System 32 folder?!

**jholland1964** · 08-07-2007, 08:29 AM

Ok pcSOSpc,
When you say there are four users, does each user have to sign onto the computer itself as a different user or do you just all use the computer and have your own email, and AIM user accounts that you sign into?
Only things flagged by the Kaspersky scan seemed to be just in the Catie user, though you did submit a Kaspersky scan of the Tony files which seemed to be clean.
To see if you can find that Content.IE5 folder try it this way;
Double Click My Computer
Double Click "C" drive.
Then open to the Documents and Settings Folder, then Catie folder, then Local Settings folder, then Temporary Internet Files, then Content.IE5.

Did you run the ATF-Cleaner?

To find or generate a report with AVG Anti-spy click Scan, Settings.
When the Settings Tab opens you will see something like what is showing on my attachment.
Reports is at the top of the second column.
You may also be able to see any reports generated of past scans by opening the program, and at the top you will see various buttons. Click on the Reports button as shown in my attachment.

**pcSOSpc** · 08-07-2007, 12:10 PM

Each user has their own account and has to sign in separately to access this PC. When trying to local the Content.IE5 folder via My Computer I get an "access denied" message when selecting the "Catie" folder. I did run the ATF-Cleaner in both normal and safe boot. Would you suggest I un-install then re-install my AVG AntiSpy?

**jholland1964** · 08-07-2007, 12:50 PM

Keep the AVG Anti-spy, Free version, it is an EXCELLENT program, highly recommended. Keep it manually updated and scan with it on a regular basis.
Since all users have their own password then it looks to me as if each separate account is going to have to be cleaned out to be certain the computer is cleaned.
Run a new Kaspersky scan, save the log and post it back here, we can see if progress has been made.
Judy

**pcSOSpc** · 08-12-2007, 12:54 PM

Sorry it's taken me so long to reply but I've been really tied up at work lately. I haven't got around to cleaning each individual user account yet, but plan to do so very soon. I ran the Kaspersky program and found a few infected files. Here are my K-scans and also an HTJ logfile to look at. Take your time...please! Your information is very valuable to me as well as your time. Thank you!

**jholland1964** · 08-12-2007, 03:46 PM

pcSOSpc,

I ask you again, Please clean out the temp files from this computer. Your Kaspersky logs are jammed packed with Temp files both Internet and others. These make the logs extremely difficult, if not impossible, to navigate or read. I am truly begging you, PLEASE boot to Safe Mode and clean up this computer.

Very often, so that I am assured that I don't miss something, I will print out posted Kaspersky logs to make them easier to read....NOT THESE!
If I wanted to print one of these FULL SYSTEM SCAN Kaspersky logs...it would require nearly 6 reams (500 pages per ream) of paper! They are 2496 pages long! This is using the smallest font size available and still readable without a magnifying glass.

I can say, without any doubt, that these are the longest Kaspersky logs I have EVER seen ANYWHERE.

Mainly because this computer has not been cleaned of unnecessary and temp files ever or at least in a very long time.

There are 58 Pages of Cookies Alone! on these Kaspersky logs. Have the cookies EVER been emptied?

C:\Documents and Settings\Catie\Local Settings\Temp\
has 11 pages listed;

C:\Documents and Settings\Catie\Local Settings\Temporary Internet Files\Content.IE5\ has 335 pages of temporary files listed.

I have NOT counted the number of pages containing RealPlayer temp files, AIM logs, pictures, music but the number of pages of these are also huge.

Honestly, I don't know how this computer is even running. You MUST clean it up in order to clean it up! Let's try using a couple programs first before trying it manually.

One thing to do is run the ATF-Cleaner program to get rid of some of these anyway.

Also download CCleaner

When you run the ATF-Cleaner please do it this way...this is a VERY QUICK running program...takes just a few minutes...HONEST.

Disconnect Completely from the Internet and Close ALL Browser Windows! Now, Please Boot to Safe Mode

Using the F8 Method
And you are going to have to log on the Administrator account here...are you the Administrator? That is the one that must be chosen when given that option. If the Administrator has a password then that will have to be entered. If there is no Administrator password then DON'T try to type one in there, just click Enter.

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

RUN ATF-Cleaner.exe.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK > EXIT
Now do it again, this time click the Firefox button at the top.
Again
-- Where it says Select Files To Delete, Check the Select All Option
You will get a box asking if you wish to keep your stored passwords in Firefox. You can say yes or ok, whatever the option is.
-- Click Empty Selected > OK > EXIT

Next, run CCleaner by double clicking the program on the desktop.
Just run the Default Settings which is the Cleaner Tab. This is what will show when you open the program. DON'T run any other options. Now I will say here, you possibly may lose any stored passwords in the Firefox program here, I cannot say for sure but at this point this is the least of your worries.

Now you also need to empty the following;
Quarantine files in the AOL Anti-spy program.

The Recovery files in Spybot Search & Destroy.

