NOTE to tw0rld: I was up early and thought I'd give you a hand. Please feel free to make any changes- additions, deletions or other to my review of the logs.
If Malwarebytes can't remove it,
It's not a question of "can't". It's a matter of the user not checking to have the malware removed. running another program isn't an issue here- running Malwarebytes correctly is the issue.
What is strange though is that the new log doesn't even show these infections at all- present or removed.
Have SAS remove the tracking Cookies. See image here:
http://screenshots.en.softonic.com/en/scrn/50000/50803/3_antispy4.jpg
For adyieldmanager: Ad.yieldmanager.com is a known adware site and should t be included in your "Restricted Sites list". It will place itself in Trusted Sites and can be removed from there and added to Restricted:
Internet Options> Security tab> Trusted sites> Sites button> A window will open with the trusted sites...allowing you to add or remove entries...> Remove the Ad.yieldmanager entry from the list if there> Go to the Restricted Sites> Sites and Add it there> OK> Apply> OK..
To reset the Cookies:
Reset Cookies: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
Update Java: Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ):
http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.
Per Step 1 in the cleaning, you must
disable Realtime Protetion:
Spybot S&D (Teatimer)
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Please reopen HijackThis and scan. Check the following processes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Filter hijack: text/html - {bbfe3fa7-2bc9-459c-9487-f2093086f59b} - C:\WINDOWS\system32\msziptools.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
The following sites are known for adware. I advise removing them:
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) -
http://coolsavings.coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) -
http://offers.e-centives.com/cif/download/bin/actxcab.cab
Now close all windows other than HiJackThis, then click
Fix Checked. Close HiJackThis and reboot into Safe Mode:
Start> Run> type in 'msconfig' without quotes> Enter> Selective Startup> Startup tab> UNCHECK everything except the antivirus, firewall, touchpad if laptop> Apply> OK
NOTE: this includes any reference to MSZipTools which is a Trojan ad-clicker)
Control Panel> Add/Remove Programs> uninstall the flowing if present:
Any Java EXCEPT v6u10
MSXZiupTools
Smart Cource or 'Coupons'
Offers, Incentives
Please look at the installed programs list. If there are any you do not use, uninstall them. If you are not sure what it does, include the name with the next log.
Right click on Start> explore> Windows> System32> delete the following if found:
msziptools.dll
Reboot into Normal Mode> you will get a nag message which you can ignore after checking 'don't show this message again'. Stay i Seelctive Startup.
Run HijackThis again and attach log.