issadon.dll - trojan - zlog

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

msms139

Thread Starter
Joined
Jan 25, 2007
Messages
29
i have been experiencing the annoying popups on my task bar, please help me get rid of this, i have downloaded spybot, and avg, i also have bresnan security running, i cant shake this virus or whatever you want to call it. please help me.
Logfile of HijackThis v1.99.1
Scan saved at 4:41:23 PM, on 1/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bresnan\Bresnan Security Manager\app\Prism.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\bresnan\bresnan security manager\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\auserinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Bresnan\Bresnan Security Manager\app\AuthBHO.dll
O3 - Toolbar: Bresnan Security Manager Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Bresnan\Bresnan Security Manager\app\AuthBHO.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrabblecubes/scrabblecubes.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://sympatico.zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160321823609
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c4/v14.223/qboax8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: bw+0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {85C0B21E-ACA9-4F01-821F-04A76AF4A8AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\bresnan\bresnan security manager\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi. Here is what to do first, this is just a scan to see if it is still there, we have to have a log...so>

Please also do this:
Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.



Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm[/
 

msms139

Thread Starter
Joined
Jan 25, 2007
Messages
29
ABBYY FineReader 5.0 Sprint
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
aspi
AVG Free Edition
Bresnan OnLine
Bresnan Security Manager
CCHelp
CCScore
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
CR2
DAO 3.5
Dell AIO Printer A920
Dell ResourceCD
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
Family Tree Creator Deluxe
Hijackthis 1.99.1
HijackThis 1.99.1
hp deskjet 5600
hp deskjet 5600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Intel(R) PRO Network Adapters and Drivers
Internet Explorer Security Plugin 2006
Internet Security Add-On
J2SE Runtime Environment 5.0 Update 6
Kodak EasyShare software
KSU
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
Microsoft Word 2000
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Mystery Case Files - Prime Suspects
Notifier
NVIDIA Windows 2000/XP Display Drivers
OTtBP
PCDLNCH
PowerDVD
Public Messenger ver 2.03
Quicken Deluxe 2000
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
SFR
SFR2
Shockwave
Skype 2.5
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy 1.4
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WordPerfect Office 11
 

msms139

Thread Starter
Joined
Jan 25, 2007
Messages
29
SmitFraudFix v2.135

Scan done at 22:00:43.68, Thu 01/25/2007
Run from C:\Documents and Settings\Mary Strassburg\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\alexaie.dll FOUND !
C:\WINDOWS\alxie328.dll FOUND !
C:\WINDOWS\alxtb1.dll FOUND !
C:\WINDOWS\BTGrab.dll FOUND !
C:\WINDOWS\dlmax.dll FOUND !
C:\WINDOWS\Pynix.dll FOUND !
C:\WINDOWS\susp.exe FOUND !
C:\WINDOWS\ZServ.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\a.exe FOUND !
C:\WINDOWS\system32\alxres.dll FOUND !
C:\WINDOWS\system32\bridge.dll FOUND !
C:\WINDOWS\system32\dailytoolbar.dll FOUND !
C:\WINDOWS\system32\jao.dll FOUND !
C:\WINDOWS\system32\lfd.dat FOUND !
C:\WINDOWS\system32\nbbrhbd.dll FOUND !
C:\WINDOWS\system32\oiso.bin FOUND !
C:\WINDOWS\system32\questmod.dll FOUND !
C:\WINDOWS\system32\runsrv32.dll FOUND !
C:\WINDOWS\system32\txfdb32.dll FOUND !
C:\WINDOWS\system32\udpmod.dll FOUND !
C:\WINDOWS\system32\wstart.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mary Strassburg


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mary Strassburg\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARYST~1\FAVORI~1

C:\DOCUME~1\MARYST~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Uninstall these in Add/Remove Programs in your Control Panel.

Internet Explorer Security Plugin 2006
Internet Security Add-On

Copy these steps to a Notepad text file and save it as steps.txt to your desktop, or print them, as you will not be able to get online while working in Safe Mode (and, please do
not use Safe Mode with Networking for this fix!)


Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.

Next: Start SpyBot Search and Destroy, update it, Immunize the systemand scan for problems.

Fix the things it pre-checkmarks for you that are in red.

Next:

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Note: If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.

    Scan with AVG Anti-Spyware as follows:
    1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan?" check all (default).
    • Under "Possibly unwanted software" check all (default).
    • Under "What to Scan?" make sure "Scan every file" is selected (default).
    • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
    2. Click the "Scan" tab to return to scanning options.
    3. Click "Complete System Scan" to start.
    4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

    IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

    5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
    (When the PC has been cleaned you can activate the shield again, if you wish.)
    Click the Shield icon at the top and under "Resident shield is..." - click active.
    This should now change to inactive.
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.

  1. _ _ _ _ _
  2. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  3. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  4. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  5. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  6. If you have any infections you will be prompted. Then select "Apply all actions."
  7. Next select the "Reports" icon at the top.
  8. Select the "Save report as" button in the lower left- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  9. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
_ _ _ _
HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report




Post a new Hijackthis log please.
 

msms139

Thread Starter
Joined
Jan 25, 2007
Messages
29
i did the panda thing, there is no place to copy a report from, it does however say its infected with virus, spyware,hacking tools and rootkits.also am copying the reports from the other 2 you had me do.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:54:04 PM 1/26/2007

+ Scan result:



C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP428\A0029628.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP428\A0029629.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP428\A0029630.vbs -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:49:07 PM 1/26/2007

+ Scan result:



C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP427\A0028359.exe -> Adware.AntiVermins : Cleaned with backup (quarantined).
HKU\S-1-5-21-515967899-261903793-682003330-1004\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-515967899-261903793-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-515967899-261903793-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP428\A0029592.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP320\A0011907.exe -> Adware.YazzleSudoku : Cleaned with backup (quarantined).
C:\Old Drive\Program Files\Common Files\zzkk\zzkkd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP377\A0023379.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP377\A0023396.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP377\A0023426.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP424\A0027016.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP426\A0027169.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP427\A0028401.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4C1D28D1-C9E2-4437-879C-60579ECBB57F}\RP427\A0028400.exe -> Not-A-Virus.SpamTool.Win32.Small.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Mary Strassburg\Cookies\mary [email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mary Strassburg\Cookies\mary [email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Res99 : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Old Drive\Documents and Settings\MARY\Local Settings\Temporary Internet Files\Content.IE5\GKBH2R1P\teller2[1].htm -> Trojan.Small : Cleaned with backup (quarantined).
C:\Old Drive\WINDOWS\U3RyYXNzYnVyZw\oalVsrhWsBpVtT.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\Old Drive\WINDOWS\system32\wapicc.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Old Drive\WINDOWS\teller2.chk -> Trojan.Small : Cleaned with backup (quarantined).
C:\Old Drive\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, I'm sorry if you had trouble with my directions-

Did you run the second part of the SmitFraudFix, where you boot to Safe Mode, and run the command to Clean it ?

I don't see the SmitFraud log you were asked to post?

Did you run SpyBot Search and Destroy and did it find things?

Then, you were asked to run AVG Antispyware, and I do see
the two logs from that, OK! You had it set correctly to Quarantine items.


I've tried to add some things here that will help you save the panda scan results.


Scan with Panda-

http://www.pandasoftware.com/products/activescan.htm

You must finish the entire scan. Choose a time when you can let it complete. Scan the "entire computer", all hard drives.

When the scan finishes, you will see a "View Report" button, hit that, look at the files it found....then, hit the "Save Report" button, you will see the file named activescan.txt,
in the Save In location box, change it to the Desktop so you can find it easily. You should see the "Download Complete" bit, and the file activescan.txt on your Desktop.

Then, find and open the activescan.txt file, and copy and paste the entire contents into an open Reply here.

Post the SmitFraud part 2 log please.

Also post a brand new Hijackthis scan.
 

msms139

Thread Starter
Joined
Jan 25, 2007
Messages
29
Incident Status Location

Potentially unwanted tool:application/myglobalsearch Not disinfected c:\program files\MyGlobalSearch
Adware:Adware/VideoActiveXObject Not disinfected C:\Documents and Settings\mary kay strassburg\Desktop\Video ActiveX Object\isaddon.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mary Strassburg\Desktop\spywarevirus repair\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mary Strassburg\Desktop\spywarevirus repair\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Mary Strassburg\Local Settings\Temp\Cookies\mary [email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Old Drive\Documents and Settings\MARY\Cookies\[email protected][2].txt
Spyware:Cookie/Deskwizz Not disinfected C:\Old Drive\Documents and Settings\MARY\Cookies\[email protected][1].txt
Spyware:Cookie/Diglnk Not disinfected C:\Old Drive\Documents and Settings\MARY\Cookies\[email protected][1].txt
Adware:Adware/PopupSearches Not disinfected C:\Old Drive\Documents and Settings\MARY\Local Settings\Temp\adwsetup_upd.exe[²èÇ]
Adware:Adware/PopupSearches Not disinfected C:\Old Drive\Documents and Settings\MARY\Local Settings\Temporary Internet Files\Content.IE5\AGZUDK7K\adsetup_silent.1.42[1].exe[²èÇ]
Adware:Adware/PopupSearches Not disinfected C:\Old Drive\Documents and Settings\MARY\Local Settings\Temporary Internet Files\Content.IE5\YRS5WVMP\adsetup_silent.1.42[1].exe[²èÇ]
Spyware:Spyware/Apropos Not disinfected C:\Old Drive\Program Files\Hptget2\ace.dll
Virus:Generic Trojan Not disinfected C:\Old Drive\WINDOWS\DHU.exe[DHTool.exe]
Adware:Adware/Deskwizz Not disinfected C:\Old Drive\WINDOWS\system32\win.exe[DH.dll]
 

msms139

Thread Starter
Joined
Jan 25, 2007
Messages
29
SmitFraudFix v2.135

Scan done at 9:42:44.56, Sat 01/27/2007
Run from C:\Documents and Settings\Mary Strassburg\Desktop\spywarevirus repair\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Did you see and do this- was in a reply previously:

""Uninstall these in Add/Remove Programs in your Control Panel.

Internet Explorer Security Plugin 2006
Internet Security Add-On

If you did, continue on, I was just asking to make sure.

They are both related to the SmitFraud infection you still have.

You have run the fix from a folder other than SmitFraud which should be alone, on your desktop, not in a folder called> C:\Documents and Settings\Mary Strassburg\Desktop\spywarevirus repair\SmitfraudFix\SmitfraudFix.

I'd like to try this:

Delete the SmitFraud folder from your spywarevirus repair folder, and also the SmitFraud.zip download you got before, we are going to get a new one.

Download the new one, and this time, make sure the Save In location you change, to just "Desktop" not your other folder, please, or it will never run right!

Please download a NEW SmitfraudFix (by S!Ri)


Then on SmitFraud download, double click, select "Extract"> Desktop, and it will make the NEW folder called SmitFraud which should be on the desktop...

  • then, double click that to Open it, and from the files, double click smitfraudfix.cmd.
  • Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
  • Please copy/paste the content of that report into your next reply.
    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post the smitfraud log, and also a new Hijackthis log
 

msms139

Thread Starter
Joined
Jan 25, 2007
Messages
29
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:57:48 AM 1/27/2007

+ Scan result:



Nothing found.


::Report end
 

msms139

Thread Starter
Joined
Jan 25, 2007
Messages
29
SmitFraudFix v2.136

Scan done at 11:09:22.09, Sat 01/27/2007
Run from C:\Documents and Settings\Mary Strassburg\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mary Strassburg


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mary Strassburg\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARYST~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, OK, let's do the second part....

The Panda online scan items showed it in your last scan so I am just making sure.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
 

msms139

Thread Starter
Joined
Jan 25, 2007
Messages
29
no tool came up to check or repair wininet.dll is this a problem?


SmitFraudFix v2.136

Scan done at 12:02:05.04, Sat 01/27/2007
Run from C:\Documents and Settings\Mary Strassburg\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, I am not sure- this is a new build of SmitFraud tool- changes very often recently, almost every day, I have not seen any others with problems.

Since it did not find anything I would assume it is OK.

But> we do need another new Panda scan....that is what was finding items related to this, it does a good job locating this crap so we can clean the leftovers.

I am posting directions for another online scan, Kaspersky, in case you might like to compare what it finds.

HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


Or this one: Kaspersky

  • Please go HERE and click Kaspersky Online Scanner
    Read and Accept the Agreement
    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    If you see a Windows dialog asking if you want to install this software, click the Install button.
    The program will launch and then begin downloading the latest definition files,
    When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
    Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
    Under "Please select a target to scan:", click My Computer to start the scan.
    When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
    Copy and Paste the contents of the on line scanner results into a Reply here in your thread, along with a new HJT log and log from any other scans you run.


Regardless of which you use, please be sure to save the results to post! And, follow the directions very carefully as it is critical for success.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top