Navigate here and empty out the AIM folders designated in RED
There are 64 pages of these alone in the Kaspersky log!
C:\Documents and Settings\Catie\Application Data\Aim\szompksp\

Once you have completed ALL of the above then reboot the computer in NORMAL MODE.
Go back to the Kaspersky page and run ONE FULL SYSTEM scan...nothing else...no email scans, nothing else but the FULL SYSTEM scan. Save the log and post it here. I hope and pray that it will be much smaller.
Judy

P.S. Since 99% of these temp files seem to be in the Catie account if you cannot access as Catie then have Catie do this. Sit there and walk through it with her. But these temp files MUST go.

**pcSOSpc** · 08-14-2007, 04:22 AM

I'm so sorry about my logs! I really have no idea about this stuff and I didn't even notice how long they were. Ok here is what I did...

-Ran ATF-Cleaner AND CCleaner on all 4 user accounts AND the administrator account in Safe Mode. (I found quite a bit to be cleaned)

-I could not find ANY AOL or SpyBot programs or files on my hard drive yet you noted that I need to clean out AOL quarantined file in AOL Anti-Spy and SpyBot recover files. What do I do here?

-Some how I unlocked the "C:\Documents and Settings\Catie" folder but did not locate the "Local Settings" folder which halted me from locating the "C:\Documents and Settings\Catie\Local Settings\Temporary Internet Files\Content.IE5\" folder. Any idea why this is happening?

-Finally, I used the Kaspersky Online Scanner like you said but there isn't a "Full System Scan" option available. (Only Critical Areas, Memory, My Computer, My Email and specified files and folder scans.) I ran a Critical Areas scan as well as a My Computer scan and found a few issues. The My Computer Scan is VERY long. What should I do about all of these items Kaspersky shows? Do I need to go through them individually and erase them? I've attached them for you. Thanks again and sorry for your trouble.

**jholland1964** · 08-14-2007, 07:56 AM

You are right, it doesn't have Full System scan option, My Computer is the correct one.
Let me go through these and see what I can find. Hate to tell you though, THIS Kaspersky log is 100 pages longer than the first one!

It will take me awhile but I will get back asap.
One way to try to get into C:\Documents and Settings\Catie\Local Settings\Temporary Internet Files\Content.IE5\
is to do the following;
Go to C:\Documents and Settings\Catie and then go to Tools, Folder Options, View, and choose Show Hidden Files and Folder. See if that helps.
You also need to do the same with;
C:\Documents and Settings\Vinny.YOUR-AT5QGAAC3Z.000\Local Settings\Temporary Internet Files\Content.IE5\

C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\

See if you can get to the Local Settings\Temporary Internet Files\Content.IE5 with ALL user names on this computer by "unhiding" the files as explained above. All are jammed with temp files so you will have to enable the viewing of hidden files on all in order to get rid of them. Think one thing to make this log so much larger is another user showed up...Vinny.YOUR-AT5QGAAC3Z.000...that I don't think showed before.
Another thing you really need to get rid of are all the AIM logs, there are pages and pages of them. At least Tony and Catie have huge numbers of AIM logs. You don't need them, get rid of them.

There are also pages and pages of icons, images, mp3's. There are 3 infected objects shown on both logs, but the second one is so large I cannot find them with just a quick glance.
In the second some show in the quarantine files of AOL anti-vpy and Spybot recovery files so for the moment they are not a problem but these need to be emptied. As for the others I cannot find them. You really have to get rid of these unnecessary items in order to be able to get an accurate read of the log.

You might try an online Panda scan to see if this locates the same infected files. I believe Panda will clean them if you request, though I cannot be certain.

**jholland1964** · 08-14-2007, 03:47 PM

pcSOSpc,
I have spent the better part of this afternoon, several hours, trying to go through this second Kaspersky log. I am sorry I cannot do it anymore without this pc being rid of these temp folders, AIM logs, mp3's realplayer backups and a huge number of pictures. As I said in my post above each log you posted showed infected objects;
The first one showed one virus infecting two objects;
C:\WINDOWS\ast_4_mm.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.Wiser
C:\WINDOWS\ast_4_mm.exe WiseSFX: infected - 1

The second one says;
Number of viruses found: 3
Number of infected objects: 3
Number of suspicious objects: 2

but after going through that 2500+ page log for what seemed like forever I cannot see them. Obviously they are there but I have no way of finding them amongst the extraordinary number of unnecessary items on this computer. You MUST get this stuff off there because nobody would be willing to read a log jammed packed with junk like that is. This isn't good for the computer either to have this many temp files, aim logs, etc. Get all this stuff off of there and this computer should run like a top!

Here are the locations of those I COULD see;
Go to C:\WINDOWS\
Look for all instances of ast_4_mm.exe
When you find them, delete them.

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\
Empty the Quarantine folder

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\
Empty the Recovery folder

**jholland1964** · 08-16-2007, 03:38 PM

One more thing to try to help get rid of that junk. Download and run CleanupXP by our own Turcoloco.
This works best if done in SAFE MODE.
Run the standard cleanup and then Exit the program.

Thread: System 32 folder?!

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions