1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

issadon.dll - trojan - zlog

Discussion in 'Virus & Other Malware Removal' started by msms139, Jan 25, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. msms139

    msms139 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    29
    i have been experiencing the annoying popups on my task bar, please help me get rid of this, i have downloaded spybot, and avg, i also have bresnan security running, i cant shake this virus or whatever you want to call it. please help me.
    Logfile of HijackThis v1.99.1
    Scan saved at 4:41:23 PM, on 1/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bresnan\Bresnan Security Manager\app\Prism.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\QUICKENW\QWDLLS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    c:\program files\bresnan\bresnan security manager\app\CurtainsSysSvcNt.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\auserinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Bresnan\Bresnan Security Manager\app\AuthBHO.dll
    O3 - Toolbar: Bresnan Security Manager Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Bresnan\Bresnan Security Manager\app\AuthBHO.dll
    O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://sympatico.zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160321823609
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c4/v14.223/qboax8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
    O18 - Protocol: bw+0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\bresnan\bresnan security manager\app\CurtainsSysSvcNt.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi. Here is what to do first, this is just a scan to see if it is still there, we have to have a log...so>

    Please also do this:
    Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.



    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm[/
     
  3. msms139

    msms139 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    29
    ABBYY FineReader 5.0 Sprint
    Adobe Acrobat 5.0
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Reader 7.0.8
    aspi
    AVG Free Edition
    Bresnan OnLine
    Bresnan Security Manager
    CCHelp
    CCScore
    Conexant SmartHSFi V92 56K Speakerphone PCI Modem
    CR2
    DAO 3.5
    Dell AIO Printer A920
    Dell ResourceCD
    ESSAdpt
    ESSANUP
    ESSBrwr
    ESSCAM
    ESSCDBK
    ESScore
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSTUTOR
    ESSvpaht
    ESSvpot
    Family Tree Creator Deluxe
    Hijackthis 1.99.1
    HijackThis 1.99.1
    hp deskjet 5600
    hp deskjet 5600 series
    HP Memories Disc
    HP Photo and Imaging 2.0 - Deskjet Series
    hp print screen utility
    Intel(R) PRO Network Adapters and Drivers
    Internet Explorer Security Plugin 2006
    Internet Security Add-On
    J2SE Runtime Environment 5.0 Update 6
    Kodak EasyShare software
    KSU
    Logitech Desktop Messenger
    Logitech Print Service
    Logitech QuickCam Software
    Logitech® Camera Driver
    Macromedia Shockwave Player
    Microsoft Word 2000
    MSN Messenger 7.5
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    Mystery Case Files - Prime Suspects
    Notifier
    NVIDIA Windows 2000/XP Display Drivers
    OTtBP
    PCDLNCH
    PowerDVD
    Public Messenger ver 2.03
    Quicken Deluxe 2000
    QuickTime
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB929969)
    SFR
    SFR2
    Shockwave
    Skype 2.5
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    Spybot - Search & Destroy 1.4
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Viewpoint Media Player
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WordPerfect Office 11
     
  4. msms139

    msms139 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    29
    SmitFraudFix v2.135

    Scan done at 22:00:43.68, Thu 01/25/2007
    Run from C:\Documents and Settings\Mary Strassburg\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\alexaie.dll FOUND !
    C:\WINDOWS\alxie328.dll FOUND !
    C:\WINDOWS\alxtb1.dll FOUND !
    C:\WINDOWS\BTGrab.dll FOUND !
    C:\WINDOWS\dlmax.dll FOUND !
    C:\WINDOWS\Pynix.dll FOUND !
    C:\WINDOWS\susp.exe FOUND !
    C:\WINDOWS\ZServ.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\a.exe FOUND !
    C:\WINDOWS\system32\alxres.dll FOUND !
    C:\WINDOWS\system32\bridge.dll FOUND !
    C:\WINDOWS\system32\dailytoolbar.dll FOUND !
    C:\WINDOWS\system32\jao.dll FOUND !
    C:\WINDOWS\system32\lfd.dat FOUND !
    C:\WINDOWS\system32\nbbrhbd.dll FOUND !
    C:\WINDOWS\system32\oiso.bin FOUND !
    C:\WINDOWS\system32\questmod.dll FOUND !
    C:\WINDOWS\system32\runsrv32.dll FOUND !
    C:\WINDOWS\system32\txfdb32.dll FOUND !
    C:\WINDOWS\system32\udpmod.dll FOUND !
    C:\WINDOWS\system32\wstart.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mary Strassburg


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mary Strassburg\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARYST~1\FAVORI~1

    C:\DOCUME~1\MARYST~1\FAVORI~1\Online Security Test.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Uninstall these in Add/Remove Programs in your Control Panel.

    Internet Explorer Security Plugin 2006
    Internet Security Add-On

    Copy these steps to a Notepad text file and save it as steps.txt to your desktop, or print them, as you will not be able to get online while working in Safe Mode (and, please do
    not use Safe Mode with Networking for this fix!)


    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.

    Next: Start SpyBot Search and Destroy, update it, Immunize the systemand scan for problems.

    Fix the things it pre-checkmarks for you that are in red.

    Next:

    Download AVG Anti-Spyware from HERE and save that file to your desktop.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Note: If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
      Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.

      Scan with AVG Anti-Spyware as follows:
      1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
      • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
      • Under "How to Scan?" check all (default).
      • Under "Possibly unwanted software" check all (default).
      • Under "What to Scan?" make sure "Scan every file" is selected (default).
      • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
      2. Click the "Scan" tab to return to scanning options.
      3. Click "Complete System Scan" to start.
      4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

      IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

      5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
      6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
      (When the PC has been cleaned you can activate the shield again, if you wish.)
      Click the Shield icon at the top and under "Resident shield is..." - click active.
      This should now change to inactive.
    Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.

    1. _ _ _ _ _
    2. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
    3. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    4. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    5. AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    6. If you have any infections you will be prompted. Then select "Apply all actions."
    7. Next select the "Reports" icon at the top.
    8. Select the "Save report as" button in the lower left- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    9. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
    _ _ _ _
    HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report




    Post a new Hijackthis log please.
     
  6. msms139

    msms139 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    29
    i did the panda thing, there is no place to copy a report from, it does however say its infected with virus, spyware,hacking tools and rootkits.also am copying the reports from the other 2 you had me do.
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:54:04 PM 1/26/2007

    + Scan result:



    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP428\A0029628.vbs -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP428\A0029629.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP428\A0029630.vbs -> Trojan.Small : Cleaned with backup (quarantined).


    ::Report end
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 4:49:07 PM 1/26/2007

    + Scan result:



    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP427\A0028359.exe -> Adware.AntiVermins : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-261903793-682003330-1004\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-261903793-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-261903793-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP428\A0029592.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP320\A0011907.exe -> Adware.YazzleSudoku : Cleaned with backup (quarantined).
    C:\Old Drive\Program Files\Common Files\zzkk\zzkkd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP377\A0023379.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP377\A0023396.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP377\A0023426.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP424\A0027016.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP426\A0027169.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP427\A0028401.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP427\A0028400.exe -> Not-A-Virus.SpamTool.Win32.Small.v : Cleaned with backup (quarantined).
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Cookies\mary [email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Cookies\mary [email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Res99 : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Old Drive\Documents and Settings\MARY\Local Settings\Temporary Internet Files\Content.IE5\GKBH2R1P\teller2[1].htm -> Trojan.Small : Cleaned with backup (quarantined).
    C:\Old Drive\WINDOWS\U3RyYXNzYnVyZw\oalVsrhWsBpVtT.vbs -> Trojan.Small : Cleaned with backup (quarantined).
    C:\Old Drive\WINDOWS\system32\wapicc.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\Old Drive\WINDOWS\teller2.chk -> Trojan.Small : Cleaned with backup (quarantined).
    C:\Old Drive\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Cleaned with backup (quarantined).


    ::Report end
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I'm sorry if you had trouble with my directions-

    Did you run the second part of the SmitFraudFix, where you boot to Safe Mode, and run the command to Clean it ?

    I don't see the SmitFraud log you were asked to post?

    Did you run SpyBot Search and Destroy and did it find things?

    Then, you were asked to run AVG Antispyware, and I do see
    the two logs from that, OK! You had it set correctly to Quarantine items.


    I've tried to add some things here that will help you save the panda scan results.


    Scan with Panda-

    http://www.pandasoftware.com/products/activescan.htm

    You must finish the entire scan. Choose a time when you can let it complete. Scan the "entire computer", all hard drives.

    When the scan finishes, you will see a "View Report" button, hit that, look at the files it found....then, hit the "Save Report" button, you will see the file named activescan.txt,
    in the Save In location box, change it to the Desktop so you can find it easily. You should see the "Download Complete" bit, and the file activescan.txt on your Desktop.

    Then, find and open the activescan.txt file, and copy and paste the entire contents into an open Reply here.

    Post the SmitFraud part 2 log please.

    Also post a brand new Hijackthis scan.
     
  8. msms139

    msms139 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    29
    Incident Status Location

    Potentially unwanted tool:application/myglobalsearch Not disinfected c:\program files\MyGlobalSearch
    Adware:Adware/VideoActiveXObject Not disinfected C:\Documents and Settings\mary kay strassburg\Desktop\Video ActiveX Object\isaddon.dll
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mary Strassburg\Desktop\spywarevirus repair\SmitfraudFix\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mary Strassburg\Desktop\spywarevirus repair\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Old Drive\Documents and Settings\MARY\Cookies\[email protected][2].txt
    Spyware:Cookie/Deskwizz Not disinfected C:\Old Drive\Documents and Settings\MARY\Cookies\[email protected][1].txt
    Spyware:Cookie/Diglnk Not disinfected C:\Old Drive\Documents and Settings\MARY\Cookies\[email protected][1].txt
    Adware:Adware/PopupSearches Not disinfected C:\Old Drive\Documents and Settings\MARY\Local Settings\Temp\adwsetup_upd.exe[²èÇ]
    Adware:Adware/PopupSearches Not disinfected C:\Old Drive\Documents and Settings\MARY\Local Settings\Temporary Internet Files\Content.IE5\AGZUDK7K\adsetup_silent.1.42[1].exe[²èÇ]
    Adware:Adware/PopupSearches Not disinfected C:\Old Drive\Documents and Settings\MARY\Local Settings\Temporary Internet Files\Content.IE5\YRS5WVMP\adsetup_silent.1.42[1].exe[²èÇ]
    Spyware:Spyware/Apropos Not disinfected C:\Old Drive\Program Files\Hptget2\ace.dll
    Virus:Generic Trojan Not disinfected C:\Old Drive\WINDOWS\DHU.exe[DHTool.exe]
    Adware:Adware/Deskwizz Not disinfected C:\Old Drive\WINDOWS\system32\win.exe[DH.dll]
     
  9. msms139

    msms139 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    29
    SmitFraudFix v2.135

    Scan done at 9:42:44.56, Sat 01/27/2007
    Run from C:\Documents and Settings\Mary Strassburg\Desktop\spywarevirus repair\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  10. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Did you see and do this- was in a reply previously:

    ""Uninstall these in Add/Remove Programs in your Control Panel.

    Internet Explorer Security Plugin 2006
    Internet Security Add-On

    If you did, continue on, I was just asking to make sure.

    They are both related to the SmitFraud infection you still have.

    You have run the fix from a folder other than SmitFraud which should be alone, on your desktop, not in a folder called> C:\Documents and Settings\Mary Strassburg\Desktop\spywarevirus repair\SmitfraudFix\SmitfraudFix.

    I'd like to try this:

    Delete the SmitFraud folder from your spywarevirus repair folder, and also the SmitFraud.zip download you got before, we are going to get a new one.

    Download the new one, and this time, make sure the Save In location you change, to just "Desktop" not your other folder, please, or it will never run right!

    Please download a NEW SmitfraudFix (by S!Ri)


    Then on SmitFraud download, double click, select "Extract"> Desktop, and it will make the NEW folder called SmitFraud which should be on the desktop...

    • then, double click that to Open it, and from the files, double click smitfraudfix.cmd.
    • Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    • Please copy/paste the content of that report into your next reply.
      Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

    Please post the smitfraud log, and also a new Hijackthis log
     
  11. msms139

    msms139 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    29
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:57:48 AM 1/27/2007

    + Scan result:



    Nothing found.


    ::Report end
     
  12. msms139

    msms139 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    29
    SmitFraudFix v2.136

    Scan done at 11:09:22.09, Sat 01/27/2007
    Run from C:\Documents and Settings\Mary Strassburg\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mary Strassburg


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mary Strassburg\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARYST~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  13. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, OK, let's do the second part....

    The Panda online scan items showed it in your last scan so I am just making sure.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  14. msms139

    msms139 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    29
    no tool came up to check or repair wininet.dll is this a problem?


    SmitFraudFix v2.136

    Scan done at 12:02:05.04, Sat 01/27/2007
    Run from C:\Documents and Settings\Mary Strassburg\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  15. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I am not sure- this is a new build of SmitFraud tool- changes very often recently, almost every day, I have not seen any others with problems.

    Since it did not find anything I would assume it is OK.

    But> we do need another new Panda scan....that is what was finding items related to this, it does a good job locating this crap so we can clean the leftovers.

    I am posting directions for another online scan, Kaspersky, in case you might like to compare what it finds.

    HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Or this one: Kaspersky

    • Please go HERE and click Kaspersky Online Scanner
      Read and Accept the Agreement
      You will be promted to install an ActiveX component from Kaspersky, Click Yes.
      If you see a Windows dialog asking if you want to install this software, click the Install button.
      The program will launch and then begin downloading the latest definition files,
      When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
      Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
      Under "Please select a target to scan:", click My Computer to start the scan.
      When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
      Copy and Paste the contents of the on line scanner results into a Reply here in your thread, along with a new HJT log and log from any other scans you run.


    Regardless of which you use, please be sure to save the results to post! And, follow the directions very carefully as it is critical for success.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538378

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice