If you do any banking, online buying, please use a diferent machine, if possible, and change your passwords. If not do it as soon as this is removed.Let's try this
Please download the OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer.
Save it to your desktop.
don't run it yet!Open HJT and do a system scan only, place a check markmark next to these
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [OpinionSquare] c:\windows\system32\opnsqr.exe -boot
O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.opinionsquare.com/Config/CSetup_hooking_xp.cab
O20 - Winlogon Notify: OpinionSquare - C:\WINDOWS\system32\opls.dllClose all browsers/windows except HJT and click fix. Close HJT.
Go to add/remove programs and uninstall
OpinionSquareReboot.
If it won't uninstall via add/remove do the following
Click start run and type
cmd in the box, click ok
In the window that appears type the following line exactly and hit enter.
note the 1 space between opnsqr.exe and -bootremove there is also 1 space between -bootremove and -uninst:OpinionSquare
C:\WINDOWS\system32\opnsqr.exe -bootremove -uninst:OpinionSquare When it's done type
exit and hit enter, Reboot.
If it uninstalled by either method, continue. If it didn't uninstall
STOP and post back.
Open OTMOVEIT and rid yourself of these
C:\WINDOWS\system32\silc.dat
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\LDPackage.dll
C:\WINDOWS\system32\opxf.dll
C:\WINDOWS\system32\opph.dll
C:\WINDOWS\system32\opai.dll
C:\WINDOWS\system32\opnsqr.exe
C:\WINDOWS\system32\opls.dll
C:\Documents and Settings\All Users\Application Data\bumsrFinally, remove the certificates from your browser.
If you use Internet Explorer:
Open Internet Explorer.
Click on the Tools menu.
Click on Internet Options.
Click on the Content tab.
Click on the Certificates button.
Click on the Trusted Root Certification Authorities tab.
Look in the Issued to column for any MarketScore Inc , OpinionSquare, or Netsetter certificates.
Delete any MarketScore Inc, OpinionSquare, or Netsetter certificates.
Click yes in each confirmation window that appears when you delete a certificate.
If you use Netscape/Mozilla:
Open Netscape or Mozilla.
Click on the Edit menu.
Click on Preferences.
In the Category column click the plus sign (+) next to Privacy and Security.
Click Certificates.
Click the Manage Certificates button.
Click the Authorities tab.
Look for any certificates for MarketScore Inc. , OpinionSquare, or Netsetter
Delete any certificates for MarketScore Inc. , OpinionSquare, or Netsetter
Click yes in each confirmation window that appears when you delete a certificate.
If you use Mozilla Firefox:
Open Mozilla Firefox
Click on the Tools menu
Click on Options
Click on Advanced
Click the Manage Certificates button
Click the Authorities tab
Look for any certificates for MarketScore Inc. , OpinionSquare, or Netsetter
Click yes in each confirmation window that appears when you delete a certificate.
Delete any certificates for MarketScore Inc. , OpinionSquare, or Netsetter
Click yes in each confirmation window that appears when you delete a certificate.
Restart your computer.
Please post the OTMOVEIT results and a new DSS log