virus,spyware again...pls help =[
Page 1 of 2 12 LastLast
Results 1 to 15 of 25

Thread: virus,spyware again...pls help =[

  1. April 3rd, 2007, 11:52 PM #1
    Julie.'s Avatar
    Julie.
    Julie. is offline Virtual Med Student
    Join Date
    Nov 2006
    Posts
    62

    Unhappy virus,spyware again...pls help =[

    i have windows XP
    and im using sympatico security services (it came with my internet when i got connected)
    these are my virus and spyware logs as of right now.
    i keep doing scans but it doesnt fully get rid of it.
    i dont know if itll help or not but i dont know what else
    to show or do >.<
    ======================================

    Security Manager Anti-Virus
    03/04/2007 11:50:35 PM
    Filename Virus Action Date
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CZTJMMZX\CASX2F81.PHP W32/Trojan.ABBB Deleted 03/04/2007 4:35:05 PM
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LDB2V0A5\CAW96F8L.HTML W32/Trojan.ABBB Deleted 03/04/2007 5:08:42 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP47.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 5:08:42 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBB.TMP.EXE Failed to disinfect 03/04/2007 6:18:03 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBB.TMP.EXE Failed to disinfect 03/04/2007 6:18:13 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBD.TMP.EXE Failed to disinfect 03/04/2007 6:18:18 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBD.TMP.EXE Failed to disinfect 03/04/2007 6:18:22 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP38.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 7:26:26 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP3A.TMP.EXE Failed to disinfect 03/04/2007 7:30:24 PM
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C96BKLAR\CAJYK3BT.PHP W32/Trojan.ABBB Deleted 03/04/2007 10:11:58 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP7B.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 10:11:58 PM
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\45AF0LUJ\CAG5UT7O.PHP W32/Trojan.ABBB Deleted 03/04/2007 11:05:15 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP95.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 11:05:16 PM
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTP77IYD\LIENTNSTALLER15_02[1].PHP W32/Trojan.ABBB Deleted 03/04/2007 11:43:46 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPB6.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 11:43:46 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBC.TMP.EXE Failed to disinfect 03/04/2007 11:45:38 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPC3.TMP.EXE Failed to disinfect 03/04/2007 11:49:35 PM



    File generated by Security Manager Anti-Virus
    =================================

