[g2i2r4]

Let's take them one at the time.

Open Spybot S&D
go to advanced mode.
go to settings
go to spybots

Uncheck these:
Lsp.New.net
MySearch
New.net
SideStep

Then run a scan. It should come up with mysearch items. Remove them.

[Advertisements]

Next, go to start - softwarepanel
choose 'classic view'
open java consol
on the tab general press the button delete temp files.
press OK.

[g2i2r4]

Next, go to start - softwarepanel
choose 'classic view'
open java consol
on the tab general press the button delete temp files.
press OK.

[g2i2r4]

Open firefox
Go to tools - option - privacy - clear cache

[DigiDayDreamer]

Wait, I can't find spybots after the settings part. All I could see is:

Language
File Sets
Settings
Directories
Skins
Scheduler
And a lot of "Ignore...[insert stuff]" below.

[g2i2r4]

You´re right, I have a different language setting. Have set it to English now.
It´s Ignore Products.

While you´re there, press the Spybot S&D tab.
Press Recovery and remove the files there.

[g2i2r4]

Remove
NP2k5aSETUP.exe
l2mfix
from your desktop.



Download Pocket Killbox.

Run Killbox (doubleclick Killbox.exe).

Click the radio button that says Delete a file on reboot. For each of the files in the box below, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.

C:\WINDOWS\cmh33na.sys
C:\WINDOWS\System32\a4ppg0f.dll
C:\WINDOWS\System32\BO2802040113.dll
C:\WINDOWS\System32\cmh33na.sys 
C:\WINDOWS\System32\icroxm
C:\WINDOWS\System32\moneyspm
C:\WINDOWS\System32\ppjy0.exe
C:\WINDOWS\System32\prubj.dll
C:\WINDOWS\System32\P_67kd61fg.exe
C:\WINDOWS\cmh33na.sys
C:\WINDOWS\cmh33na.sys
C:\WINDOWS\system32\a4ppg0f.dll
C:\WINDOWS\system32\BO2802040113.dll
C:\WINDOWS\system32\cmh33na.sys
C:\WINDOWS\system32\icroxm.exe
C:\WINDOWS\system32\moneyspm.exe
C:\WINDOWS\system32\ppjy0.exe
C:\WINDOWS\system32\prubj.dll
C:\WINDOWS\system32\P_67kd61fg.exe

[DigiDayDreamer]

You mean purge all the files that are in the recovery?

[g2i2r4]

Now for the system restore.

Here´s how to do it

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


But let´s first rerun the scan and see what´s left.

Please post the result once.

[g2i2r4]

You mean purge all the files that are in the recovery?

Yes please.

[DigiDayDreamer]

Um, I'm at the part where you told me to download Pocket Killbox. It may take me a while to reboot twice, just to let you know.

[g2i2r4]

I'll take a nap (02.30h here now).

After doing all that I posted, please rerun the scan. Let's see what's left.

[DigiDayDreamer]

Um, sorry if I seem stupid, but which scan should I use? Pocket Killbox, Mwav, or HijackThis?

[g2i2r4]

Sorry I mean the MWAV scan.

[DigiDayDreamer]

Oh, wow! The scan took six and a half hours instead of eight and there's only 26 errors left. ^_^ But the strange thing is, I still get pop-ups about fatal registry errors from time to time.

Here's the list:

File System Found infected by "mysearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Desktop\NP2k5aSETUP.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0A.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\BSINSTALL.exe infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\hp\bin\win32all-146.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\20041210215151.zip infected by "not-a-virus:AdWare.Sahat.j" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp infected by "not-a-virus:AdWare.EZula.ag" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1756532583-2214312781-2489097164-1003\Dc10.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\RECYCLER\S-1-5-21-1756532583-2214312781-2489097164-1003\Dc11\backup.zip infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1756532583-2214312781-2489097164-1003\Dc11\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\WrapperOuter1155.EXE infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Helysvp.okp\whenu.exe infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Desktop\EO Games\ESHEEP.zip tagged as not-a-virus:Simulator.Win16.Sheep. No Action Taken.
File C:\Documents and Settings\Owner\Desktop\NP2k5aSETUP.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0A.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\BSINSTALL.exe infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\hp\bin\win32all-146.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\20041210215151.zip infected by "not-a-virus:AdWare.Sahat.j" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp infected by "not-a-virus:AdWare.EZula.ag" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1756532583-2214312781-2489097164-1003\Dc10.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\RECYCLER\S-1-5-21-1756532583-2214312781-2489097164-1003\Dc11\backup.zip infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-1756532583-2214312781-2489097164-1003\Dc11\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\WrapperOuter1155.EXE infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Helysvp.okp\whenu.exe infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Desktop\EO Games\ESHEEP.zip tagged as not-a-virus:Simulator.Win16.Sheep. No Action Taken.

[DigiDayDreamer]

Oh, I can't seem to access Yahoo! Parental Controls for some reason. Can I just delete the folder?