HELP!! virus/malware/adware keeps coming back!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
Please help!!! I'm at a loss to keep vicious stuff off my computer after deleting it. Norton found W32.allim after my daughter clicked on Hey check this out! in AOL AIM. I think I got if off the computer because Norton doesn't find it anymore. However, I'm getting a dozen other things that I get off only to come back after restart such as Esyndicate, Aproposmedia, the stupid Hunt Bar constantly comes back, and upon restart, I get the message that C:/windows/system332/gmi4i9ir.exe is causing Runtime to terminate in an unusual way. I've run Microsoft Antispyware, Adaware, Xoftspy, Spybot Search & Destroy. It seems to be affecting my web browser--changing the URL home page and pop-ups are occurring. The following is my Hijackthis log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:44:41 AM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msaccrt.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system32\uKZIWXP.exe
C:\windows\system32\ad1l2S.exe
C:\WINDOWS\system32\rdpepim1.exe
C:\WINDOWS\system32\rcpmsdrm.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\uKZIWXP.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Keith & Sandy\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\msaccrt.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.foxnews.com/"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [uKZIWXP.exe] c:\windows\system32\uKZIWXP.exe
O4 - HKLM\..\Run: [ad1l2S] C:\windows\system32\ad1l2S.exe
O4 - HKLM\..\Run: [gmi4i9ir] C:\WINDOWS\system32\gmi4i9ir.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sFrT38U] rdpepim1.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [do03RUYnR] rcpmsdrm.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Jul 26, 2002
Messages
46,331
Hi moviebuff

Welcome to TSG! :)

* Go here to download and install CCleaner
Do not use it yet.


* Click Here and download the the new version of Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\msaccrt.exe

O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)

O4 - HKLM\..\Run: [uKZIWXP.exe] c:\windows\system32\uKZIWXP.exe

O4 - HKLM\..\Run: [ad1l2S] C:\windows\system32\ad1l2S.exe

O4 - HKLM\..\Run: [gmi4i9ir] C:\WINDOWS\system32\gmi4i9ir.exe

O4 - HKLM\..\Run: [sFrT38U] rdpepim1.exe

O4 - HKCU\..\Run: [do03RUYnR] rcpmsdrm.exe



* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\msaccrt.exe

c:\windows\system32\uKZIWXP.exe

C:\windows\system32\ad1l2S.exe

C:\WINDOWS\system32\gmi4i9ir.exe

C:\WINDOWS\system32\rdpepim1.exe

C:\WINDOWS\system32\rcpmsdrm.exe


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
 
Joined
Jul 26, 2002
Messages
46,331
After you have completed the above, please do this:

Killbox creates backups of the files it removes in a C:\!Submit folder. Go to the forum here and upload the files found in the C:\!Submit folder.

Here are the directions for uploading the files:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the files on your computer. If there are multiple files to be uploaded click the "More attachments" button for each extra file and browse to the files. When all the files are listed in the windows click "Post" to upload the files.
 

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
I did everything exactly as you stated. However, I couldn't find anywhere to delete stuff in the Active scan. Here's the neew Hijackthis log along with the Active Scan report. I'm going to try the second part you told me to do now.