    Security Manager Anti-Spyware
    Spyware Report (03/04/2007 11:50:42 PM)
    Deleted Spyware Type Date deleted
    Serving-Sys Spyware cookie 03/04/2007 11:49:12 PM
    Darksma Registry 03/04/2007 11:45:12 PM
    Serving-Sys Spyware cookie 03/04/2007 11:43:12 PM
    DoubleClick Spyware cookie 03/04/2007 11:43:12 PM
    BS.Serving-Sys Spyware cookie 03/04/2007 11:43:12 PM
    AtlasDMT.com Spyware cookie 03/04/2007 11:43:12 PM
    Darksma Registry 03/04/2007 11:39:11 PM
    winantivirus.com Spyware cookie 03/04/2007 11:37:11 PM
    Darksma Registry 03/04/2007 11:33:10 PM
    Mediaplex.com Spyware cookie 03/04/2007 11:31:10 PM
    Darksma Registry 03/04/2007 11:27:10 PM
    Darksma Registry 03/04/2007 11:21:08 PM
    Darksma Registry 03/04/2007 11:15:08 PM
    TribalFusion.com Spyware cookie 03/04/2007 11:13:07 PM
    Stat.Onestat Spyware cookie 03/04/2007 11:13:07 PM
    HotLog.ru Spyware cookie 03/04/2007 11:13:07 PM
    Casalemedia Spyware cookie 03/04/2007 11:13:07 PM
    Darksma Registry 03/04/2007 11:09:07 PM
    DoubleClick Spyware cookie 03/04/2007 11:07:07 PM
    Darksma Registry 03/04/2007 11:03:06 PM
    Darksma Registry 03/04/2007 10:57:05 PM
    Darksma Registry 03/04/2007 10:51:05 PM
    Darksma Registry 03/04/2007 10:45:04 PM
    Darksma Registry 03/04/2007 10:39:03 PM
    Darksma Registry 03/04/2007 10:33:02 PM
    Darksma Registry 03/04/2007 10:27:01 PM
    Darksma Registry 03/04/2007 10:21:00 PM
    2o7.net Spyware cookie 03/04/2007 10:19:00 PM
    Darksma Registry 03/04/2007 10:14:58 PM
    Darksma Registry 03/04/2007 10:08:53 PM
    Mediaplex.com Spyware cookie 03/04/2007 10:06:53 PM
    DoubleClick Spyware cookie 03/04/2007 10:06:52 PM
    Ad.YieldManager.com Cookie Spyware cookie 03/04/2007 10:06:52 PM
    2o7.net Spyware cookie 03/04/2007 10:06:52 PM
    Darksma Registry 03/04/2007 10:02:48 PM
    live.com Spyware cookie 03/04/2007 10:00:31 PM
    AtlasDMT.com Spyware cookie 03/04/2007 10:00:30 PM
    Darksma Registry 03/04/2007 9:56:27 PM
    AtlasDMT.com Spyware cookie 03/04/2007 9:54:25 PM
    Darksma Registry 03/04/2007 9:50:25 PM
    Darksma Registry 03/04/2007 9:44:24 PM
    AtlasDMT.com Spyware cookie 03/04/2007 9:42:24 PM
    Darksma Registry 03/04/2007 9:38:24 PM
    Darksma Registry 03/04/2007 9:32:23 PM
    Darksma Registry 03/04/2007 9:26:22 PM
    Darksma Registry 03/04/2007 9:20:21 PM
    Darksma Registry 03/04/2007 9:14:21 PM
    AtlasDMT.com Spyware cookie 03/04/2007 9:12:20 PM
    Darksma Registry 03/04/2007 9:08:20 PM
    Darksma Registry 03/04/2007 9:02:19 PM
    Darksma Registry 03/04/2007 8:56:18 PM
    Darksma Registry 03/04/2007 8:50:10 PM
    Darksma Registry 03/04/2007 8:43:25 PM
    Darksma Registry 03/04/2007 8:39:18 PM
    Darksma Registry 03/04/2007 8:27:03 PM
    Darksma Registry 03/04/2007 8:21:02 PM
    winantivirus.com Spyware cookie 03/04/2007 8:19:02 PM
    Mediaplex.com Spyware cookie 03/04/2007 8:19:01 PM
    DoubleClick Spyware cookie 03/04/2007 8:19:01 PM
    Darksma Registry 03/04/2007 8:15:01 PM
    Darksma Registry 03/04/2007 8:09:00 PM
    DoubleClick Spyware cookie 03/04/2007 8:07:00 PM
    Darksma Registry 03/04/2007 8:03:00 PM
    Darksma Registry 03/04/2007 7:56:59 PM
    Darksma Registry 03/04/2007 7:50:58 PM
    DoubleClick Spyware cookie 03/04/2007 7:48:57 PM
    Darksma Registry 03/04/2007 7:44:57 PM
    DoubleClick Spyware cookie 03/04/2007 7:42:57 PM
    Darksma Registry 03/04/2007 7:38:54 PM
    Mediaplex.com Spyware cookie 03/04/2007 7:36:33 PM
    FastClick.com Spyware cookie 03/04/2007 7:36:33 PM
    DoubleClick Spyware cookie 03/04/2007 7:36:33 PM
    Darksma Registry 03/04/2007 7:32:28 PM
    FastClick.com Spyware cookie 03/04/2007 7:30:25 PM
    Darksma Registry 03/04/2007 7:26:25 PM
    Darksma Registry 03/04/2007 7:20:24 PM
    Mediaplex.com Spyware cookie 03/04/2007 7:18:24 PM
    Darksma Registry 03/04/2007 7:14:23 PM
    FastClick.com Spyware cookie 03/04/2007 7:12:23 PM
    Darksma Registry 03/04/2007 7:08:23 PM
    Darksma Registry 03/04/2007 7:02:21 PM
    Darksma Registry 03/04/2007 6:56:20 PM
    Trymedia Registry 03/04/2007 6:56:20 PM
    FastClick.com Spyware cookie 03/04/2007 6:54:20 PM
    Darksma Registry 03/04/2007 6:42:47 PM
    Darksma Registry 03/04/2007 6:36:46 PM
    Mediaplex.com Spyware cookie 03/04/2007 6:34:46 PM
    FastClick.com Spyware cookie 03/04/2007 6:34:46 PM
    Darksma Registry 03/04/2007 6:30:45 PM
    Darksma Registry 03/04/2007 6:24:44 PM
    FastClick.com Spyware cookie 03/04/2007 6:22:44 PM
    Darksma Registry 03/04/2007 6:18:43 PM
    Darksma Registry 03/04/2007 6:12:43 PM
    Zedo Spyware cookie 03/04/2007 6:10:42 PM
    DoubleClick Spyware cookie 03/04/2007 6:10:42 PM
    Darksma Registry 03/04/2007 6:06:42 PM
    FastClick.com Spyware cookie 03/04/2007 6:04:41 PM
    Darksma Registry 03/04/2007 6:00:41 PM
    Darksma Registry 03/04/2007 5:54:40 PM
    FastClick.com Spyware cookie 03/04/2007 5:52:40 PM
    DoubleClick Spyware cookie 03/04/2007 5:52:40 PM
    Darksma Registry 03/04/2007 5:48:39 PM
    Darksma Registry 03/04/2007 5:42:39 PM
    Darksma Registry 03/04/2007 5:36:38 PM
    Darksma Registry 03/04/2007 5:30:37 PM
    Darksma Registry 03/04/2007 5:24:37 PM
    Darksma Registry 03/04/2007 5:18:36 PM
    Darksma Registry 03/04/2007 5:12:35 PM
    FastClick.com Spyware cookie 03/04/2007 5:10:35 PM
    Darksma Registry 03/04/2007 5:06:34 PM
    FastClick.com Spyware cookie 03/04/2007 5:04:34 PM
    AtlasDMT.com Spyware cookie 03/04/2007 5:04:34 PM
    Darksma Registry 03/04/2007 5:00:33 PM
    Mediaplex.com Spyware cookie 03/04/2007 4:58:33 PM
    Darksma Registry 03/04/2007 4:54:33 PM
    Darksma Registry 03/04/2007 4:48:32 PM
    Darksma Registry 03/04/2007 4:42:31 PM
    AtlasDMT.com Spyware cookie 03/04/2007 4:40:31 PM
    Darksma Registry 03/04/2007 4:36:31 PM
    Darksma Registry 03/04/2007 4:30:30 PM
    Darksma Registry 03/04/2007 4:24:29 PM
    Mediaplex.com Spyware cookie 03/04/2007 4:22:29 PM
    Darksma Registry 03/04/2007 4:18:28 PM
    Darksma Registry 03/04/2007 4:12:28 PM
    Darksma Registry 03/04/2007 4:06:27 PM
    Zedo Spyware cookie 03/04/2007 4:04:27 PM
    TrafficMarketplace Spyware cookie 03/04/2007 4:04:26 PM
    Party Poker Spyware cookie 03/04/2007 4:04:26 PM
    FastClick.com Spyware cookie 03/04/2007 4:04:26 PM
    DoubleClick Spyware cookie 03/04/2007 4:04:26 PM
    Casalemedia Spyware cookie 03/04/2007 4:04:26 PM
    PointRoll.com Spyware cookie 03/04/2007 4:04:26 PM



    File generated by Security Manager Anti-Spyware
    Reply With Quote Reply With Quote
  2. April 4th, 2007, 10:56 AM #2
    fink's Avatar
    fink
    fink is offline Site Moderator
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    26,542
    first thing I'd suggest is to boot into safe mode and delete your temp internet files (tools>internet options) then do a full a/v scan in safe mode as well. Make a copy of the log file then reboot into normal mode and do another scan.

    If that second scan still shows any infections then have a look through this thread...

    http://discussions.virtualdr.com/sho...d.php?t=167915

    and do all of the things it suggests then copy the Hijackthis log into this thread and then we'll move it to the Hijack forum where one of our experts can have a look at it and advise further.

    Pls make sure that hijackthis is installed into it's own permanent folder.. eg- C:/program files/hijackthis

    I'd do a couple of the online a/v scans anyway even if your second scan show up normal just to be on the safe side.

    To get into safe mode tap the F8 key while booting.
    _____________________
    cat lovers click here
    Reply With Quote Reply With Quote
  3. April 4th, 2007, 04:37 PM #3
    Julie.'s Avatar
    Julie.
    Julie. is offline Virtual Med Student
    Join Date
    Nov 2006
    Posts
    62
    Results from an online scan @ eTrust Antivirus Web Scanner
    http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
    ======
    File Infection Status Path
    mlihef.dll Win32/Vundo.CI cannot cure C:\WINDOWS\
    tmpBD.tmp.dll Win32/Darksma.AC cannot cure C:\WINDOWS\system32\
    ======
    results from
    sympatico security manager virus scan::
    Security Manager Anti-Virus
    04/04/2007 4:18:12 PM
    Filename Virus Action Date
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CZTJMMZX\CASX2F81.PHP W32/Trojan.ABBB Deleted 03/04/2007 4:35:05 PM
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LDB2V0A5\CAW96F8L.HTML W32/Trojan.ABBB Deleted 03/04/2007 5:08:42 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP47.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 5:08:42 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBB.TMP.EXE Failed to disinfect 03/04/2007 6:18:03 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBB.TMP.EXE Failed to disinfect 03/04/2007 6:18:13 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBD.TMP.EXE Failed to disinfect 03/04/2007 6:18:18 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBD.TMP.EXE Failed to disinfect 03/04/2007 6:18:22 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP38.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 7:26:26 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP3A.TMP.EXE Failed to disinfect 03/04/2007 7:30:24 PM
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C96BKLAR\CAJYK3BT.PHP W32/Trojan.ABBB Deleted 03/04/2007 10:11:58 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP7B.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 10:11:58 PM
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\45AF0LUJ\CAG5UT7O.PHP W32/Trojan.ABBB Deleted 03/04/2007 11:05:15 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP95.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 11:05:16 PM
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTP77IYD\LIENTNSTALLER15_02[1].PHP W32/Trojan.ABBB Deleted 03/04/2007 11:43:46 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPB6.TMP.EXE W32/Trojan.ABBB Deleted 03/04/2007 11:43:46 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPBC.TMP.EXE Failed to disinfect 03/04/2007 11:45:38 PM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMPC3.TMP.EXE Failed to disinfect 03/04/2007 11:49:35 PM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{983E92FD-345A-4CE9-A2F7-A65FEA33D99F}\RP44\A0010442.EXE W32/Trojan.AAZN Deleted 04/04/2007 1:30:05 AM
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\45AF0LUJ\CAS5I341.PHP W32/Trojan.ABBB Deleted 04/04/2007 2:44:30 AM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP58.TMP.EXE W32/Trojan.ABBB Deleted 04/04/2007 2:44:30 AM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP67.TMP.EXE Failed to disinfect 04/04/2007 3:00:31 AM
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP68.TMP.EXE Failed to disinfect 04/04/2007 3:01:22 AM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{983E92FD-345A-4CE9-A2F7-A65FEA33D99F}\RP44\A0010446.EXE W32/Trojan.AAZN Deleted 04/04/2007 4:01:19 AM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{983E92FD-345A-4CE9-A2F7-A65FEA33D99F}\RP44\A0010447.EXE W32/Trojan.AAZN Deleted 04/04/2007 4:16:19 AM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{983E92FD-345A-4CE9-A2F7-A65FEA33D99F}\RP44\A0010448.EXE W32/Trojan.AAZN Deleted 04/04/2007 5:16:19 AM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{983E92FD-345A-4CE9-A2F7-A65FEA33D99F}\RP44\A0010449.EXE W32/Trojan.AAZN Deleted 04/04/2007 6:16:19 AM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{983E92FD-345A-4CE9-A2F7-A65FEA33D99F}\RP44\A0010450.EXE W32/Trojan.AAZN Deleted 04/04/2007 7:16:19 AM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{983E92FD-345A-4CE9-A2F7-A65FEA33D99F}\RP44\A0010451.EXE W32/Trojan.AAZN Deleted 04/04/2007 8:16:19 AM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{983E92FD-345A-4CE9-A2F7-A65FEA33D99F}\RP44\A0010452.EXE W32/Trojan.AAZN Deleted 04/04/2007 9:16:19 AM



    File generated by Security Manager Anti-Virus
    ==========
    results from sympatico security manager spyware scan::
    Security Manager Anti-Spyware
    Spyware Report (04/04/2007 4:34:30 PM)
    Scan Target Scanned Items Detected Spyware Items
    Local Disk (C 42386 0
    Common Locations 12942 0
    Cookies 34 0
    Registry 22044 1
    Memory 10 0
    Total 77416 1



    Spyware Type Item Action
    Darksma Registry hkey_local_machine \software\microsoft\dinf Delete



