virus,spyware again...pls help =[

[Julie.]

sorry they are kinda out of order if im missing anything let me know

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\D-TOOLS\BAK

22/08/2004 06:05 PM 81,920 daemon.exe
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\DAEMON~1\BAK

12/11/2006 06:48 AM 157,592 daemon.exe
1 File(s) 157,592 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

24/09/2006 03:24 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

09/07/2001 12:50 PM 155,648 NeroCheck.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\BELL\SECURI~1\BAK

20/06/2006 03:30 PM 270,336 Rps.exe
1 File(s) 270,336 bytes

Directory of C:\PROGRA~1\LOGITECH\ITOUCH\BAK

07/04/2003 03:16 AM 631,364 iTouch.exe
1 File(s) 631,364 bytes

Directory of C:\PROGRA~1\LOGITECH\QUICKC~1\BAK

26/06/2006 11:34 AM 614,960 QuickCam10.exe
1 File(s) 614,960 bytes

Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK

03/09/2005 04:18 PM 94,208 NMBgMonitor.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\COMMON~1\LOGISHRD\LCOMMGR\BAK

08/02/2007 02:12 AM 488,984 Communications_Helper.exe
1 File(s) 488,984 bytes

Directory of C:\PROGRA~1\COMMON~1\LOGITECH\LCOMMGR\BAK

26/06/2006 10:46 AM 497,200 Communications_Helper.exe
26/06/2006 11:33 AM 243,248 LVComSX.exe
2 File(s) 740,448 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

05/03/2007 03:06 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

81920 Aug 22 2004 "C:\Program Files\D-Tools\bak\daemon.exe"
157592 Nov 12 2006 "C:\Program Files\DAEMON Tools\bak\daemon.exe"
81920 Aug 22 2004 "C:\Program Files\D-Tools\bak\daemon.exe"
157592 Nov 12 2006 "C:\Program Files\DAEMON Tools\bak\daemon.exe"
282624 Sep 24 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
270336 Jun 20 2006 "C:\Program Files\Bell\Security Manager\Rps.exe"
270336 Jun 20 2006 "C:\Program Files\Bell\Security Manager\bak\Rps.exe"
631364 Apr 7 2003 "C:\Program Files\Logitech\iTouch\iTouch.exe"
631364 Apr 7 2003 "C:\Program Files\Logitech\iTouch\bak\iTouch.exe"
774168 Feb 8 2007 "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe"
614960 Jun 26 2006 "C:\Program Files\Logitech\QuickCam10\bak\QuickCam10.exe"
94208 Sep 3 2005 "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
94208 Sep 3 2005 "C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe"
488984 Feb 8 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
497200 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe1173770234"
488984 Feb 8 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\bak\Communications_Helper.exe"
497200 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\bak\Communications_Helper.exe"
488984 Feb 8 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
497200 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe1173770234"
488984 Feb 8 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\bak\Communications_Helper.exe"
497200 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\bak\Communications_Helper.exe"
252704 Feb 6 2007 "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
243248 Jun 26 2006 "C:\Program Files\Common Files\Logitech\LComMgr\bak\LVComSX.exe"
171448 Mar 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
582216 Mar 19 2006 "G:\RECYCLER\S-1-5-21-1801674531-1715567821-839522115-1003\Dg54\GoogleToolbarInstaller.exe"


end of report

======================================

Logfile of HijackThis v1.99.1
Scan saved at 12:37:46 PM, on 06/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\fws.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Security Manager\FBHR.dll
O2 - BHO: (no name) - {e3980cb5-8d5f-418a-abf5-6b4fc4744cb9} - C:\WINDOWS\system32\commib.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
O4 - HKLM\..\Run: [Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.phreik.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: commib - C:\WINDOWS\SYSTEM32\commib.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Security Manager Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\fws.exe

==========================================
(from fxsasser)

C:\System Volume Information: (not scanned)
G:\System Volume Information: (not scanned)
W32.Sasser.Worm has not been found on your computer.

=============================================

a-squared Free - Version 2

Scan settings:

Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 05/04/2007 10:33:33 PM


Scanned

Files: 69667
Traces: 105325
Cookies: 35
Processes: 30

Found

Files: 0
Traces: 71
Cookies: 0
Processes: 0

Scan end: 05/04/2007 10:53:37 PM
Scan time: 12:20:04 AM