Returning Adware

[IcyLady]

Hello everyone,

I am in desperate need of help! Last night, when I turned on my computer, it started acting very strange. Every 10-15 minutes an Avast Warning kept popping up, saying an Adware was detected. I moved each file to the chest, then ran the scan on Avast, Adware, Disc Cleanup, and CCleaner. Also, after browsing this forum, I scanned my computer with Ewido. The thing keeps coming back.. I'm a little lost at what to try next. I'm using WindowsXP and the 4.7 version of Avast.
Here's the log view for the last two days.

3/19/2007 6:42:15 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\system32\rlxf.dll" file. 
3/19/2007 6:42:32 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\system32\ActiveToolBand.dll" file. 
3/19/2007 6:43:57 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os15.tmp\DOMPilot.dll" file. 
3/19/2007 6:54:33 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os17.tmp\DOMPilot.dll" file. 
3/19/2007 7:13:52 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os1A.tmp\DOMPilot.dll" file. 
3/19/2007 7:24:48 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os1C.tmp\DOMPilot.dll" file. 
3/19/2007 7:37:45 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os1F.tmp\DOMPilot.dll" file. 
3/19/2007 7:48:26 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os21.tmp\DOMPilot.dll" file. 
3/19/2007 7:49:10 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os21.tmp\DOMPilot.dll" file. 
3/19/2007 7:59:40 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os23.tmp\DOMPilot.dll" file. 
3/19/2007 9:31:15 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os25.tmp\DOMPilot.dll" file. 
3/19/2007 9:42:09 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os27.tmp\DOMPilot.dll" file. 
3/19/2007 9:53:22 PM   Inna   3300   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\system32\ActiveToolBand.dll" file. 
3/19/2007 9:53:41 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os29.tmp\DOMPilot.dll" file. 
3/19/2007 9:55:47 PM   Inna   3300   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\system32\silc_dll.dll" file. 
3/19/2007 9:56:00 PM   Inna   3300   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\system32\trz2A.tmp" file. 
3/19/2007 10:05:58 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os34.tmp\DOMPilot.dll" file. 
3/19/2007 10:06:32 PM   Inna   3300   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Documents and Settings\Inna\Local Settings\Temp\~os34.tmp\DOMPilot.dll" file. 
3/19/2007 10:26:39 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os37.tmp\DOMPilot.dll" file. 
3/19/2007 10:37:22 PM   SYSTEM   1344   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os46.tmp\DOMPilot.dll" file. 
3/19/2007 10:40:20 PM   Inna   3300   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP166\A0069620.exe" file. 
3/19/2007 10:40:30 PM   Inna   3300   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP167\A0069667.dll" file. 
3/19/2007 10:40:34 PM   Inna   3300   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP167\A0069736.dll" file. 
3/19/2007 10:40:37 PM   Inna   3300   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP167\A0069737.dll" file. 
3/20/2007 7:35:26 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os7.tmp\DOMPilot.dll" file. 
3/20/2007 7:46:29 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~osA.tmp\DOMPilot.dll" file. 
3/20/2007 7:56:56 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~osC.tmp\DOMPilot.dll" file. 
3/20/2007 8:07:21 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~osE.tmp\DOMPilot.dll" file. 
3/20/2007 8:17:46 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os10.tmp\DOMPilot.dll" file. 
3/20/2007 8:28:14 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os13.tmp\DOMPilot.dll" file. 
3/20/2007 8:29:57 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Recycled\Dc1.dll" file. 
3/20/2007 8:40:18 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os15.tmp\DOMPilot.dll" file. 
3/20/2007 8:50:55 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os17.tmp\DOMPilot.dll" file. 
3/20/2007 9:12:53 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os2E.tmp\DOMPilot.dll" file. 
3/20/2007 9:23:30 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os30.tmp\DOMPilot.dll" file. 
3/20/2007 9:34:11 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os32.tmp\DOMPilot.dll" file. 
3/20/2007 9:44:41 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os36.tmp\DOMPilot.dll" file. 
3/20/2007 9:55:06 PM   SYSTEM   1364   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\Inna\LOCALS~1\Temp\~os38.tmp\DOMPilot.dll" file.

Looks really scary.
Any help would be appreciated. Thank you.

[Lisandro]

If a virus is replicant (coming and coming again), you should:

1) Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k.

2) Clean your temporary files. You can use the Windows Advanced Care features for that.

3) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4) It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.

5) Use the immunization of Windows Advanced Care features of spyware/adware cleaning and removal.

[FreewheelinFrank]

Hi IcyLady,

Follow the instructions here for the removal of MarketScore:

Uninstall the spyware
You should try this method first. It uses the hidden uninstall feature of the spyware.

Follow the instructions for your operating system.

    * Windows 95/98/Me
         1. Click Start > Run.
         2. Type the following and press the Enter key after typing each one:

            command
            "%WinDir%\SYSTEM\NSCheck.exe" /uninstall

    * Windows NT/2000/XP
         1. Click Start > Run.
         2. Type the following and press the Enter key after typing each one:

            cmd
            NSCheck /uninstall

http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-5317-99&tabid=3

Go to Start>Control Panel>Add/Remove Programs and uninstall any entries for the following:

HiTrust
ActiveToolBand

In addition, check ever entry in Add/Remove carefully: if it's not something you recognise, Google the name: if you see a report that it is adware or spyware, read about the risks and consider removing it.

Also run scans with the following:

a-Squared Free:

http://www.emsisoft.com/en/software/free/

Spybot Search & Destroy:

http://www.safer-networking.org/en/download/index.html

Come back and tell us if the situation improves!

[IcyLady]

Wow, it worked!

Thank you very much for your help, guys. I've tried everything of the above, but I think only Spybot was able to fix the problem. After I ran a Spybot boot scan, my computer has been running soooo fast. The warning hasn't popped up in about an hour and a half. I know it's not long, but considering it used to pop up every 15 minutes, it's much better now. I think it's all fixed now. Or at least I hope it is.
Thank you again,

~IcyLady.

[Lisandro]

Glad you've solved, IcyLady.
Welcome to avast forums and feel free to come back any time you need help.
Keep protected, keep safe

[cmcsandy]

I am having the same problems.  Did you pay for Spybot?  I thought it was free and then they were trying to sell PC Doctor or something.  Are there any free ones?

[FreewheelinFrank]

Spybot Search and Destroy is free for home use, as are all the programs mentioned in this thread: Ad-Aware, AVG Anti-Spyware, a-Squared, SpywareTerminator and SuperAntiSpyware.

SpywareDoctor from PC Tools is not free. It has a free trial but won't remove malware found.

http://www.pctools.com/

Make sure you are not looking at a scam page trying to sell knock-off programs with similar names that won't work or may even charge money for doing nothing.

The links in this thread are good: be careful when Googling because the scams can come up. Searching for 'Spybot' especially produces lots of scam links.

Here'e the link for Ad-Aware:

http://www.download.com/3000-2144-10045910.html

[Lisandro]

Besides Spybot and Ad-aware, I suggest that you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.

You can use the immunization of Windows Advanced Care features of spyware/adware cleaning and removal.

All these programs have free versions.