click the Settings button and then click the Delete Files... button.
• In the next popup click OK.

If you have multiple Java plugin icons in Control Panel follow the above to clear all their caches.


Now let's flush the Internet Explorer Cache

• click Tools
• Internet Options
• Now on the General tab and click Delete Files and select Delete all Offline content too
• Click OK.
• When it finishes Click OK.

Now run Ccleaner!


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

They are not malware. The first came with your Dell PC ( I believe it is installed as "URL Assistant" ) and you can uninstall it if desired. You may wish to read this: http://www.gadgetizer.com/2006/02/10/is-dell-stealing-traffic/

And the second BHO is for Java.

Also not malware, but you can remove all them if you wish. Just be aware that if these are sites that you use, all the files related to those will have to be redownloaded when you access those sites and try to use the related features.

You will have to ask in the Software Forum or look within your program to see if it has an option to enable an disable the tray icon. Also make sure it is just not hidden from view.

Read the link given in step 1 of the READ & RUN ME.




Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome.

Then you did not finish my instructions which said to toggle System Restore.

Since Symantec rarely uninstalls properly, it may be a good idea for you to run the below just to be sure it is all gone:

Norton Removal Tool (SymNRT)

 

You're welcome.

No.

It is not a big deal but if you wish, you could just download the combofix.exe to your Desktop again and then run the removal instructions.

Yes we are extremely busy. The good word spread quickly on the internet.

 

You're welcme.

Don't uninstall IE7. You may as well keep it since it is somewhat more secure that IE6 which is what you will wind up with if IE7 is uninstalled. You need IE on your system. It is an integral part of Windows and without it many websites cannot be used properly including Microsoft to get updates.

 

Poor choice of wording. In the background would mean you have it running but are not actively using it. What I believe you mean is what I said, just keep it installed and only use it when necessary.

New PC questions belong in a new thread and can only be answered there. If having problems, run the READ & RUN ME.

Please post in the Software Forum about your problems with IE7.

 

Why do you want to run the READ & RUN ME on your PC again? I already requested that you toggle system restore back in msg # 6.

 

Start a new thread for this PC.

Major Attitude's thread is not up to date with the current version of CCleaner. DO NOT use it to control startups.

 

No it does not matter. It is just something that I personally prefer a user to do after disabling SR. The restore points are supposed to be gone as soon as SR is disabled.

Things in SR do not come back on their own. You have to use SR to restore from an infected restore point and then the malware could return. Restore points need to be deleted so that at some later point in time you do not restore from an infection restore point.