Logfile of HijackThis v1.99.1
Scan saved at 9:10:37 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Keith & Sandy\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.foxnews.com/"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [do03RUYnR] rcpmsdrm.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cache277
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\Temp\salm.???
Spyware:Spyware/ISTbar No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\DOCUME~1\KEITH&~1\LOCALS~1\Temp\AutoUpdate0
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/SideSearch No disinfected C:\WINDOWS\sepsd.bin
Adware:Adware/WUpd No disinfected Windows Registry
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
Adware:Adware/ESyndicate No disinfected Windows Registry
Adware:Adware/StatBlaster No disinfected C:\!Submit\ad1l2S.exe
Adware:Adware/SAHAgent No disinfected C:\!Submit\gmi4i9ir.exe
Virus:W32/Gaobot.GQE.worm Disinfected C:\!Submit\msaccrt.exe
Adware:Adware/Apropos No disinfected C:\!Submit\rcpmsdrm.exe
Adware:Adware/Apropos No disinfected C:\!Submit\rdpepim1.exe
Virus:Trj/Bhotcher.A Disinfected C:\!Submit\uKZIWXP.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\AI_Euro.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\all_files7.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\auf0.exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\AutoUpdate0\setup.inf
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\fca0IVf.exe
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\instnotify.exe
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\mw.exe
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\mw_4s_stub.exe
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[lkir8l2gm_.dll]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[abasa5jrp_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[u6f6uftuc_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[hochkaod3_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[u6f6uftuc_.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[hochkaod3_.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[setup4002b.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[webinstaller.dll]
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\tXz.exe
Adware:Adware/Comet No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\unpack\CC_43.inf
Adware:Adware/Comet No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\unpack\inst43.exe
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\update_1.exe
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\WinWildApp.exe
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\MJHPGFWM\MediaTicket[1].exe
Adware:Adware/eZula No disinfected C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\OL2RCPAF\ezw-102[1].0000
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\SH2RKHEF\MediaTicket[1].exe
Adware:Adware/eZula No disinfected C:\Documents and Settings\Emily\Start Menu\Programs\TopText iLookup\My Keywords.lnk
Adware:Adware/eZula No disinfected C:\Documents and Settings\Emily\Start Menu\Programs\TopText iLookup\My Preferences.lnk
Adware:Adware/eZula No disinfected C:\Documents and Settings\Emily\Start Menu\Programs\TopText iLookup\TopText Button Show - Hide.lnk
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Keith & Sandy\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Keith & Sandy\Local Settings\Temporary Internet Files\Content.IE5\H239928A\AutoUpdaterInstaller[1].exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Liz\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\AproposClientInstaller[1].exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\ETZSLK3Q\AutoUpdaterInstaller[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temp\fca0IVf.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\0ZB7E8D9\tb3[1].cab[toolbar.dll]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\0ZB7E8D9\WinTS[1].cab[WToolsS.exe]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\20LOP2XK\istdownload[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\37H3BT8W\xml_istbar[1].xml
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\4HI2JRVA\newmajorse2[1].cab
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\4HI2JRVA\newmajorse2[1].cab[newmajorse2.txt]
Adware:Adware/PowerScan No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\CBRZICTP\power_remove[1].exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\Toolbar3[1].cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\Toolbar3[1].cab[TBPS.exe]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\Toolbar3[1].cab[common.dll]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\Toolbar3[1].cab[toolbar.dll]
 

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\JZEV290S\istsvc[1].exe
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\L44J9L8L\TBPS[1].cab[TBPS.exe]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\L44J9L8L\WToolsD[1].cab
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\L44J9L8L\WToolsD[1].cab[WToolsD.cfg]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\UP7O58VA\newton[1].ch[g.exe]
Adware:Adware/WinAD No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\UP7O58VA\newton[1].ch[l.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\UP7O58VA\TBPSSvc[1].cab[TBPSSvc.exe]
Virus:Trj/Multidropper.QW Disinfected C:\iMeshInst.exe
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AB9E8B54-BFB4-46FF-8E70-EFA029\EB1D804E-F739-4ACC-B619-3D4643
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AB9E8B54-BFB4-46FF-8E70-EFA029\FC3A011E-CCC5-4B67-998B-854287
Adware:Adware/PurityScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BC71034F-4A9E-479C-B719-96DA0C\BE9322E7-EFDC-446E-9894-F6C205
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C5E48A9D-E665-4870-91EF-544E03\15E0D54A-DD36-49CB-A215-0CFCDD
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C5E48A9D-E665-4870-91EF-544E03\2746F14A-6304-4B2C-8917-8D8CE0
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C5E48A9D-E665-4870-91EF-544E03\48A93F39-97C9-447F-8092-9B2A3B
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\CA9F6D40-3495-4376-9772-B185CB\E81FF38A-D1CD-428F-980D-5C893B
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\5960EB8D-74D1-4300-BC92-F60922
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\DF92DA4E-ACA5-43F6-8E1C-8F7D57
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\E06D1B02-573E-4212-A091-20507B
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\F65B6D9F-53A3-4A5F-BCEA-E31F37
Possible Virus. No disinfected C:\spread.exe
Adware:Adware/nCase No disinfected C:\temp\salm.log
Adware:Adware/nCase No disinfected C:\temp\salmau.dat
Adware:Adware/nCase No disinfected C:\temp\salm_gdf.dat
Adware:Adware/nCase No disinfected C:\temp\salm_kyf.dat
Spyware:Spyware/ISTbar No disinfected C:\tmp.exe[g.exe]
Adware:Adware/WinAD No disinfected C:\tmp.exe[l.exe]
Virus:Bck/Agent.SZ Disinfected C:\update.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\db63fnas.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\hochkaod3_.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.ini
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\g.exe
Adware:Adware/WinAD No disinfected C:\WINDOWS\l.exe
Adware:Adware/SideSearch No disinfected C:\WINDOWS\sepsd.bin
Virus:Trj/Bhotcher.A Disinfected C:\WINDOWS\system32\BHOW.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\inarmd0e.dll
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\pidfos.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\q5icda20.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\regidr07.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\rsagshex.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\scscfg.exe
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\system32\update.exe
 
Joined
Jul 26, 2002
Messages
46,331
I am attaching a delete.zip file to this post. It contains a delete.bat file. Download delete.zip and save it to your desktop. Unzip the file and have it ready to run.


Fix this with Hijack THis:

O4 - HKCU\..\Run: [do03RUYnR] rcpmsdrm.exe



Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


Now restart to safe mode.

Once you are in safe mode, doubleclick on the delete.bat file and let it run.

Delete this folder:

C:\Documents and Settings\Emily\Start Menu\Programs\TopText iLookup


Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Now navigate to the C:\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.


Run CCleaner again.


Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Boot back to windows normally now.

Go back to the Activescan online scan and run it again. Save the results.

Come back here and post another HJT log and the results from Activescan
 

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
I did everything but it would not let me delete or even open the folders in the C:\Windows\Temp folder. Here's the latest Active Scan report and HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 8:36:39 PM, on 5/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Documents and Settings\Keith & Sandy\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.foxnews.com/"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
Here's the Active Scan Report


Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cache277
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\DOCUME~1\KEITH&~1\LOCALS~1\Temp\AutoUpdate0
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/StatBlaster No disinfected C:\!Submit\ad1l2S.exe
Adware:Adware/SAHAgent No disinfected C:\!Submit\gmi4i9ir.exe
Adware:Adware/Apropos No disinfected C:\!Submit\rcpmsdrm.exe
Adware:Adware/Apropos No disinfected C:\!Submit\rdpepim1.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\AI_Euro.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\all_files7.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\auf0.exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\AutoUpdate0\setup.inf
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\fca0IVf.exe
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\instnotify.exe
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\mw.exe
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\mw_4s_stub.exe
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[lkir8l2gm_.dll]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[abasa5jrp_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[u6f6uftuc_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[hochkaod3_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[u6f6uftuc_.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[hochkaod3_.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[setup4002b.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\setup4002b.cab[webinstaller.dll]
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\tXz.exe
Adware:Adware/Comet No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\unpack\CC_43.inf
Adware:Adware/Comet No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\unpack\inst43.exe
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\update_1.exe
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\WinWildApp.exe
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\MJHPGFWM\MediaTicket[1].exe
Adware:Adware/eZula No disinfected C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\OL2RCPAF\ezw-102[1].0000
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\SH2RKHEF\MediaTicket[1].exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Keith & Sandy\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Keith & Sandy\Local Settings\Temporary Internet Files\Content.IE5\H239928A\AutoUpdaterInstaller[1].exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Liz\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\AproposClientInstaller[1].exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\ETZSLK3Q\AutoUpdaterInstaller[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temp\fca0IVf.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\0ZB7E8D9\tb3[1].cab[toolbar.dll]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\0ZB7E8D9\WinTS[1].cab[WToolsS.exe]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\20LOP2XK\istdownload[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\37H3BT8W\xml_istbar[1].xml
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\4HI2JRVA\newmajorse2[1].cab
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\4HI2JRVA\newmajorse2[1].cab[newmajorse2.txt]
Adware:Adware/PowerScan No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\CBRZICTP\power_remove[1].exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\Toolbar3[1].cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\Toolbar3[1].cab[TBPS.exe]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\Toolbar3[1].cab[common.dll]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\Toolbar3[1].cab[toolbar.dll]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\JZEV290S\istsvc[1].exe
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\L44J9L8L\TBPS[1].cab[TBPS.exe]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\L44J9L8L\WToolsD[1].cab
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\L44J9L8L\WToolsD[1].cab[WToolsD.cfg]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\UP7O58VA\newton[1].ch[g.exe]
Adware:Adware/WinAD No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\UP7O58VA\newton[1].ch[l.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\UP7O58VA\TBPSSvc[1].cab[TBPSSvc.exe]
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AB9E8B54-BFB4-46FF-8E70-EFA029\EB1D804E-F739-4ACC-B619-3D4643
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AB9E8B54-BFB4-46FF-8E70-EFA029\FC3A011E-CCC5-4B67-998B-854287
Adware:Adware/PurityScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BC71034F-4A9E-479C-B719-96DA0C\BE9322E7-EFDC-446E-9894-F6C205
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C5E48A9D-E665-4870-91EF-544E03\15E0D54A-DD36-49CB-A215-0CFCDD
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C5E48A9D-E665-4870-91EF-544E03\2746F14A-6304-4B2C-8917-8D8CE0
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C5E48A9D-E665-4870-91EF-544E03\48A93F39-97C9-447F-8092-9B2A3B
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\CA9F6D40-3495-4376-9772-B185CB\E81FF38A-D1CD-428F-980D-5C893B
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\5960EB8D-74D1-4300-BC92-F60922
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\DF92DA4E-ACA5-43F6-8E1C-8F7D57
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\E06D1B02-573E-4212-A091-20507B
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\F65B6D9F-53A3-4A5F-BCEA-E31F37
Spyware:Spyware/ISTbar No disinfected C:\tmp.exe[g.exe]
Adware:Adware/WinAD No disinfected C:\tmp.exe[l.exe]
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\hochkaod3_.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.ini
 

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
I went back to see exactly what it said and it let me delete them now. It had said something like access denied and check to see if the disk was in use. I went ahead and deleted the cookies and history and the third folder (I forgot what it was titled) that were in the windows/temp folder. I hope I didn't mess anything up. I went ahead and started running CCleaner again after I deleted that but I forgot to do it in safe mode so I stopped it after a few seconds. I haven't done anything else. I did not empty the recycle bin again.

The windows/temp folder also has a bunch of $NTUninstall files in it now that weren't there before.
 
Joined
Jul 26, 2002
Messages
46,331
The $NTUninstall files are in the Windows folder, not the C:\Windows\Temp folder. I hope you haven't been deleting files from the Windows folder!

How is everything now?
 

