Hi chief2...

 

My name is dobhar and I will be looking over your log. Please give me some time to go look it over. I will post back as soon as possible.

If you have any questions post them back in this thread do not start another.

Thanks,

Hi chief2...

 

Sorry to take so long...got tied.  Anyways, let's get to it...
__________________________________

 

This must be done first before running any of the fixes

 

Your are running HijackThis from your Desktop. HijackThis should be run from a folder on it's own and not from the Desktop. When we get you to "Fix" entries with HJT it creates backups. Please follow the instructions below to download the latest version and to save it to it's own folder.

 

Download the latest HijackThis version 1.99.1 from http://downloads.malwareremoval.com/HijackThis.exe
- Save it on the root of your C: Drive to a folder called HJT or HijackThis
- To create the folder...
1. Open " My Computer"
2. Double-click " C:" or " Local Disk (C: )"
3. Right-click in an open area in that window
4. Select/left-click on " New" from the drop-down
5. Select/left-click on " Folder"
6. A folder will appear with the cursor blinking and the words " New Folder" will be highlighted
7. Name the folder HJT or HijackThis
___________________________________

 

Step 1.
==========
Run HouseCall from Trend Micro from here
- Click " Scan now, it's free" (Note: It will take few minutes to download, so be patient)
- Select all available drives
- Check(tick) " Auto Clean"
- Click " Scan"
- After scan completes, copy the full filename of any files that cannot be cleaned or deleted and post them when your done with the following fix

 

Step 2.
==========
This is optional...
Recommend you uninstall the "BestPopPpKiller".  It is listed in the "Rogue/Suspect Anti-spyware Products & Web Sites" page
=> http://www.tasklist.org/task_BestPopupKiller_exe_5032.html
=> http://castlecops.com/startuplist-5311.html

If you decide to remove it then go to " Add or Remove Programs" in the Control Panel:
- Get into Control Panel
- Double-click "Add or Remove Programs"
- Look in the " Currently installed programs" box for the program(s) listed below and if it is there:
- Click on it to select it
- Click Change (or Change/Remove) button.
- If you are prompted to confirm the removal of the program, click " Yes"

 

BestPopupKiller

 

Step 3.
==========
- Download and install CleanUp! from http://downloads.stevengould.org/cleanup/CleanUp40.exe
- A tutorial can be found at http://www.bleepingcomputer.com/forums/tutorial93.html
(Note: Do not run this yet)

 

Step 4.
==========
- Download FxIstbar from http://securityresponse.symantec.com/avcenter/FxIstbar.exe to your Desktop
- Close all open windows and programs
- Double-click on FxIstbar.exe to run it

 

Step 5.
==========
- Close all Windows and programs
- Run HijackThis...
- Select\check the following entries, if listed. Double-check to make sure that only these entries are checked...

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

 

If you uninstalled the "BestPopUpKiller" then remove this entry also
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup

 

- Click the "Fix checked" button...

 

Step 6.
==========
We now need to cleanup all the Temp files and such
- Start the CleanUp! program I had you download earlier
- Check the custom settings to your liking under options, but be sure to delete Temporary files and Temporary Internet Files for all user profiles. Also, cleanout the Prefetch folder and the Recycle Bin
- Click on the CleanUp! button and let it run to completion
(Note: It may take a few minutes depending on the size of your hard drive so be patient)

 

Step 7.
==========
- Download, install, setup, and Run Ad-aware SE 1.05 and Spybot 1.3 using the instructions from http://forum.malwareremoval.com/viewtopic.php?t=13
- After the last reboot post a fresh new HijackThis log