    File generated by Security Manager Anti-Spyware
    (thats just from the scan this next one is today's spyware report)
    Security Manager Anti-Spyware
    Spyware Report (04/04/2007 4:35:18 PM)
    Deleted Spyware Type Date deleted
    Darksma Registry 04/04/2007 4:34:28 PM
    Darksma Registry 04/04/2007 4:25:46 PM
    winantivirus.com Spyware cookie 04/04/2007 4:23:46 PM
    Serving-Sys Spyware cookie 04/04/2007 4:23:46 PM
    Mediaplex.com Spyware cookie 04/04/2007 4:23:46 PM
    DoubleClick Spyware cookie 04/04/2007 4:23:46 PM
    BS.Serving-Sys Spyware cookie 04/04/2007 4:23:46 PM
    Darksma Registry 04/04/2007 4:19:45 PM
    Darksma Registry 04/04/2007 4:13:44 PM
    Darksma Registry 04/04/2007 4:07:43 PM
    winantivirus.com Spyware cookie 04/04/2007 4:05:43 PM
    TribalFusion.com Spyware cookie 04/04/2007 4:05:43 PM
    Serving-Sys Spyware cookie 04/04/2007 4:05:43 PM
    quantserve.com Spyware cookie 04/04/2007 4:05:43 PM
    Mediaplex.com Spyware cookie 04/04/2007 4:05:43 PM
    live.com Spyware cookie 04/04/2007 4:05:43 PM
    HitBox.com Spyware cookie 04/04/2007 4:05:42 PM
    FastClick.com Spyware cookie 04/04/2007 4:05:42 PM
    HitBox.com Spyware cookie 04/04/2007 4:05:42 PM
    DoubleClick Spyware cookie 04/04/2007 4:05:42 PM
    BS.Serving-Sys Spyware cookie 04/04/2007 4:05:42 PM
    Bluestreak.com Spyware cookie 04/04/2007 4:05:42 PM
    AtlasDMT.com Spyware cookie 04/04/2007 4:05:42 PM
    Darksma Registry 04/04/2007 2:26:11 PM
    Darksma Registry 04/04/2007 1:56:28 PM
    Darksma Registry 04/04/2007 1:50:27 PM
    Darksma Registry 04/04/2007 1:44:27 PM
    Darksma Registry 04/04/2007 1:38:26 PM
    Darksma Registry 04/04/2007 1:32:25 PM
    Darksma Registry 04/04/2007 1:26:24 PM
    Darksma Registry 04/04/2007 1:20:24 PM
    Darksma Registry 04/04/2007 1:14:23 PM
    Darksma Registry 04/04/2007 1:08:22 PM
    Darksma Registry 04/04/2007 1:02:21 PM
    Darksma Registry 04/04/2007 12:56:20 PM
    Darksma Registry 04/04/2007 12:50:20 PM
    Darksma Registry 04/04/2007 12:44:19 PM
    Darksma Registry 04/04/2007 12:38:18 PM
    Darksma Registry 04/04/2007 12:32:17 PM
    Darksma Registry 04/04/2007 12:26:17 PM
    Darksma Registry 04/04/2007 12:20:16 PM
    Darksma Registry 04/04/2007 12:14:15 PM
    DoubleClick Spyware cookie 04/04/2007 12:12:15 PM
    Darksma Registry 04/04/2007 12:08:14 PM
    Darksma Registry 04/04/2007 12:02:13 PM
    Darksma Registry 04/04/2007 11:56:12 AM
    Darksma Registry 04/04/2007 11:50:11 AM
    Darksma Registry 04/04/2007 11:44:11 AM
    Darksma Registry 04/04/2007 11:42:07 AM
    Darksma Registry 04/04/2007 11:02:25 AM
    quantserve.com Spyware cookie 04/04/2007 11:00:24 AM
    Party Poker Spyware cookie 04/04/2007 11:00:24 AM
    FastClick.com Spyware cookie 04/04/2007 11:00:24 AM
    Darksma Registry 04/04/2007 10:56:24 AM
    DoubleClick Spyware cookie 04/04/2007 10:54:23 AM
    Darksma Registry 04/04/2007 10:50:23 AM
    Darksma Registry 04/04/2007 10:44:22 AM
    Darksma Registry 04/04/2007 10:38:21 AM
    Darksma Registry 04/04/2007 10:32:20 AM
    Sympatico.CA Spyware cookie 04/04/2007 10:30:20 AM
    Darksma Registry 04/04/2007 10:26:19 AM
    FastClick.com Spyware cookie 04/04/2007 10:24:19 AM
    AtlasDMT.com Spyware cookie 04/04/2007 10:24:19 AM
    Darksma Registry 04/04/2007 10:20:18 AM
    Advertising.com Spyware cookie 04/04/2007 10:18:18 AM
    Darksma Registry 04/04/2007 10:14:17 AM
    Darksma Registry 04/04/2007 10:08:17 AM
    Statcounter Spyware cookie 04/04/2007 10:06:16 AM
    RealMedia.com Spyware cookie 04/04/2007 10:06:16 AM
    Party Poker Spyware cookie 04/04/2007 10:06:16 AM
    Advertising.com Spyware cookie 04/04/2007 10:06:16 AM
    Darksma Registry 04/04/2007 10:02:16 AM
    quantserve.com Spyware cookie 04/04/2007 10:00:15 AM
    FastClick.com Spyware cookie 04/04/2007 10:00:15 AM
    Darksma Registry 04/04/2007 9:56:15 AM
    Darksma Registry 04/04/2007 9:50:14 AM
    Darksma Registry 04/04/2007 9:44:13 AM
    Darksma Registry 04/04/2007 9:38:12 AM
    Darksma Registry 04/04/2007 9:32:12 AM
    Darksma Registry 04/04/2007 9:26:11 AM
    Darksma Registry 04/04/2007 9:20:10 AM
    Darksma Registry 04/04/2007 9:14:09 AM
    Darksma Registry 04/04/2007 9:08:08 AM
    Darksma Registry 04/04/2007 9:02:08 AM
    Darksma Registry 04/04/2007 8:56:07 AM
    Darksma Registry 04/04/2007 8:50:06 AM
    Darksma Registry 04/04/2007 8:44:05 AM
    Darksma Registry 04/04/2007 8:38:05 AM
    Darksma Registry 04/04/2007 8:32:04 AM
    Darksma Registry 04/04/2007 8:26:03 AM
    Darksma Registry 04/04/2007 8:20:02 AM
    Darksma Registry 04/04/2007 8:14:02 AM
    Darksma Registry 04/04/2007 8:08:01 AM
    Darksma Registry 04/04/2007 8:02:00 AM
    Darksma Registry 04/04/2007 7:55:59 AM
    Darksma Registry 04/04/2007 7:49:59 AM
    Darksma Registry 04/04/2007 7:43:58 AM
    Darksma Registry 04/04/2007 7:37:57 AM
    Darksma Registry 04/04/2007 7:31:56 AM
    Darksma Registry 04/04/2007 7:25:55 AM
    Darksma Registry 04/04/2007 7:19:55 AM
    Darksma Registry 04/04/2007 7:13:54 AM
    Darksma Registry 04/04/2007 7:07:53 AM
    Darksma Registry 04/04/2007 7:01:52 AM
    Darksma Registry 04/04/2007 6:55:52 AM
    Darksma Registry 04/04/2007 6:49:51 AM
    Darksma Registry 04/04/2007 6:43:50 AM
    Darksma Registry 04/04/2007 6:37:49 AM
    Darksma Registry 04/04/2007 6:31:49 AM
    Darksma Registry 04/04/2007 6:25:48 AM
    Darksma Registry 04/04/2007 6:19:47 AM
    Darksma Registry 04/04/2007 6:13:46 AM
    Darksma Registry 04/04/2007 6:07:46 AM
    Darksma Registry 04/04/2007 6:01:45 AM
    Darksma Registry 04/04/2007 5:55:44 AM
    Darksma Registry 04/04/2007 5:49:43 AM
    Darksma Registry 04/04/2007 5:43:43 AM
    Darksma Registry 04/04/2007 5:37:42 AM
    Darksma Registry 04/04/2007 5:31:41 AM
    Darksma Registry 04/04/2007 5:25:40 AM
    Darksma Registry 04/04/2007 5:19:40 AM
    Darksma Registry 04/04/2007 5:13:39 AM
    Darksma Registry 04/04/2007 5:07:38 AM
    Darksma Registry 04/04/2007 5:01:37 AM
    Darksma Registry 04/04/2007 4:55:37 AM
    Darksma Registry 04/04/2007 4:49:36 AM
    Darksma Registry 04/04/2007 4:43:35 AM
    Darksma Registry 04/04/2007 4:37:34 AM
    Darksma Registry 04/04/2007 4:31:34 AM
    Darksma Registry 04/04/2007 4:25:33 AM
    Darksma Registry 04/04/2007 4:19:32 AM
    Darksma Registry 04/04/2007 4:13:31 AM
    Darksma Registry 04/04/2007 4:07:31 AM
    Darksma Registry 04/04/2007 4:01:29 AM
    Darksma Registry 04/04/2007 3:55:29 AM
    Ad.YieldManager.com Cookie Spyware cookie 04/04/2007 3:53:28 AM
    Darksma Registry 04/04/2007 3:49:28 AM
    Darksma Registry 04/04/2007 3:43:27 AM
    Darksma Registry 04/04/2007 3:37:26 AM
    lycos.com Spyware cookie 04/04/2007 3:35:26 AM
    live.com Spyware cookie 04/04/2007 3:35:26 AM
    FastClick.com Spyware cookie 04/04/2007 3:35:26 AM
    Bluestreak.com Spyware cookie 04/04/2007 3:35:26 AM
    AtlasDMT.com Spyware cookie 04/04/2007 3:35:25 AM
    adbrite.com Spyware cookie 04/04/2007 3:35:25 AM
    Darksma Registry 04/04/2007 3:31:25 AM
    FastClick.com Spyware cookie 04/04/2007 3:29:25 AM
    Darksma Registry 04/04/2007 3:25:24 AM
    Darksma Registry 04/04/2007 3:19:23 AM
    Darksma Registry 04/04/2007 3:13:23 AM
    Darksma Registry 04/04/2007 3:07:22 AM
    Darksma Registry 04/04/2007 3:01:21 AM
    Darksma Registry 04/04/2007 2:55:20 AM
    winantivirus.com Spyware cookie 04/04/2007 2:53:20 AM
    Darksma Registry 04/04/2007 2:49:19 AM
    Ad.YieldManager.com Cookie Spyware cookie 04/04/2007 2:47:19 AM
    Darksma Registry 04/04/2007 2:43:19 AM
    Darksma Registry 04/04/2007 2:37:18 AM
    Mediaplex.com Spyware cookie 04/04/2007 2:35:17 AM
    Darksma Registry 04/04/2007 2:31:17 AM
    Darksma Registry 04/04/2007 2:25:16 AM
    TribalFusion.com Spyware cookie 04/04/2007 2:23:16 AM
    revsci.net Spyware cookie 04/04/2007 2:23:16 AM
    FastClick.com Spyware cookie 04/04/2007 2:23:16 AM
    Com.com Spyware cookie 04/04/2007 2:23:16 AM
    AtlasDMT.com Spyware cookie 04/04/2007 2:23:16 AM
    Darksma Registry 04/04/2007 2:19:15 AM
    FastClick.com Spyware cookie 04/04/2007 2:17:15 AM
    DoubleClick Spyware cookie 04/04/2007 2:17:15 AM
    Darksma Registry 04/04/2007 2:13:14 AM
    Darksma Registry 04/04/2007 2:07:14 AM
    Darksma Registry 04/04/2007 2:01:13 AM
    Darksma Registry 04/04/2007 1:55:12 AM
    Darksma Registry 04/04/2007 1:49:12 AM
    Darksma Registry 04/04/2007 1:43:11 AM
    Darksma Registry 04/04/2007 1:37:10 AM
    Darksma Registry 04/04/2007 1:31:09 AM
    Darksma Registry 04/04/2007 1:25:08 AM
    Darksma Registry 04/04/2007 1:19:07 AM
    Darksma Registry 04/04/2007 1:13:05 AM
    modchipstore.com Spyware cookie 04/04/2007 1:11:03 AM
    Serving-Sys Spyware cookie 04/04/2007 1:11:03 AM
    FastClick.com Spyware cookie 04/04/2007 1:11:03 AM
    BS.Serving-Sys Spyware cookie 04/04/2007 1:11:03 AM
    AdServer.com Spyware cookie 04/04/2007 1:11:03 AM
    adrevolver.com Spyware cookie 04/04/2007 1:11:03 AM
    hbmediapro.com Spyware cookie 04/04/2007 1:11:03 AM
    adbrite.com Spyware cookie 04/04/2007 1:11:03 AM
    clickhype.com Spyware cookie 04/04/2007 1:11:03 AM
    Ad.YieldManager.com Cookie Spyware cookie 04/04/2007 1:11:03 AM
    Ares Process 04/04/2007 1:09:03 AM
    Ares Registry 04/04/2007 1:07:03 AM
    Ares Registry 04/04/2007 1:07:03 AM
    Darksma Registry 04/04/2007 1:07:02 AM
    Ares Registry 04/04/2007 1:07:02 AM
    Darksma Registry 04/04/2007 1:01:02 AM
    Darksma Registry 04/04/2007 12:55:01 AM
    Darksma Registry 04/04/2007 12:49:00 AM
    Darksma Registry 04/04/2007 12:42:59 AM
    Darksma Registry 04/04/2007 12:36:58 AM