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
No, I haven't deleted anything from the windows folder. I had it confused. I ran Ad-Aware again and it detected the following:
Ezula
IBIS Toolbar
WindUpdates
ZyncosMark
StatBlaster
CoolWebSearch
eSyndicate
Possible Browser hijack attempt
Tracking Cookie
Rads01.Quadrogram
MemoryWatcher
SahAgent
PeopleOnPage
MdADdle

Xoftspy found some of the above plus: (I do not have this software to delete the stuff though).
CometSystems
Orbit Explorer
lycos Sidesearch
Xupiter.Orbitexplorer

As you can see, a bunch of this stuff is the same stuff reappearing and won't go away.
 

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
I ran another HJT log. Here it is.

Logfile of HijackThis v1.99.1
Scan saved at 10:16:10 PM, on 5/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WINDOWS\hh.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Keith & Sandy\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.foxnews.com/"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

moviebuff

Thread Starter
Joined
May 20, 2005
Messages
66
Why won't this stuff go away? Here's another Active Scan Report:


Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cache277
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/StatBlaster No disinfected C:\!Submit\ad1l2S.exe
Adware:Adware/SAHAgent No disinfected C:\!Submit\gmi4i9ir.exe
Adware:Adware/Apropos No disinfected C:\!Submit\rcpmsdrm.exe
Adware:Adware/Apropos No disinfected C:\!Submit\rdpepim1.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\AI_Euro.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\all_files7.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\auf0.exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\AutoUpdate0\setup.inf
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\fca0IVf.exe
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\mw.exe
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\tXz.exe
Adware:Adware/Comet No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\unpack\CC_43.inf
Adware:Adware/Comet No disinfected C:\Documents and Settings\Emily\Local Settings\Temp\unpack\inst43.exe
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\MJHPGFWM\MediaTicket[1].exe
Adware:Adware/eZula No disinfected C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\OL2RCPAF\ezw-102[1].0000
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Emily\Local Settings\Temporary Internet Files\Content.IE5\SH2RKHEF\MediaTicket[1].exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Liz\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\E1X3N3K7\AproposClientInstaller[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temp\fca0IVf.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\0ZB7E8D9\tb3[1].cab[toolbar.dll]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\20LOP2XK\istdownload[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\37H3BT8W\xml_istbar[1].xml
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\4HI2JRVA\newmajorse2[1].cab
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\4HI2JRVA\newmajorse2[1].cab[newmajorse2.txt]
Adware:Adware/PowerScan No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\CBRZICTP\power_remove[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\JZEV290S\istsvc[1].exe
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\L44J9L8L\TBPS[1].cab[TBPS.exe]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\UP7O58VA\newton[1].ch[g.exe]
Adware:Adware/WinAD No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\UP7O58VA\newton[1].ch[l.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\UP7O58VA\TBPSSvc[1].cab[TBPSSvc.exe]
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AB9E8B54-BFB4-46FF-8E70-EFA029\EB1D804E-F739-4ACC-B619-3D4643
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AB9E8B54-BFB4-46FF-8E70-EFA029\FC3A011E-CCC5-4B67-998B-854287
Adware:Adware/PurityScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BC71034F-4A9E-479C-B719-96DA0C\BE9322E7-EFDC-446E-9894-F6C205
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C5E48A9D-E665-4870-91EF-544E03\15E0D54A-DD36-49CB-A215-0CFCDD
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C5E48A9D-E665-4870-91EF-544E03\2746F14A-6304-4B2C-8917-8D8CE0
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C5E48A9D-E665-4870-91EF-544E03\48A93F39-97C9-447F-8092-9B2A3B
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\CA9F6D40-3495-4376-9772-B185CB\E81FF38A-D1CD-428F-980D-5C893B
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\DF92DA4E-ACA5-43F6-8E1C-8F7D57
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\E06D1B02-573E-4212-A091-20507B
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E03AB2A0-BC26-411D-A57E-6CA6DC\F65B6D9F-53A3-4A5F-BCEA-E31F37
Spyware:Spyware/ISTbar No disinfected C:\tmp.exe[g.exe]
Adware:Adware/WinAD No disinfected C:\tmp.exe[l.exe]
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\hochkaod3_.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.ini
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top