ppv5consumercl.exe

in my task manager this sometimes appears, i notice a quick flicker of a pop up advertisement which acts as a warning to check my CPU usage and this entry is eating away at 85% of CPU. i've tried the search with no luck and 'ppv5' on google hints at some gaming console thing, is it showing up in my HJT log?

thanks


Logfile of HijackThis v1.99.1
Scan saved at 13:16:17, on 15/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/en/default.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [TrustInstaller] D:\Setup.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [FlashInstaller] D:\flashstart.exe D:\bt.exe run
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe "
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Hi Tenchy,

Not too much visibly wrong, but a few questions, then a recommendation.

Do you know what this is?
[TrustInstaller] D:\Setup.exe

When you installed Messenger Plus 3, did you specifically install without the sponsors? If not, uninstall it and either do a custom re-install without the sponsor or leave it out completely. The sponsor also installs a LOP variant, which you definately don't want.

Please download MWAV. Save it to your desktop and double click to open. Check the boxes for Memory, Registry, Startup Folders, System Folders, Services, Drive, All Local Drives and Scan All Files, then click scan. When it completes, copy the lower window labled Virus Log Information and post it here. Takes quite a long time for it to finish, so be patient.

 

The trust installer thing i THINK is something to do with my keyboard as that came with a disc marked ‘Trust’ a silverline direct access keyboard which gives a website link http://trust.com/ so I’m not to sure if I should remove it.

I made sure I never installed the sponsors when I reinstalled plus after I had bother a year or so back because of allowing them.

I ran the link thanks and the lower windows results show …. (it wouldn’t let me copy and paste so I typed it out and copied/pasted once typed)

File C:\DOCUME~1\Owner\LOCALS~1\Temp\EPS_High-End_System_v1_test wal tagged as not-a-virus: Tool Win32 Shutdown. No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\pskill.exe tagged as not-a-virus Riskware. Tool PsKill 110. No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\xtilqnuu.exe infected by “not-a-virus: AdWare Lop.m” Virus. Action Taken. No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\ContentIE5\45QVK9Y7\BTYahooHelpInstall[1].exe tagged as not-a-virus Riskware. Tool PsKill 110. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Two hold for boob\newopen.exe infected by “not-a-virus: AdWare Lop.p” Virus. Action Taken. No Action Taken.
File C:\Documents and Settings\Owner\\Local Settings\Temp\ EPS_High-End_System_v1_test wal tagged as not-a-virus: Tool Win32 Shutdown. No Action Taken.
File C:\Documents and Settings\Owner\\Local Settings\Temp\ pskill.exe tagged as not-a-virus Riskware. Tool PsKill 110. No Action Taken.
File C:\Documents and Settings\Owner\\Local Settings\Temp\xtilqnuu.exe infected by “not-a-virus: AdWare Lop.m” Virus. Action Taken. No Action Taken.
File C:\Documents and Settings\Temporary Internet Files\ ContentIE5\45QVK9Y7\BTYahooHelpInstall[1].exe tagged as not-a-virus Riskware. Tool PsKill 110. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\31125E7D.tmp infected by “not-a-virus AdWare NewDotNet” Virus. Action Taken. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3CB84B42.tmp infected by “not-a-virus AdWare ToolBar.Quick.b” Virus. Action Taken. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3F377FC8.htm infected by “Exploit.VBS.Phel.a” Virus. Action Taken. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3F3D53C1.htm infected by “Exploit.VBS.Phel.a” Virus. Action Taken. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\43236976.js infected by “Trojan-Downloader.JS.lstBar.j” Virus. Action Taken. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4C392924.js infected by “Trojan-Downloader.JS.lstBar.j” Virus. Action Taken. No Action Taken.
File C:\Program Files\PestPatrol\Quarantine\20040728202145933.zip infected by “not-a-virus AdWare.Lop” Virus. Action Taken. No Action Taken.





17 virii? OMG!!! (though I think the Norton and Pest Patrol ones are just held safely in Quarantine?????)

For The Results it gave …

Total Objects Scanned … 45913
Total Virus(es) Found … 17
Total Disinfected Files … 0
Total Deleted Objects … 0
Total Files Renamed … 0
Total Errors … 53
Time Elapsed … 01:47:07

Do the errors hold any significance?

Thanks

 

also what is with all the .tmp files i have? i noticed i have loads

 

.tmp are temporary files, created by various applications while the app is in use. They are safe to delete. The only thing in your MWAV scan I'm at all concerned about is C:\Documents and Settings\All Users\Application Data\Two hold for boob\newopen.exe

Is there a ppv5consumercl.exe file on your drive?

 

the 'Two hold for boob' thing has a folder called that, it stuck out as it was a strange name for a folder. are the others causing worry? can i do something to get rid of the worrying one? also should i delete my norton quarantine?

i'm doing a search on my hard drive and the ppv5 entry doesn't show, what it has been i have twice seen a flicker of a window which very quickly disappeared. this prompted me to check my task manager and saw the ppv5 eating at my CPU though before i got the exact name it disappared again. this happened twice so i confirmed i saw the right thing.

i had a problem with my BT/Yahoo browser which needed updating, i couldn't download it and i contacted BT (my ISP) and the upshot was i uninstalled the browser, rebooted and still couldn't download the newer version.

i now have it back and felt vulnerable not having it as this was my broadband browser that was packaged with my broadband subscription. it had pop up blockers and spam filters in it so i figured the pop up was because i never had the browser on my system? but as i say it is now though these other virus worry me now.

does that make sense?

EDIT: AH! the search has come up with a ppv5 entry relating to my pestpatrol and the .exe file is in prefetch which is a PF file. i paid for pest patrol a year or so back but i never use it, i am now thinking of uninstalling it.

also do i enter '*.tmp' in the search bar and delete them all? or do they need deleted at all?

 

Funny, now that you mention it, that does look like it should be a PestPatrol file, but what's it doing??? Most likely an updater. Might want to contact the vendor about that file and the way it's behaving. Might just be a version glitch or something that they have a fix for. Uninstalling is always an option if you can't get it resolved.

Not a bad idea to empty out the quarantines.

Delete the entire Two hold for boob folder.

Running disk cleanup to clear the temps should be sufficient. Open My Computer, right click Local Disk C: and choose properties, then disk cleanup. Check all boxes except Compress old files and click OK.

 

i just uninstalled pest patrol, i used to use quite a bit then it changed a few month back and didn't like the way it ran and i'm sure i took it off my start up files as i think it was conflicting with something (spysweeper conflicts with msn so i took that off though use now and then)

i deleted the two hold for boob and rand disk cleanup without compressing old files (i've chose that in the past)

i did a search for *.tmp and still had over 1500 .tmp files and am just unsure as to why.

do i need not worry about all the other virus finds?

 

As I said, the clearing the temps I listed in my last post should be sufficient, but if you really want to clean out all temp files, to my knowledge, it won't harm anything. You might want to ask around a bit first though.

Here's an easy way to do it, but keep in mind it will permantely delete them from your hard drive. It will not put them in the recycle bin, where you could restore them from. You will always have at least a couple of tmp files in use that cannot be deleted.

Click start>run and type cmd to open a command prompt. Type the following command and hit enter.

del c:\*.tmp /s

You can also export a list of all temp files, before deleting. Again, from the command line.

dir c:\*.tmp /s>c:\temp.txt

Change the filename to c:\temp1.txt after deleting to see what's left without overwriting the first one created.

 

i tried the first option, rebooted and all seems fine (or was fine till i rescanned to check). thankyou for looking into this noahdfear

File C:\DOCUME~1\Owner\LOCALS~1\Temp\EPS_High-End_System_v1_test wal tagged as not-a-virus: Tool Win32 Shutdown. No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\pskill.exe tagged as not-a-virus Riskware. Tool PsKill 110. No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\xtilqnuu.exe infected by “not-a-virus: AdWare Lop.m” Virus. Action Taken. No Action Taken.
File C:\Documents and Settings\Owner\\Local Settings\Temp\ EPS_High-End_System_v1_test wal tagged as not-a-virus: Tool Win32 Shutdown. No Action Taken.
File C:\Documents and Settings\Owner\\Local Settings\Temp\ pskill.exe tagged as not-a-virus Riskware. Tool PsKill 110. No Action Taken.
File C:\Documents and Settings\Owner\\Local Settings\Temp\xtilqnuu.exe infected by “not-a-virus: AdWare Lop.m” Virus. Action Taken. No Action Taken.

You mentioned these are not as worrying?

Also new additions (not sure where these popped up from) …

File C:\Program Files\Opera7\profile\cache4\opr05AFB.js infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: No Action
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP235\A0097811.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP235\A0097825.exe infected by "not-a-virus:AdWare.Lop.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP235\A0097834.exe infected by "Trojan-Downloader.Win32.Swizzor.cb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP235\A0097835.exe infected by "Trojan-Downloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP235\A0097836.exe infected by "not-a-virus:AdWare.Lop.p" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP235\A0097837.exe infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP235\A0097874.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP278\A0116339.exe tagged as not-a-virus:RiskWare.Dialer.Generic. No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP279\A0117393.exe infected by "not-a-virus:AdWare.Gator.3103" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP279\A0117395.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP279\A0117412.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP279\A0117652.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP279\A0117653.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP283\A0118039.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{20BC02DF-08F3-4470-9413-75DC753C3CFC}\RP303\A0127980.exe infected by "not-a-virus:AdWare.Lop.p" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Lycos\ss_IGN1_setup.exe infected by "not-a-virus:AdWare.Sidesearch.d" Virus. Action Taken: No Action Taken.

Only 21 errors this time, it took longer at 2.30 hours and it scanned 75000 files. Maybe I clicked something different?

 

Reboot to safe mode. You will have to show hidden files and folders. Open C:\Documents and Settings\Owner\Local Settings\Temp, select all and delete.
Open C:\WINDOWS\Lycos and delete ss_IGN1_setup.exe (if you don't use Lycos, delete the entire folder).
Empty the recycle bin.

Reboot and if everything seems to be working properly, right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out. Reboot and turn it back on.

 

Thanks noahdfear, I followed instructions and did a rescan, only 1 virus remains.

File C:\Program Files\Opera7\profile\cache4\opr05AFB.js infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: No Action Taken.

And the errors are

ERROR!!! Invalid Entry System32\Drivers\USB650C.sys in SYSTEM\CurrentControlSet\Services\VM650FVM11...
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast2.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClipgenieDownloadWare.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick4.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick5.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick6.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox2.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitBox3.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitsLink.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HitsLink1.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSWorks1.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchForIt.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchForIt1.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchForIt2.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchForIt3.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchForIt4.zip is Not Scanned
ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchForIt5.zip is Not Scanned
ERROR!!! File C:\hiberfil.sys: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\hiberfil.sys
ERROR!!! File C:\pagefile.sys: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\pagefile.sys
ERROR!!! File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask is Not Scanned

So the unbolded ones, all point to spybot apart from one pointing to ad-aware.

 

That's a java script file in your Opera temporary internet files. The Spybot backups can all be removed. Open Spybot in advanced mode and select recovery from the left pane. Select all backups and then click purge.

 

i purged the spybot stuff .... the other stuff now is ok? can i delete the opera file? the adaware file?

reading up on google, the hiberfil.sys is responsible for hibernation, the USB of what i can read could be fixed by unplugging my USB port and switching hub with my broadband modem????

 

Nothing else is of any consequence. Do not delete them. Of course, you can clear the Opera TIFs at any time. Not at all unusual to have js files there.

 

ok i'll delete the opera entry and thanks very much for the help noahdfear

 

You're most welcome, Tenchy.