9 replies to this topic

[CHIEF WhO3 6302]

I've edited this twice, adding content and trying to be as helpful as possible. Please respond, anyone...

I'm looking for help, and have now spent a quite few hours reading the pinned posts and found for myself the beginning user advice (this is my first bulletin board experience). I also found that I could edit this log and I'm hoping this edit doesn't "bump" my log.
I have run updates on Windows XP SP2 and MS Office (SP3 now).
I am a Yahoo Verizon DSL user with their Norton Protection Center and Norton Security Online running.
I tried Adaware and Spybot S&D and then removed them and BOUGHT and installed Webroot Spy Sweeper... but I still have bogus antivirus popups that have redirected my IE homepage to their sites.
I did a lot of reading during my 3 week-long battle with this malware and I am getting sick of it. When I found What the Tech, my hopes soared!!
I am trying to follow directions in order to be a "good patient" and not waste anyone's time so I do everything as directed by " Before Posting A Hijackthis Log "self Help", For Windows 2000 and XP Versions."
Here is my HJT log and my AVG Anti-Spyware - Scan Report:

Logfile of HijackThis v1.99.1
Scan saved at 2:07:01 AM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWXP\System32\smss.exe
C:\WINDOWXP\system32\winlogon.exe
C:\WINDOWXP\system32\services.exe
C:\WINDOWXP\system32\lsass.exe
C:\WINDOWXP\system32\svchost.exe
C:\WINDOWXP\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWXP\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWXP\system32\nvsvc32.exe
C:\WINDOWXP\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWXP\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWXP\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wyleweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BDEX System - {5085333B-FD15-4754-A571-852F7077C5F2} - C:\WINDOWXP\dxpvqlmqng.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The ensfolr - {A037112F-183D-4E98-8CEA-1A0D93BA9F48} - C:\WINDOWXP\ensfolr.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWXP\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183898866781
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.wylelabs...perSetupSP1.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWXP\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWXP\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWXP\system32\WPDShServiceObj.dll
O21 - SSODL: bklgvsf - {EE2FB759-BE22-4D8C-BD1E-50B912C52EB0} - C:\WINDOWXP\bklgvsf.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWXP\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWXP\system32\YPCSER~1.EXE


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:44:53 AM 1/19/2008

+ Scan result:



C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010136.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010142.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010360.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010361.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010543.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010545.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP112\A0031255.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP80\A0010244.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP80\A0010257.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP80\A0010258.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010546.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010550.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP105\A0017770.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010117.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010121.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010122.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010123.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010124.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010125.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010127.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010129.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010133.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010140.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010143.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010149.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010344.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010348.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010349.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010350.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010351.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010357.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010366.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010367.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010371.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010372.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010373.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP83\A0010383.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010532.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010533.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010534.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010535.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010536.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010538.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010539.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010540.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010541.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010544.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010557.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAE.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp -> TrackingCookie.Addynamix : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> TrackingCookie.Addynamix : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB0.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> TrackingCookie.Euroclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> TrackingCookie.Hotlog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E7.tmp -> TrackingCookie.Liveperson : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.Liveperson : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq118.tmp -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBB.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> TrackingCookie.Revsci : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1EA.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1EB.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1EC.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1ED.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> TrackingCookie.Webtrends : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Webtrends : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

EDIT: Reformatted HJT log without word-wrap

Attached Files

•  Report_Scan_20080119_014453.txt   23.76KB   94 downloads
•  hijackthis.txt   7.44KB   158 downloads

Edited by silver, 20 January 2008 - 11:58 PM.

[silver]

Hi CHIEF_WhO3_6302,

When posting logs to the forum from Notepad, click Format and make sure Word Wrap is UNchecked - this gets rid of the extra line breaks which makes the logs hard to read.


Temporarily disable Spy Sweeper

• Open Spysweeper and click on Options->Program Options and uncheck Load at Windows Startup
• On the left side click Shields and then uncheck everything there
• Uncheck Home Page Shield
• Uncheck Automatically restore default without notification
• Exit the program

We will re-enable Spy Sweeper when your machine is clean.



Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
We need to boot into Safe Mode to use this tool so please don't run it yet.


Please print/save a copy of the following instructions because we will be using Safe Mode, during which time you won't have access to the internet.

Then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder (usually Start->My Computer->C:->SDFix and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).

Now open HijackThis, select Open the Misc Tools section
Press the Open Uninstall Manager... button, then press Save list...
Save the Uninstall log to your Desktop and include a copy in your next response.
Now press Back and Scan and then Save log to create and save a new HijackThis log.

Once complete, please post the SDFix report, the uninstall list and a new HijackThis log.

[CHIEF WhO3 6302]

Silver,
Thanks for the response and instructions. I have completed generating the report, list and log. Here they are:


SDFix: Version 1.129

Run by Chief on Mon 01/21/2008 at 05:38 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWXP\dat.txt - Deleted
C:\WINDOWXP\dxpvqlmqng.dll - Deleted
C:\WINDOWXP\foxflpd.exe - Deleted
C:\WINDOWXP\rs.txt - Deleted
C:\WINDOWXP\search_res.txt - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWXP
No streams found.

