Requesting help fixing spyware, malware and winfix 2005

Hello,

I’m new to the forum and somewhat ashamed I can’t solve this one with the help of already posted information. I was more at home in the Dos/Win3.1 days and pretty much haven’t worked with the intricacies of XP. As of this evening, I think this problem is now way over my head. To skip to the big points, see the list at the end of the post.

On my girlfriend’s (infected) computer running Norton Internet Security 2004 Security/AV with current updates, I disabled restore and chose to show all files. I then downloaded the 10 recommended tools after checking (and not finding anything wrong) for the 3 Windows services which are recommended, as I did not know if these were a problem on her system.

At this point, I rebooted in safe w/networking mode, but her wireless laptop did not see the Internet as usual. I tried a repair operation on the connection, which claimed to be connected, but something did not work, as I only saw a ‘page missing’ page in IE6. So, I ran Bitdefender, RavAntivirus and Stinger in normal boot mode. I believe I should note this per the FAQ.

With other apps closed, I ran CCleaner, AdAware (w/VX2) and Spybot. Many things were removed, but CWShredder, Kill2me, about:buster and HSRemove didn’t yield anything. I skipped the ‘only the best’ option, as I didn’t see symptoms that I knew meant that was active, but I did make a HJT log, but am not posting it, as it has not been requested.

I ran trojanscan and found ezpopstub.exe and trendmicro had a drh.digitalriver.com pop-up, but no findings.

We still have winfix 2005, z1.adserver.com and ad.yieldmanager.com pop-ups so far. Also, when viewing task manager, I thought that the bcmwltry process might be suspect, as I did not see it on a Win2k PC at work.

The meat:

1) I am extremely fearful that her computer is compromised, because when I tried to verify it was on the network, but not Internet, I searched for a shared folder from another networked PC. I did not find it, which makes me think that the wireless network does not work in safe mode. But, I noticed that !!Her C drive is a shared drive on the network!! This seems to me to be a real problem. I checked in Windows Explorer and it is shared, but I did not do that and I am pretty sure she did not either. I think this means her PC has been compromised!

2) I couldn’t run Bitdefender, RavAntivirus or Stinger in safe mode, as they couldn’t see the Internet in safe mode. I think this is a key to solving the problems, but don’t know what I am doing wrong when booting in safe mode with networking. We have a Belkin wireless network on cable modem for Internet. Any help is appreciated.

3) We still have z1.adserver.com and win fix 2005 pop-ups at least.

I apologize if this post is too long, but I was trying to follow the guidelines as I understood them and not waste the time of posters on this site. If I have made an obvious error, please post a link, if convenient, or tell me how to better follow the rules.

I do have an HJT log, but did not post it, as I thought it was not proper until requested, at which point it will be posted as a file, per the instructions. I am posting this from a different PC, as I feel that her PC should not be on the Internet right now.

Any help is appreciated!

Best Regards,

Sandy.

 

Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting