1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

various trojans/viruses I can't remove

Discussion in 'Virus & Other Malware Removal' started by jendump, Jul 23, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. jendump

    jendump Thread Starter

    Joined:
    Jun 11, 2005
    Messages:
    32
    My computer has been extremely slow. I have up-to-date McAfee. I ran it---nothing. I ran Spybot and it found Surf Sidekick. I selected to fix that problem. So then I ran panda software, and it found the following:


    Adware:adware/neededware Windows Registry
    Spyware:Cookie/Go C:\Documents and Settings\Jenn\Cookies\[email protected][2].txt
    Virus:Trj/Multidropper.QW C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe]
    Virus:Trj/Bhotcher.A C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe][WBCM_Installer.exe]
    Virus:Trj/Bhotcher.A C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe][WBCM_Installer.exe][BHOW.exe]

    Adware:Adware/StatBlasterC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe][update.exe]

    Spyware:Spyware/BetterInet C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[thin-85-1-x-x.exe]

    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe]
    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][MemoryWatcher.exe]
    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][TrayIcon.ocx]

    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][wowex32.exe]

    Virus:Backdoor Program C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][instnotify.exe]

    Spyware:Spyware/Apropos C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[cxtpls_loader.exe]
    Spyware:Spyware/Apropos C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\auto_update[1]
    Adware:Adware/nCase

    So, I can't delete the files because the path doesn't exist in my computer. I've searched for this files, can't find them. I've also looked in the registry, can't find them.

    Here's is a Hijack This Log as well

    Logfile of HijackThis v1.99.1
    Scan saved at 10:48:04 PM, on 7/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://content.embella.com/plugins/aw70webplayers/full/activex_cab/awswaxf.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121130829982
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {F461205D-ABDC-42FE-B2E2-AFD4600B905E} (MASHControl Class) - http://www.amiuptodate.com/vsc/mvt/bin/1,0,0,7/mash.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe


    PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download ATF Cleaner by Atribune and save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.



          [*]NOTE:
          If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.
     
  3. jendump

    jendump Thread Starter

    Joined:
    Jun 11, 2005
    Messages:
    32
    I'm sorry, I probably should have noted that I use CCleaner daily, system restore is off. And all these things appeared after I ran CCleaner. Also, please note that the paths they are listed aren't even valid paths. My paths branch differently after Temporary Internet Filie
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Give ATF cleaner a try
     
  5. jendump

    jendump Thread Starter

    Joined:
    Jun 11, 2005
    Messages:
    32
    I ran ATF and then did the panda scan again. Here's that report.


    Adware:adware/neededware Windows Registry
    Virus:Trj/Multidropper.QW C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe]

    Virus:Trj/Bhotcher.A C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe][WBCM_Installer.exe]

    Virus:Trj/Bhotcher.A C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe][WBCM_Installer.exe][BHOW.exe]

    Adware:Adware/StatBlaster C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe][update.exe]

    Spyware:Spyware/BetterInet C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[thin-85-1-x-x.exe]

    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe]

    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][MemoryWatcher.exe]
    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][TrayIcon.ocx]

    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][wowex32.exe]

    Virus:Backdoor Program C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][instnotify.exe]

    Spyware:Spyware/Apropos C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[cxtpls_loader.exe]

    Spyware:Spyware/Apropos C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\auto_update[1]
    Adware:Adware/nCase
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
     
  7. jendump

    jendump Thread Starter

    Joined:
    Jun 11, 2005
    Messages:
    32
    Ok, that was completed. No extra prompts came up.
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Does Panda still find those items
     
  9. jendump

    jendump Thread Starter

    Joined:
    Jun 11, 2005
    Messages:
    32
    That information would have been helpful to you, ha ha ha, sorry.

    So I ran panda again, same log it looks like.


    Adware:adware/neededware Windows Registry
    Spyware:Cookie/Go C:\Documents and Settings\Jenn\Cookies\[email protected][2].txt
    Virus:Trj/Multidropper.QW C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe]

    Virus:Trj/Bhotcher.A C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe][WBCM_Installer.exe]

    Virus:Trj/Bhotcher.A C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe][WBCM_Installer.exe][BHOW.exe]

    Adware:Adware/StatBlaster C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[iMeshInst.exe][update.exe]

    Spyware:Spyware/BetterInet C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[thin-85-1-x-x.exe]

    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe]

    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][MemoryWatcher.exe]

    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][TrayIcon.ocx]

    Adware:Adware/MemoryWatcher C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][wowex32.exe]

    Virus:Backdoor Program C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[MemoryWatcher_b.exe][instnotify.exe]

    Spyware:Spyware/Apropos C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\all_files7[1].exe[cxtpls_loader.exe]

    Spyware:Spyware/Apropos C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SNMH6JE5\auto_update[1]
    Adware:Adware/nCase C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IBMV0PYL\prompt_ie_win[1].js
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Usually you can locate the Content.IE5 folder by doing a search for it.
    There may be multiple folders inside of it. You can delete the contents of what's inside them.
     
  11. jendump

    jendump Thread Starter

    Joined:
    Jun 11, 2005
    Messages:
    32
    The Content.IE5 had been located and there are 4 subdirectories, none of which have any files in them.
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Is the subfolder SNMH6JE5 in there
     
  13. jendump

    jendump Thread Starter

    Joined:
    Jun 11, 2005
    Messages:
    32
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    open killbox/press tools/delete temp files

    when the screen comes up in the middle of teh screen is a drop down box

    first select C:\Documents and Settings\LocalService and select any options it allows & press delete temp files

    next select every other account listed in that drop down box & do exactly the same

    then exit killbox & run panda again and they should all be gone
     
  15. jendump

    jendump Thread Starter

    Joined:
    Jun 11, 2005
    Messages:
    32
    Much better, there are only 2 listed now:


    Adware:adware/neededware Windows Registry
    Adware:Adware/nCase C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IBMV0PYL\prompt_ie_win[1].js
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/485547

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice