I tried doing this yesterday but had a computer problem. This reply isn't as clear as I'd like, but do what you can. When through, rescan with HijackThis, attach new log.
Mbam clean.
For Tracking Cookies in SAS:
Reset Cookies:
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
Special Cookie handling:
ad.yieldmanager.com basic removal and prevention:
Ad.yieldmanager.com is a known adware site and should really not be included in your "Trusted Sites list" you can remove this entry from your Trusted Site list by going to:
Internet Options> Security tab> Trusted sites> Sites button>
A window will open with the trusted sites...allowing you to add or remove entries...
Remove the Ad.yieldmanager entry from the list.> OK> Apply> OK
Then go to Restricted Sites> Sites> type in the following:
*.ad.yieldmanager.com
Follow by clicking on Add> OK> Apply> OK
but it wants me to rebook to complete the process. I'd rather wait until I have cleaned everything off to reboot if it's ok. I know some of these nasties can reappear on reboot if not fully removed.
Reboot when told.
Update Java:
Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 12 ):
http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.
Remove the older versions of Java:
1. Click Start, Control Panel, Add/Remove Programs.
2. Delete all Java updates except J2SE Runtime Environment 6.0 Update 12
Update Adobe:
Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version v9:
https://www.techspot.com/downloads/2083-adobe-reader-dc.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat:
http://www.foxitsoftware.com/pdf/rd_intro.php
Uninstall many previous versions of the Adobe Reader.
To stop the Java QuickStarter:
Start> Run> services.msc> right click on the Java QuickStart> Properties> Change the Startup type to Disabled.
The above with handle some of the text files you mentioned. You do no need the Java or Adobe 02BHO Toolbars. But it looks like you shut down more than the Spybot teatimer. To do this:
SPYBOT TEATIMER
* Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
* On the left hand side, click on Tools, then click on the Resident Icon in the list.
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* Click on the "System Startup" icon in the List
* Uncheck the "TeaTimer" box and "OK" any prompts.
* If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
* Exit Spybot S&D when done.
* (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]
Remove bad HijackThis entries
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
NOTE: if you have set up a homepage to open with blank screen, okay to leave this entry. If not, it is malware.
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
To stop the automatic Java update checker, do this:
Control Panel> Java> Update tab> UNCHECK 'check auromatically for updates'> answer YES when asked to confirm.
You want to stop Malwarebytes and SAS from running on boot after you finish the initial scans: Check processes blow and remove entries from Startup menu using Start> Run> msconfig> enter> Selective Startup> startup tab> click on Apply> OK after unchecking.
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
NOTE: the first time you do a boot into Normal Mode, you will get a nag message that can be ignored and closed after checking 'don't show this message again.' Stay in Selective Startup.
C:\Program Files\NSNetMon\netmon.exe
netmon.exe is a process which is registered mass-mailing worm. "This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open its hostile attachment.\r" The worm has it's own SMTP mailing engine which means it gathers E-mails from your local computer and re-distributes itself. "In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.\r" This process is a security risk and should be removed from your system.\r
•
Close all open windows and browsers/email, etc...
• Click on the
"Fix Checked" button
• When completed, close the application.
Rescan with HijackThis and attach new log.