C:\WINDOWXP\system32
No streams found.

C:\WINDOWXP\system32\svchost.exe
No streams found.

C:\WINDOWXP\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 19:14:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWXP\\system32\\dpvsetup.exe"="C:\\WINDOWXP\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\JANES\\Fighters Anthology\\FA.EXE"="C:\\JANES\\Fighters Anthology\\FA.EXE:*:Enabled:Fighters Anthology Win95 Executable"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Gateway\\HPA\\gwmenu.exe"="C:\\Program Files\\Gateway\\HPA\\gwmenu.exe:*:Enabled:HPA/SCCD/SRCD New Code"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 19 Jan 2008 1,024 A..H. --- "C:\RECYCLER\S-1-5-21-1801674531-1035525444-725345543-1003\Dc6.sys"
Sat 19 Jan 2008 6,656 A..H. --- "C:\RECYCLER\S-1-5-21-1801674531-1035525444-725345543-1003\Dc7.exe"
Mon 27 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT1.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT10.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT11.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT12.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT14.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT15.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT16.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT18.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT19.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT1B.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT2.tmp"
Sat 5 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT20.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT23.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT3.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT4.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT77.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT8.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT9.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BITC.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BITD.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BITF.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT1.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT2.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT3.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT5.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT8.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BIT9.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BITB.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Local Settings\Temp\BITD.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\x.y-3F5168E301B\Application Data\U3\temp\Launchpad Removal.exe"
Mon 16 Jul 2007 24,646 ..SHR --- "C:\Documents and Settings\y.y-3F5168E301B\Local Settings\Temp\Juniper Networks\setup\NeoterisSetupApp.exe"

Finished!

uninstall_list.txt
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
AppCore
Apple Software Update
ArcSoft PhotoImpression 3.0
AV
AVG Anti-Spyware 7.5
Bejeweled 2 Deluxe
Belarc Advisor 7.2
ccCommon
Compare and Merge 2.3
Creative PCI Audio Drivers
Fighters Anthology
Garfield 9 Lives Screen Saver
Garfield Guide To Cats Screen Saver
Garfield Through the Years Screen Saver
Gateway Drivers and Applications Recovery
Gateway Multi-function Keyboard
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Imaging Device Functions 5.0
HP Photosmart Essential
HP PrecisionScan Pro 3.0
HP Solution Center & Imaging Support Tools 5.0
HP Update
Intel® PRO Ethernet Adapter and Software
Java™ 6 Update 3
JumpStart 3rd Grade v1.2
LiveUpdate 3.2 (Symantec Corporation)
Logitech SetPoint
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Picture It! Express 2.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSRedist
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NVIDIA Drivers
PrintMaster Premier 4.00
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SPBBC 32bit
Spy Sweeper
Spybot - Search & Destroy 1.4
SSH2Deluxe Screen Saver
System Requirements Lab
Twinkle Bulbs v6.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Verizon Yahoo! Applications
ViviCam 10 and 20
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WingMan Software
WinRAR archiver

Logfile of HijackThis v1.99.1
Scan saved at 7:24:37 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWXP\System32\smss.exe
C:\WINDOWXP\system32\winlogon.exe
C:\WINDOWXP\system32\services.exe
C:\WINDOWXP\system32\lsass.exe
C:\WINDOWXP\system32\svchost.exe
C:\WINDOWXP\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWXP\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWXP\system32\nvsvc32.exe
C:\WINDOWXP\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWXP\Explorer.EXE
C:\WINDOWXP\system32\notepad.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWXP\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWXP\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWXP\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183898866781
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.wylelabs...perSetupSP1.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWXP\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWXP\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWXP\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWXP\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWXP\system32\YPCSER~1.EXE

I hope this helps.
Respectfully,
Chief WhO3 6302

[silver]

Hi CHIEF_WhO3_6302,

Please open Start->Control Panel->Add/Remove Programs, look down the list for this and remove it:

Java™ 6 Update 3

This is out of date and now a security risk, you can get the latest update (version 6 update 4) from here

Make hidden/system files and folders visible:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK

Now use Windows Explorer (right-click Start, select Explore) to find and delete the following files:

C:\WINDOWXP\bklgvsf.dll
C:\WINDOWXP\ensfolr.dll

If one or both is not present that's fine but if you have trouble deleting either, please let me know in your next response.


Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Press OK and Yes to confirm


Then please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer

• Click Accept and the web scanner will begin to load
• If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
• You will be prompted to install an ActiveX component from Kaspersky, click Install
• If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT and then Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• The program will start to scan your system.
• Once the scan is complete, click on the Save as Text button and save the file to your desktop

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.


Once complete, please post the Kaspersky report along with a new HijackThis log.

[silver]

How are you getting on? If the instructions are unclear or something isn't working, please let me know before proceeding.

[CHIEF WhO3 6302]

Was out of town, away from computer. I will try it now.

Watched a movie while scanning... wife says there have been no pop-ups this week while I was gone, so it seems that things are much better than they've been for the last month.

Here are the results you requested...

Logfile of HijackThis v1.99.1
Scan saved at 9:12:46 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWXP\System32\smss.exe
C:\WINDOWXP\system32\winlogon.exe
C:\WINDOWXP\system32\services.exe
C:\WINDOWXP\system32\lsass.exe
C:\WINDOWXP\system32\svchost.exe
C:\WINDOWXP\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWXP\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWXP\system32\nvsvc32.exe
C:\WINDOWXP\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWXP\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWXP\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wyleweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWXP\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183898866781
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.wylelabs...perSetupSP1.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWXP\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWXP\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWXP\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWXP\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWXP\system32\YPCSER~1.EXE

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 25, 2008 9:09:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 532835
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 53986
Number of viruses found: 23
Number of infected objects: 48
Number of suspicious objects: 0
Duration of the scan process: 01:07:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\420950D7.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C1B88ABB.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Jim.JIM-3F5168E301B\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jim.JIM-3F5168E301B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jim.JIM-3F5168E301B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jim.JIM-3F5168E301B\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim.JIM-3F5168E301B\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jim.JIM-3F5168E301B\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim.JIM-3F5168E301B\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jim.JIM-3F5168E301B\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sam.JIM-3F5168E301B\My Documents\CursorManiaSetup2.2.60.4.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.av skipped
C:\Documents and Settings\Sam.JIM-3F5168E301B\My Documents\CursorManiaSetup2.2.60.4.exe CAB: infected - 1 skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20071119035520.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20071125025107.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq90.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq91.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA1.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA2.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA8.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA9.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAA.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAB.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAC.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB9.tmp Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP112\A0031254.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ws skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP118\A0035723.exe/data0018/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP118\A0035723.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP118\A0035723.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP118\A0035723.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP118\A0035723.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP127\change.log Object is locked skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP78\A0010138.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP82\A0010368.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010456.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010457.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010458.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010467.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010469.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010470.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010471.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010472.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010473.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010474.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010475.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010476.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010477.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010478.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010479.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010480.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010481.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010483.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010484.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010486.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010488.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010489.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010490.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010492.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010493.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010494.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010495.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010496.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010497.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010499.dll Infected: not-a-virus:AdWare.Win32.HotBar.ch skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010502.dll Infected: not-a-virus:AdWare.Win32.180Solutions.bl skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010510.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010510.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010510.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010517.dll Infected: not-a-virus:AdWare.Win32.Shopper.l skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010531.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0010552.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{BEA6A5F4-24DA-4A1D-BFC3-E2037A31C5B2}\RP85\A0015894.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\WINDOWXP\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWXP\SchedLgU.Txt Object is locked skipped
C:\WINDOWXP\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWXP\Sti_Trace.log Object is locked skipped
C:\WINDOWXP\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWXP\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWXP\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWXP\system32\config\default Object is locked skipped
C:\WINDOWXP\system32\config\default.LOG Object is locked skipped
C:\WINDOWXP\system32\config\Internet.evt Object is locked skipped
C:\WINDOWXP\system32\config\SAM Object is locked skipped
C:\WINDOWXP\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWXP\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWXP\system32\config\SECURITY Object is locked skipped
C:\WINDOWXP\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWXP\system32\config\software Object is locked skipped
C:\WINDOWXP\system32\config\software.LOG Object is locked skipped
C:\WINDOWXP\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWXP\system32\config\system Object is locked skipped
C:\WINDOWXP\system32\config\system.LOG Object is locked skipped
C:\WINDOWXP\system32\h323log.txt Object is locked skipped
C:\WINDOWXP\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWXP\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWXP\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWXP\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWXP\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWXP\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWXP\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWXP\wiadebug.log Object is locked skipped
C:\WINDOWXP\wiaservc.log Object is locked skipped
C:\WINDOWXP\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by CHIEF WhO3 6302, 25 January 2008 - 09:41 PM.

[silver]

Hi CHIEF_WhO3_6302,

I'm glad to hear things are running better, just one file to delete:

Please open My Documents and delete the file called CursorManiaSetup2.2.60.4.exe
If this file is not present please let me know.

You should now delete SDFix.exe from your Desktop, also delete this folder:

C:\SDFix

Re-hide hidden/system files and folders:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Do not show hidden files and folders
CHECK the Hide extensions for known file types option
CHECK the Hide protected operating system files (recommended) option
Press OK

Re-enable Spy Sweeper

• Open Spysweeper and click on Options > Program Options and check Load at Windows Startup
• On the left click Shields and then check everything there
• Check Home Page Shield
• Check Automatically restore default without notification
• Exit the program

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

At this stage I think your machine is clean of malware here are some tips to help you keep it that way:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule

You have good protection software installed however please ensure it is kept up to date. Check that your antivirus and antispyware programs are set to automatically update themselves daily, and that your firewall is the latest version.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.

[CHIEF WhO3 6302]

Silver, Did all as suggested and even installed WinPatrol and MVPS Hosts. This has been a learning experience. Thanks you so very much for your help with getting me back in shape. I wish you fair winds and following seas. Chief

[silver]

You're most welcome Best of luck!

[silver]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.