Needing Help Removing Ad.Yieldmanager Malware

[torreattack]

Hi sls0463 :

1. remove program
Some of the following programs are outdated, useless or not recommended to keep. Please uninstall them.

• Click start>> Control Panel >> Under Programs, click on Uninstall a program.
• Locate the following program(s):
  

  Adobe Reader 9.3.3
  Java(TM) 6 Update 17
  Microsoft Security Essentials
  Java(TM) 6 Update 22

• Select the program above and click on Uninstall to uninstall it.

NOTE: Take extra care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


2. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop

• Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
• Copy the following text... do not include the quote box title "Quote'
  

  :OTL
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  IE - HKLM\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
  IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes,DefaultScope = {9D3676F2-C158-46AA-904C-C97C63544026}
  IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{9D3676F2-C158-46AA-904C-C97C63544026}: "URL" = http://findgala.com/?&uid=5618&q={searchTerms}
  IE - HKU\S-1-5-21-1057294972-859772879-3047662534-1001\..\SearchScopes\{C1B40DC2-6909-4C87-9F4A-8B87D13B16CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
  [2012/01/05 21:22:40 | 000,001,210 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\search.xml
  [2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\9a6wlzdk.default\searchplugins\Search_Results.xml
  [2012/07/27 19:16:29 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
  CHR - homepage: http://www.searchnu.com/406
  CHR - default_search_provider: Search Results ()
  CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=287&systemid=406&sr=0&q={searchTerms}
  CHR - homepage: http://www.searchnu.com/406
  O1 - Hosts: 93.115.241.28 www.google-analytics.com.
  O1 - Hosts: 93.115.241.28 ad-emea.doubleclick.net.
  O1 - Hosts: 93.115.241.28 www.statcounter.com.
  O1 - Hosts: 69.72.252.254 www.google-analytics.com.
  O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
  O1 - Hosts: 69.72.252.254 www.statcounter.com.
  O4 - HKLM..\Run: [] File not found
  O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
  O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
  O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
  O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
  O16 - DPF: Web-Based Email Tools http://email00.secureserver.net/Download.CAB (Reg Error: Key error.)
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [EmptyTemp]
  [ResetHosts]
  [CreateRestorePoint]

• Click under the Custom Scan/Fixes box and paste the copied text.
• Click the Run Fix button. If prompted... click OK.
• When the scan completes, Notepad will open with the scan results.
• Please post the contents of report in your next reply.

note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


3. SystemLook
Please download SystemLook from one of the links below, and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook_x64.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  *Fun4IM*
  *Bandoo*
  *Searchqu*
  *iLivid*
  *whitesmoke*
  *datamngr*
  *trolltech*
  
  :folderfind
  *Fun4IM*
  *Bandoo*
  *Searchqu*
  *iLivid*
  *whitesmoke*
  *datamngr*
  *trolltech*
  
  :Regfind
  Fun4IM
  Bandoo
  Searchqu
  iLivid
  whitesmoke
  datamngr
  kelkoopartners
  trolltech

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
This scan can take some time to run so please be patient.



4. Do you know these folder?
C:\Users\Shawn\AppData\Local\{11d5d328-f14f-7572-15b5-f747154d7971}\@
C:\Users\Shawn\AppData\Local\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n
C:\ProgramData\2uk67pt227ow1c80w8mf060k0iqg3xc1pex7kb5n

Thanks,
torreattack