weird virus/trojans

[Atomsmasher544]

I ran the AVG virus scanner thing, and it found two trojans named:

Trojan horse Downloader.Istbar.3.BT
and
Trojan horse Downloader.Agent.2.F

It says it removed them, but I'm still getting these popups when I boot up my comp and open random applications. I looked through the msconfig and task manager and nothing looks suspicions, and I also looked through google and the mcafee virus lists, and I can't seem to figure out what needs to be done to get rid of this. Does anyone know what you need to do to get rid of this stuff?

Thanks in advance.

*edit*

heres my log file from Hijack-This:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\TIMFILE\Anime\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theforce.net/
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Hawk\Application Data\Mozilla\Profiles\default\6d1l176u.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Hawk\Application Data\Mozilla\Profiles\default\6d1l176u.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [uditusra] C:\WINDOWS\system32\uditusra.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdl...cabs/FPDC_1_0_0_44.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/downloa...uite/yautocomplete.cab

 

[mechBgon]

Try Schadenfroh's guide here.

 

[slicknick1986]

HKLM\..\Run: [uditusra] C:\WINDOWS\system32\uditusra.exe

Do a Windows file search for that .exe (uditusra.exe) and delete everything that comes up. Then do a registry search as well. Delete anything that comes up, with a little more discretion, of course

That should do it. That file is nothing but trouble, you can tell just by looking at it...

 

[Schadenfroh]

Hello Atomsmasher544,

Before you do anything
1. Make sure that you have extracted HiJackthis to a folder that is isolated before removing anything, for hijackthis makes backups within the folder it is in.
2. Reboot into safe mode
3. Close all browsers/windows explorer

fix the following in hijackthis(kill the process in process viewer, if its there)

• 
  [*]R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
  [*]N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Hawk\Application Data\Mozilla\Profiles\default\6d1l176u.slt\prefs.js)
  [*]N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Hawk\Application Data\Mozilla\Profiles\default\6d1l176u.slt\prefs.js)
  [*]O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
  [*]O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/downloa...uite/yautocomplete.cab
  
  

additional steps

• 
  1. Remove the following VIA instructions provided: TV Media
  2. Delete the following file: "C:\WINDOWS\system32\uditusra.exe"
  3. Delete the following folder: "C:\Program Files\TV Media\"
  4. Restart into normal windows

Notes

• 
  1. What is that java script running with the location in netscape there? you put it there? or is this something i need to look into? thnx

 

[Atomsmasher544]

Thanks for the help guys, it looks like the stuff is all gone.

As for the netscape java thing, I'm not sure what it is, your guess is would be better than mine.