Possible Virus or Spyware. Need help

I have downloaded and run all of the programs in the "Read me first" post. The problem is that my internet connection is sending anywhere from 70k to 90k packets upon startup and my ISP provider told me that I have spy-ware on my computer. Ad-Aware found 1 critical tracking cookie and 10 neglieble MRU files. Spy-Bot finds "Activity SchedLgU.Txt C:\WINDOWS\SchedLgU.Txt" backup file, but is never able to remove or fix and I am unable to delete this file. Please help

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Thank you. Here is the attachment.

 

Scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.co m/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yah oo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yah oo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialoffer.com/indexie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.co m

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O15 - Trusted Zone: http://www.cox.net
O15 - Trusted Zone: www.misfitsofsociety.net
O15 - Trusted Zone: www.neopets.com
O15 - Trusted Zone: www.paypal.com
O15 - Trusted Zone: www.xog.com

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot, Scan with HijackThis and attach the new log, also tell us how things are running now.

 

Thank you. Here is the new File.

 

Ah! I missed one!

Have HJT fix the entry below:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

Your log is now clean, are you having any further problems?

 

Spy-Bot is still finding the "Activity SchedLgU.Txt C:\WINDOWS\SchedLgU.Txt" backup file, and my sent packets are still through the roof I did another hijack this and here are the results.

 

Your HJT log is clean, lets try to delete this file manually

Navigate to and delete the below file:

C:\WINDOWS\SchedLgU.Txt

After you remove the above file, procede with these online scans. Post your results as in whats found and if it was removed.

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

 

I get an error message when trying to delete that "Another program or person is using this file"

 

Not sure if this helps or not but my running processes are:
Explorer.exe
gcasServ.exe
iexplore.exe
task.mgr
McShield.exe
ybrwicon.exe
McVSEscn.exe
mcagent.exe
mcvsrte.exe
spoolsv.exe
mcvsshld.exe
svchost.exe-Local Service x2
svchost.exe-Network Service x2
svchost.exe Sysytem x2
alg.exe
lsass.exe
serviices.exe
winlogon.exe
crss.exe
smss.exe
rundll32.exe
igfxtray.exe
ycommin.exe
hkcmd.exe
system
System Idle Process @ 98 CPU usage.

 

Did you run the online scans? If so, what were the results?

Pocket KillBox

Now, Copy and Paste C:\WINDOWS\SchedLgU.Txt into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

After your system reboots see if the file remains!