    File generated by Security Manager Anti-Spyware
    ===============================
    and finally here is my HTJ log...
    Logfile of HijackThis v1.99.1
    Scan saved at 4:20:04 PM, on 04/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bell\Security Manager\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Bell\Security Manager\Rps.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Security Manager\FBHR.dll
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmpBD.tmp.dll
    O2 - BHO: (no name) - {e3980cb5-8d5f-418a-abf5-6b4fc4744cb9} - C:\WINDOWS\system32\commib.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\mlihef.dll",setvm
    O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
    O4 - HKLM\..\Run: [Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.phreik.com/controls/msnchat45.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: commib - C:\WINDOWS\SYSTEM32\commib.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Security Manager Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\fws.exe
    Reply With Quote Reply With Quote
  4. April 5th, 2007, 07:39 AM #4
    Julie.'s Avatar
    Julie.
    Julie. is offline Virtual Med Student
    Join Date
    Nov 2006
    Posts
    62
    is anyone going to look at this
    Reply With Quote Reply With Quote
  6. April 5th, 2007, 09:33 AM #5
    crunchie's Avatar
    crunchie
    crunchie is offline Single dad
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Download CCleaner and install, then run it.
    1. Uncheck "Cookies" under "Internet Explorer".
    2. Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
    3. Close when finished.


