[patrick_1]

Here are the O2MoveIt2 results:

C:\Program Files\saap.log moved successfully.
C:\Program Files\kyf.dat moved successfully.
C:\Program Files\fiz6 moved successfully.
C:\Program Files\fiz5 moved successfully.
C:\Program Files\fiz4 moved successfully.
C:\Program Files\fiz3 moved successfully.
C:\Program Files\fiz2 moved successfully.
C:\Program Files\fiz1 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_172731

And a fresh Panda Active Scan.

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-01 23:12:01
PROTECTIONS: 0
MALWARE: 29
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00000431 adware/ist.istbar Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\istsvc
00001888 adware/dyfuca Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer
00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\search page_bak
00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\search bar_bak
00027660 adware/savenow Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311c-43b4-8499-3d5fec94a183}
00029007 adware/tvmedia Adware No 0 Yes No c:\documents and settings\owner\application data\tvmcwrd.dll
00035328 Application/KillApp.A HackTools No 0 Yes No C:\hp\bin\Terminator.exe
00036016 adware/topmoxie Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
00039204 adware/cws Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\start page_bak
00040067 spyware/shopnav Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}
00040415 adware/wintools Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554}
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\owner\application data\lycos
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
00064198 adware/mbkwbar Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1}
00064198 adware/mbkwbar Adware No 0 Yes No hkey_local_machine\software\mbkwbar
00096718 adware/twain-tech Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607d-d204-42c7-8e46-216055bf9918}
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.com.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.azjmp.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.bs.serving-sys.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.realmedia.com/]
00174002 Dialer.Gen Dialers No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp
00219288 adware/clickalchemy Adware No 0 Yes No c:\windows\inf\alchem.inf
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.atwola.com/]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1\A0000025.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1\A0000024.exe
02769568 Application/MyWebSearch HackTools No 0 Yes No C:\WINDOWS\s4Setp.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location ش
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description ش
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

[Advertisements]

Firstly, please remove this entry from Add/Remove Programs in the Control Panel(if present):

mbkwbar

Please delete this folder using Windows Explorer(if present):

C:\program Files\mbkwbar



After that's done, we'll use OTMoveIt again.

OTMoveIt2 -

• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  c:\documents and settings\owner\application data\tvmcwrd.dll
  hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\istsvc
  hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311c-43b4-8499-3d5fec94a183}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607d-d204-42c7-8e46-216055bf9918}
  hkey_local_machine\software\mbkwbar

  
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Also, post a fresh fresh Panda Scan.

[eddie5659]

Firstly, please remove this entry from Add/Remove Programs in the Control Panel(if present):

mbkwbar

Please delete this folder using Windows Explorer(if present):

C:\program Files\mbkwbar



After that's done, we'll use OTMoveIt again.

OTMoveIt2 -

• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  c:\documents and settings\owner\application data\tvmcwrd.dll
  hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\istsvc
  hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311c-43b4-8499-3d5fec94a183}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607d-d204-42c7-8e46-216055bf9918}
  hkey_local_machine\software\mbkwbar

  
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Also, post a fresh fresh Panda Scan.

[patrick_1]

This cleaning is taking many more iterations than I had expected. Never guessed I had that much junk on my computer. I suppose Ewido and AVG AntiSpyware can only detect so much. I appreciate your dedication and commitment.

Now for the results

The file C:\program Files\mbkwbar did not exist on my computer so nothing to remove directly.

When I tried MOVEIT I got the following error message:

OTMoveIt2: OTMoveIt2.exe - Bad Image
The application or DLL c:\documents and settings\owner\application data\tvmcwrd.dll is not a valid Windows image. Please check this against your installation diskette.

Although, when I clicked 'OK' MOVEIT did appear successful and here are the results:

LoadLibrary failed for c:\documents and settings\owner\application data\tvmcwrd.dll
c:\documents and settings\owner\application data\tvmcwrd.dll NOT unregistered.
c:\documents and settings\owner\application data\tvmcwrd.dll moved successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\istsvc >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\istsvc\\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311c-43b4-8499-3d5fec94a183} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311c-43b4-8499-3d5fec94a183}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1}\\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607d-d204-42c7-8e46-216055bf9918} >
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607d-d204-42c7-8e46-216055bf9918}\\ deleted successfully.
< hkey_local_machine\software\mbkwbar >
Registry key hkey_local_machine\software\mbkwbar\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07032008_193250

[eddie5659]

Not sure why that happened, but it appears to have worked.

Just to be totally sure, can you run a fresh Panda scan for me

eddie

[patrick_1]

Here you go.

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-06 17:58:13
PROTECTIONS: 0
MALWARE: 15
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\search bar_bak
00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\search page_bak
00035328 Application/KillApp.A HackTools No 0 Yes No C:\hp\bin\Terminator.exe
00036016 adware/topmoxie Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
00039204 adware/cws Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\start page_bak
00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\owner\application data\lycos
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.com.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp
00174002 Dialer.Gen Dialers No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp
00219288 adware/clickalchemy Adware No 0 Yes No c:\windows\inf\alchem.inf
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x3tc7dbb.default\cookies.txt[.atwola.com/]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
02769568 Application/MyWebSearch HackTools No 0 Yes No C:\WINDOWS\s4Setp.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location Ɣ
;===============================================================================
=================================================================================
===================
No C:\Documents and Settings\Owner\Desktop\ComboFix.exe Ɣ
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description Ɣ
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

[eddie5659]

That looks a lot better, hows the computer running now?

• Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an S in the system tray.
• In the Resident Shield section, toggle the AVG Anti-Spyware active protection onn by clicking Change state which will then change the protection status to active.
• If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
• Reply yes and set it to active.

[patrick_1]

Everything is running smooth and I haven't had any issues.

I did figure out what was causing the backweb error I had mentioned in my first post. It turned out to be an unnecessary Hewlet-Packard service that was set from the factory to load on startup. One of the anti-spyware programs had identified that process as potentionally malicious and removed a file. I had no use for the service so I just disabled it and problem solved.

Which anti-spyware programs do you recommend running for maintenance? AVG does a pretty good job but should I run others also on a regular basis?

[eddie5659]

Glad to hear the Backweb was solved

Run the following two programs to clean up the programs that we've used.

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

OTCleanIt

Download the following program:

http://download.blee...r/OTCleanIt.exe

Then, click the CleanUp! button. It will go thorugh the list and remove all of the tools it finds and then delete itself. Reboot.



Then, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 2 free ones available for personal use:

• Kerio Personal Firewall
• ZoneAlarm

and a good antivirus (these are also free for personal use):

• AVG Anti-Virus
• Avast Home Edition

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

monthly. And to keep your system clean run these free malware scanners

• AdAware SE Personal
  
• Spybot Search & Destroy

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!

[patrick_1]

It is very generous for so many knowledgeable people to donate their time to help keep other people's computers working and virus free. Thank you for all the help.

Patrick

[eddie5659]

I do enjoy this, as its my main hobby, and the satisfaction you get knowing that a person's computer is virus free is great

[eddie5659]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.