We have a Office PC affected with "AdwareRemover2007".
I have read the "Before you Post" and Downloaded FixWareout and ATF Cleaner for future use.
My SpyBot is v1.5.
Below is my HJT Report and Kaspersky Report.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:07 AM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSVPS System - {6EB10F79-5E53-4F76-B146-409EFCDCB957} - C:\WINDOWS\movctrlfqd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: The nssfrch - {DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70} - C:\WINDOWS\nssfrch.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (Nafi Class) - file://E:\naf\html\nafcom.cab
O21 - SSODL: bxsbang - {20853007-381A-4526-B54C-0B642258D64F} - C:\WINDOWS\bxsbang.dll
O21 - SSODL: ocgrep - {7DCB0019-DCFB-4880-9E52-3B29F1D3DB87} - C:\WINDOWS\ocgrep.dll
O23 - Service: D-Link Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 6807 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 30, 2007 9:43:10 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/10/2007
Kaspersky Anti-Virus database records: 448744
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 64445
Number of viruses found: 19
Number of infected objects: 37
Number of suspicious objects: 0
Duration of the scan process: 02:08:43
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\08AA2149.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\EBE45D01.TMP Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007103020071031\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70B.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70B.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.iu skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70B.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.iw skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70B.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70B.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70B.tmp NSIS: infected - 5 skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70F.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Vapsup.jb skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70F.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.iy skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70F.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70F.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Agent.sn skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70F.tmp/stream/data0006 Infected: not-a-virus:AdWare.Win32.Vapsup.ja skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70F.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.jd skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70F.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70F.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jc skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT70F.tmp NSIS: infected - 8 skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT713.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.ka skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT713.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.iu skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT713.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.iw skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT713.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT713.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT713.tmp NSIS: infected - 5 skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT730.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.js skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT730.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.js skipped
C:\Documents and Settings\Owner\Local Settings\Temp\BIT730.tmp NSIS: infected - 2 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4567S9M7\Install1216[1].exe Infected: not-virus:Hoax.Win32.Renos.mw skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP396\A0052731.dll Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP396\A0052735.dll Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP445\A0065351.exe Infected: not-virus:Hoax.Win32.Renos.mw skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP446\A0068476.exe Infected: not-virus:Hoax.Win32.Renos.mw skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP446\A0068483.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.c skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP446\A0070589.exe Infected: not-virus:Hoax.Win32.Renos.mw skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP446\A0070592.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.c skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP447\change.log Object is locked skipped
C:\WINDOWS\bxsbang.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ir skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\kthemup.exe Infected: not-a-virus:AdWare.Win32.Vapsup.is skipped
C:\WINDOWS\movctrlfqd.dll Infected: not-a-virus:AdWare.Win32.Vapsup.it skipped
C:\WINDOWS\nssfrch.dll Infected: not-a-virus:AdWare.Win32.Vapsup.iu skipped
C:\WINDOWS\ocgrep.dll Infected: not-a-virus:AdWare.Win32.Agent.sm skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
Scan process completed.
Any help would be appreciated