    =========

    Please download and install AVG antispyware tool
    • Close all other Applications Select language click Ok
    • Click I Agree
    • Click next
    • Click Install
    • Click Finish
    • Wait and AVG antispyware will open to the main screen automatically.
    • Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
    • This is very important to get updates
    • When updating has finished. Close AVG antispyware.
    If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
    • Next, please reboot your computer in Safe Mode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
    • Select the first option, to run Windows in Safe Mode hit enter.
    • For additional help in booting into Safe Mode, see the following site: HERE

      You MUST manage to get into Safe Mode for the fix to work.
    Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!
    • Run AVG antispyware.
    • Click on scanner at top of AVG antispyware sceen.
    • Click on Settings.
    • Under How to Act click on Recommended Action and choose Quarantine.
    • Under How to scan all boxes should be selected.
    • Under Possibly unwanted software all boxes should be selected.
    • On right side under Reports: click on Automatically generate report after every scan.
    • Under What to scan select scan every file.
    • Click On scan Tab.
    • Click on Complete system scan.
    • Let the program scan the machine It can take awhile give it time.
    • When scan has finished at bottom of screen click Apply all Actions.
    • Click Save report
    • Click Save Report as (Save as window's screen should pop up.)
    • Click desktop.
    • Click Save.
    • Exit AVG antispyware.
    Reboot back to normal mode.


    Post the log here.

    =============

    Please download VundoFix.exe
    to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HijackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above
    instructions starting from "Click the Scan for Vundo button." when
    VundoFix appears at reboot.
    Reply With Quote Reply With Quote
  7. April 5th, 2007, 04:14 PM #6
    Julie.'s Avatar
    Julie.
    Julie. is offline Virtual Med Student
    Join Date
    Nov 2006
    Posts
    62
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 3:43:00 PM 05/04/2007

    + Scan result:



    C:\System Volume Information\_restore{983E92FD-345A-4CE9-A2F7-A65FEA33D99F}\RP29\A0007713.dll -> Adware.SpywareStorm : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
    ==================

    VundoFix V6.3.19

    Checking Java version...

    Sun Java not detected
    Scan started at 1:38:01 PM 05/04/2007

    Listing files found while scanning....

    No infected files were found.


    VundoFix V6.3.19

    Checking Java version...

    Sun Java not detected
    Scan started at 3:43:24 PM 05/04/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\tmpBD.tmp.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\tmpBD.tmp.dll
    C:\WINDOWS\system32\tmpBD.tmp.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    ====================

    Logfile of HijackThis v1.99.1
    Scan saved at 3:59:24 PM, on 05/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bell\Security Manager\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
    C:\Program Files\Bell\Security Manager\Rps.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    F:\setup.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Security Manager\FBHR.dll
    O2 - BHO: (no name) - {e3980cb5-8d5f-418a-abf5-6b4fc4744cb9} - C:\WINDOWS\system32\commib.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\mlihef.dll",setvm
    O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
    O4 - HKLM\..\Run: [Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.phreik.com/controls/msnchat45.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: commib - C:\WINDOWS\SYSTEM32\commib.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Security Manager Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\fws.exe
    how does everything look?
    Reply With Quote Reply With Quote
  8. April 5th, 2007, 05:06 PM #7
    Julie.'s Avatar
    Julie.
    Julie. is offline Virtual Med Student
    Join Date
    Nov 2006
    Posts
    62
    i just got this pop up from my security software its like
    the 4th time ive gotten it also i did a scan as it suggested
    and the results were
    Scan is finished
    no infected files were found


    A virus has been found

    virus name:
    W32/Trojan.ABBB

    Infected File:
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TE...\CARYGJFT.PHP

    Details:
    The infected file has been deleted. Run the virus scan to verify that other files on your system are not infected.
    ===========================================
    A virus has been found

    virus name:
    W32/Trojan.ABBB

    Infected file:
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP1B.TMP.EXE

    Details:
    The infected file has been deleted. Run the virus scan to verify that other files on your system are not infected.
    =========================================
    A virus has been found

    virus name
    Unknown

    infected file
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP1E.TMP.EXE

    details:
    The Anti-Virus was unable to delete the file. It will be deleted after the next reboot. Run the virus scan to verify that other files on your system are not infected.
    ===========================================
    A virus has been found

    virus name:
    W32/Trojan.ABBB

    Infected file:
    C:\DOCUMENTS AND SETTINGS\SCOTT\LOCAL SETTINGS\TE...\CAEZOPC5.PHP

    Details:
    The infected file has been deleted. Run the virus scan to verify that other files on your system are not infected.
    ============================================
    A virus has been found

    virus name:
    W32/Trojan.ABBB

    Infected file:
    C:\DOCUME~1\SCOTT\LOCALS~1\TEMP\TMP21.TMP.EXE

    Details:
    The infected file has been deleted. Run the virus scan to verify that other files on your system are not infected.
    Reply With Quote Reply With Quote
  9. April 5th, 2007, 08:44 PM #8
    crunchie's Avatar
    crunchie
    crunchie is offline Single dad
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Can you please do the following.


    ===============

    Download the Sasser removal tool from Symantec and follow the removal instructions on that page.

    ===============

    Also run this online trojan scanner

    TrojanScan

    ===============

    Scan with HijackThis and then place a check next to all the following, if present:


    O2 - BHO: (no name) - {e3980cb5-8d5f-418a-abf5-6b4fc4744cb9} - C:\WINDOWS\system32\commib.dll

    O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe

    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: commib - C:\WINDOWS\SYSTEM32\commib.dll


    Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

    ===============

    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop


    2. Copy all the text (including the 'Files to delete') contained in the code box below to your clipboard by highlighting it and pressing Ctrl+C:

    Files to delete:
    C:\WINDOWS\system32\commib.dll
    C:\WINDOWS\system32\lsasss.exe

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

    =============

    Download the tool below:

    http://noahdfear.geekstogo.com/FindAWF.exe

    Save the file to your desktop and double click it to start it.

    It will scan files on your C: drive and then when finished it will produce a log called awf.txt. Please post that log in your next reply.
    Reply With Quote Reply With Quote
  11. April 6th, 2007, 12:41 PM #9
    Julie.'s Avatar
    Julie.
    Julie. is offline Virtual Med Student
    Join Date
    Nov 2006
    Posts
    62
    sorry they are kinda out of order if im missing anything let me know

    Find AWF report by noahdfear ©2006


    bak folders found
    ~~~~~~~~~~~


    Directory of C:\PROGRA~1\D-TOOLS\BAK

    22/08/2004 06:05 PM 81,920 daemon.exe
    1 File(s) 81,920 bytes

    Directory of C:\PROGRA~1\DAEMON~1\BAK

    12/11/2006 06:48 AM 157,592 daemon.exe
    1 File(s) 157,592 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK

    24/09/2006 03:24 AM 282,624 qttask.exe
    1 File(s) 282,624 bytes

    Directory of C:\WINDOWS\SYSTEM32\BAK

    09/07/2001 12:50 PM 155,648 NeroCheck.exe
    1 File(s) 155,648 bytes

    Directory of C:\PROGRA~1\BELL\SECURI~1\BAK

    20/06/2006 03:30 PM 270,336 Rps.exe
    1 File(s) 270,336 bytes

    Directory of C:\PROGRA~1\LOGITECH\ITOUCH\BAK

    07/04/2003 03:16 AM 631,364 iTouch.exe
    1 File(s) 631,364 bytes

    Directory of C:\PROGRA~1\LOGITECH\QUICKC~1\BAK

    26/06/2006 11:34 AM 614,960 QuickCam10.exe
    1 File(s) 614,960 bytes

    Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK

    03/09/2005 04:18 PM 94,208 NMBgMonitor.exe
    1 File(s) 94,208 bytes

    Directory of C:\PROGRA~1\COMMON~1\LOGISHRD\LCOMMGR\BAK

    08/02/2007 02:12 AM 488,984 Communications_Helper.exe
    1 File(s) 488,984 bytes

    Directory of C:\PROGRA~1\COMMON~1\LOGITECH\LCOMMGR\BAK

    26/06/2006 10:46 AM 497,200 Communications_Helper.exe
    26/06/2006 11:33 AM 243,248 LVComSX.exe
    2 File(s) 740,448 bytes

    Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

    05/03/2007 03:06 PM 171,448 GoogleToolbarNotifier.exe
    1 File(s) 171,448 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    81920 Aug 22 2004 "C:\Program Files\D-Tools\bak\daemon.exe"
    157592 Nov 12 2006 "C:\Program Files\DAEMON Tools\bak\daemon.exe"
    81920 Aug 22 2004 "C:\Program Files\D-Tools\bak\daemon.exe"
    157592 Nov 12 2006 "C:\Program Files\DAEMON Tools\bak\daemon.exe"
    282624 Sep 24 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
    155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
    270336 Jun 20 2006 "C:\Program Files\Bell\Security Manager\Rps.exe"
    270336 Jun 20 2006 "C:\Program Files\Bell\Security Manager\bak\Rps.exe"
    631364 Apr 7 2003 "C:\Program Files\Logitech\iTouch\iTouch.exe"
    631364 Apr 7 2003 "C:\Program Files\Logitech\iTouch\bak\iTouch.exe"
    774168 Feb 8 2007 "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe"
    614960 Jun 26 2006 "C:\Program Files\Logitech\QuickCam10\bak\QuickCam10.exe"
    94208 Sep 3 2005 "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    94208 Sep 3 2005 "C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe"
    488984 Feb 8 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    497200 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe1173770234"
    488984 Feb 8 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\bak\Communications_Helper.exe"
    497200 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\bak\Communications_Helper.exe"
    488984 Feb 8 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    497200 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe1173770234"
    488984 Feb 8 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\bak\Communications_Helper.exe"
    497200 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\bak\Communications_Helper.exe"
    252704 Feb 6 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
    243248 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\bak\LVComSX.exe"
    171448 Mar 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
    582216 Mar 19 2006 "G:\RECYCLER\S-1-5-21-1801674531-1715567821-839522115-1003\Dg54\GoogleToolbarInstaller.exe"


    end of report
    ======================================

    Logfile of HijackThis v1.99.1
    Scan saved at 12:37:46 PM, on 06/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bell\Security Manager\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
    C:\Program Files\Bell\Security Manager\Rps.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Security Manager\FBHR.dll
    O2 - BHO: (no name) - {e3980cb5-8d5f-418a-abf5-6b4fc4744cb9} - C:\WINDOWS\system32\commib.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
    O4 - HKLM\..\Run: [Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.phreik.com/controls/msnchat45.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: commib - C:\WINDOWS\SYSTEM32\commib.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Security Manager Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\fws.exe
    ==========================================
    (from fxsasser)

    C:\System Volume Information: (not scanned)
    G:\System Volume Information: (not scanned)
    W32.Sasser.Worm has not been found on your computer.
    =============================================

    a-squared Free - Version 2

    Scan settings:

    Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
    Scan archives: On
    Heuristics: Off
    ADS Scan: On

    Scan start: 05/04/2007 10:33:33 PM


    Scanned

    Files: 69667
    Traces: 105325
    Cookies: 35
    Processes: 30

    Found

    Files: 0
    Traces: 71
    Cookies: 0
    Processes: 0

    Scan end: 05/04/2007 10:53:37 PM
    Scan time: 12:20:04 AM
    Reply With Quote Reply With Quote
  12. April 6th, 2007, 10:04 PM #10
    crunchie's Avatar
    crunchie
    crunchie is offline Single dad
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Download ATF Cleaner by Atribune and save it to your Desktop.

    http://www.atribune.org/ccount/click.php?id=1

    Do not do anything with it yet.

    This file is intended for this user only!

    Copy the following text inside code box to a new notepad file
    Make sure "wordwrap" is off
    Save as file name fix.bat
    As file types: All files
    Save it to your desktop. Do not do anything with it yet.


    Code:
    @ECHO OFF
move /y C:\Program Files\D-Tools\bak\daemon.exe C:\Program Files\D-Tools\daemon.exe
move /y "C:\Program Files\DAEMON Tools\bak\daemon.exe" "C:\Program Files\DAEMON Tools\daemon.exe"
move /y "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime\qttask.exe"
move /y "C:\WINDOWS\system32\bak\NeroCheck.exe" "C:\WINDOWS\system32\NeroCheck.exe"
move /y "C:\Program Files\Bell\Security Manager\bak\Rps.exe" "C:\Program Files\Bell\Security Manager\Rps.exe"
move /y "C:\Program Files\Logitech\iTouch\bak\iTouch.exe" "C:\Program Files\Logitech\iTouch\iTouch.exe"
move /y "C:\Program Files\Logitech\QuickCam10\bak\QuickCam10.exe" "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe"
move /y "C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe" "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
move /y "C:\Program Files\Common Files\LogiShrd\LComMgr\bak\Communications_Helper.exe" "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
move /y "C:\Program Files\Common Files\Logitech\LComMgr\bak\LVComSX.exe" "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
move /y "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe" "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
    Download: ResetProtocolDefaults.reg to your desktop.
    http://www.mvps.org/winhelp2002/Rese...olDefaults.reg

    Do not do anything with it yet.

    Download http://www.mvps.org/winhelp2002/DelDomains.inf and place it on desktop

    Do not do anything with it yet.

    Boot to SAFE mode:[*]Restart your computer[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;[*]Instead of Windows loading as normal, the Advanced Options Menu should appear;[*]Select the first option, to run Windows in Safe Mode, then press Enter.[*]Choose your usual account.

    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want to remove the lot, check "Select All".
    Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

    If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

    Locate DelDomains.inf, right click it and choose install
    You will see nothing happening cept the curser might go to hourglass a sec.
    This will delete any bad trusted domains.


    Locate ResetProtocolDefaults.reg
    Right click it, select merge, OK the prompt.
    This will reset default security zones for IE.

    Locate Fix.bat you created earlier and double click it.
    A "dos" box will flash up quick and dissapear.
    This is normal.

    Reboot back to normal mode and post both a new hijackthis log and a FindAWF log.
    Reply With Quote Reply With Quote
  13. April 7th, 2007, 01:30 AM #11
    Julie.'s Avatar
    Julie.
    Julie. is offline Virtual Med Student
    Join Date
    Nov 2006
    Posts
    62
    Download: ResetProtocolDefaults.reg to your desktop.
    http://www.mvps.org/winhelp2002/Rese...olDefaults.reg
    i havnt done anything yet because this link is a dead link
    i will wait until its fixed and you give the ok before i start all that
    Reply With Quote Reply With Quote
  14. April 7th, 2007, 08:31 AM #12
    Tufenuf
    Tufenuf is offline Virtual PC Specialist!!!
    Join Date
    Dec 2000
    Location
    Springfield, OR
    Posts
    2,950
    Quote Originally Posted by Julie.
    i havnt done anything yet because this link is a dead link
    i will wait until its fixed and you give the ok before i start all that
    Julie, If you go to the link below and scroll down to Post #6 in the thread and under 2 the 2. link will get you that reg file as it's live. Don't do anything with it yet until crunchie tells you.

    Download: ResetProtocolDefaults.reg to your desktop.

    http://forums.pcpitstop.com/index.php?showtopic=132718

    Tufenuf
    Reply With Quote Reply With Quote
  15. April 7th, 2007, 01:27 PM #13
    Julie.'s Avatar
    Julie.
    Julie. is offline Virtual Med Student
    Join Date
    Nov 2006
    Posts
    62
    sorry im not sure what that link was for
    i didnt see anything for download?
    ill wait for crunchie
    Reply With Quote Reply With Quote
  16. April 7th, 2007, 01:39 PM #14
    Tufenuf
    Tufenuf is offline Virtual PC Specialist!!!
    Join Date
    Dec 2000
    Location
    Springfield, OR
    Posts
    2,950
    Julie, If you go to that link and scroll down to post #6 you'll see this in that post about half way down:

    2. Download these files to your Desktop. Right-click and select Save Links As (in Firefox) or Save Target As (in IE) to download them.

    The 2nd (2.) link will get you that download.

    Tufenuf
    Reply With Quote Reply With Quote
  17. April 7th, 2007, 04:27 PM #15
    Julie.'s Avatar
    Julie.
    Julie. is offline Virtual Med Student
    Join Date
    Nov 2006
    Posts
    62
    this is from the "deldomains" thing it came up after it was
    done i dont know if you needed to see it or not but here it is:
    ; DelDomains.inf © 11-28-04 | Revised 01-15-06
    ; Created by: Mike Burgess Microsoft MVP
    ; http://mvps.org/winhelp2002/
    ;
    ; Warning: Deletes all entries in the Restricted & Trusted Zone list
    ; http://mvps.org/winhelp2002/restricted.htm
    ;
    ; Revised to include the EscDomains key
    ;
    ; To execute this file: in Explorer - right-click (this file)
    ; Select Install from the Menu.
    ; Note: you will not see any onscreen action.

    [version]
    signature="$CHICAGO$"

    [DefaultInstall]
    DelReg=DelTemps
    AddReg=AddTemps

    [DelTemps]
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

    ; Recreate the keys to avoid a restart

    [AddTemps]
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"
    =================================
    fresh hjt log:
    Logfile of HijackThis v1.99.1
    Scan saved at 4:22:28 PM, on 07/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bell\Security Manager\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
    C:\Program Files\Bell\Security Manager\Rps.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Ares\Ares.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Security Manager\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {e3980cb5-8d5f-418a-abf5-6b4fc4744cb9} - C:\WINDOWS\system32\commib.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
    O4 - HKLM\..\Run: [Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.phreik.com/controls/msnchat45.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: commib - C:\WINDOWS\SYSTEM32\commib.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Security Manager Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\fws.exe
    ==============================
    find awf log
    Find AWF report by noahdfear ©2006


    bak folders found
    ~~~~~~~~~~~



    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~



    end of report
    ========================

    and just so you know im still getting virus pop ups etc.. from my anti virus program.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules