troubles plus download trojan...

I am having a hard time accessing the spyware specific posts as I keep getting the "operation aborted" error message, so here I am posting my own problems and hoping someone can tell me sumptin' good...

I did all the stuff in the "tutorial":

1)I disabled system restore
2)I could not do the scans from trends and symantec in safe mode because the option for network support was not available, so I did them in normal and then went to safe mode for
3) Stinger (got a Kernel32 error message after I shut it down), c- cleaner (after I finished cleaning I had a look around and my computer froze up while I was at the uninstall programs place); ad-aware and the plug-in- but when I clicked on the plug-in and tried to run it it did nothing. I ran the scan anyway- if the plug-in was highlighted, does that mean that ad-aware was using it during scanning?
4)also spybot (+), shredder and kill2.

Now I am back in normal mode.

The symantec scan said "c:\Program Files\ddm\ddm.d.exe is infected with download trojan". I know it is low risk, but should I make it go away? And how would I do that?
***I need free programs.

all other scans were okay, in that there were no infected files or other viruses found. Download trojan was not found anywhere but symantec.

I am now getting those operation aborted messages and do not know what to do with the trojan (are they related in some way? is download t. the reason I have been having so many error messages?) I also get alot of error messages regarding a missing notepad.exe file, which I probably deleted somewhere along the line. Can I get another one?

I am going to put my system restore back on, because I have to get up early for work tomorrow and cannot do anymore on the computer for today. I started scanning this afternoon after lunch. If I have to do all the scans again, I will wait for wednesday which is my day off and I can spend all day fiddling with the computer (and learning, yes- learning).

I would really enjoy hearing from anyone who can tell me what is going on in my computer. I am trying to learn, but it is slow. This is an excellent site, and I wish I had stumbled on to it sooner. You people should congratulate yourselves for how you are helping people. Thank you for your hard work.

Mae

PS I initially did all this clean up because I have that Websavingsfromebates thing in my add/remove programs file and cannot get rid of it, as well as cleandisk 2000 (which I am sure I uninstalled long ago). I also had the wild tangent crap in my settings folder from downloading those free games from McDonalds last monopoly promo (live and spend all day learning how to not live like that again!)
I also just switched back from (Telus) Freedom Anti-virus (zero knowledge product) because the upgrade did not like me using zone alarm and ad-aware- I think they wanted me to buy their products (tsk tsk- they went bye bye instead).
I am back on AVG and Zonealarm, plus all my new friends I downloaded today.

 

thank you for your time.

I did not try to uninstall from c cleaner, I was just looking around when it froze. I wanted to see if websavingsfromebates was still listed (it is).

I read about the hijackthis, but I am afraid it is a bit over my head. I need a day to figure out what to do, because allthough it seems like plain language, I have never dealt with these things and it seems quite complicated.

I will attach the log file asap.
Mae

 

Hi!

Before I actually upload the log, can you tell me if this is a proper file to have it in? I am putting all my spyware programs etc into one file on my desktop so they are easy to find. Is it okay to put the log file in there as well?
C:\WINDOWS\Desktop\pc protection\hijackthis.log

I don't want to screw this up.

I also disabled system restore and re-ran all the scans this afternoon, so everything is up to date. I took a quick look at the log file (but no touchy!) and it looks like there is a lot of crap in there- something to do with coupons.
anyway, I will check back and then upload if it is okay.

Mae
PS I downloaded a copy of notepad.exe, but when I click on it is says it can run because of an error in notepad.exe - or something like that. I must have done something really wrong.

 

Howdy,

My hijackthis.exe is saved at C:\Program Files\HJT. I won't bother with a shortcut to the desktop for now.

My log file is saved at C:\WINDOWS\Desktop\pc protection\hijackthis.log. Can I upload from there?

New notepad is now working fine- thank you.

Mae

 

Hi,

Okay, lets see what's what...

 

Chas,

I followed your instructions but could not find C:\WINDOWS\realtime.exe or C:\WINDOWS\COUPONBAR.DLL. I did not see them in the windows folder.

Here is log #2. HJT was set to fix or delete 27 items. It looks like some are still there, so does that mean they are fixed? I NEVER use anything called coupon bar, but may have downloaded it in the early days of my surfing.

I have been getting some "Msimn has caused an error in MSVBVM60.DLL" and "Winmgmt has caused an error in WBEMESSL.DLL" messages lately. That last one comes up twice in a row. Have not seen them since I did this new HJT fix, but will let you know if I see them again. I had to uninstall .NET Framework 1.1 and re-install the distributable(?) yesterday, and so was finally able to install the SP1 for that as well (over 20 attempts in 4 months to install that before I stumbled on the right forum!)
I also deleted Piolet from my various folders and yet it still exists in add/remove, as does websavingsfromebates.

Thankyou again for all of your help!!!!
Mae

 

Hi Chas,

I went to windows explorer>WINDOWS\VCM\IEXPLORER to get my version, as right clicking for properties had no info. It is v.6.0.2800.1106- which is the current is it not? I saw that line too, but I will leave the deciphering of the log to the pros.

I saw that coupons.com (O16 - DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} (CouponTBInst Control) - http: //ftp.coupons.com/code/CouponBar.cab) is still in the HJT log, so would that mean it is "fixed" or could not be fixed because I could not find C:\WINDOWS\COUPONBAR.DLL to delete while in windows explorer (safe mode)?
(** I put a space in after http: so that the link is not clickable)
Mae

 

Chas,

I can run internet explorer from program files, but there was no tab there to get version info.The info from my last post came from the properties/version tab at the VCM folder.

My computer is a generic. I bought it about 4 1/2 years ago, at a local computer store. It has Windows Me, and came with IE v.5. ??, but I do all my updates and updating to v.6 was one of them.

No, you did not miss that 016 line. I checked it and clicked fix for that one. It just came back.

Mae

 

Chas,

I re-ran the HJT and "fixed" that 016. I checked the new log and it is gone now.

Also, when I got up this morning and checked the computer, that DLL error message was there again - the Winmgmt has caused an error in WBEMESS.DLL. When I close it, it pops up again. How can I fix these dll errors? I had a problem last year where when I clicked on a link it opened into a blank window. I had to go to the library and use their computers to find the answer and I had to fix about 10 dll files before my computer worked properly. Is this the same type of problem?

Mae

 

The two messages I get the most frequently are:

Winmgmt has caused an error in WBEMESS.DLL. Winmgmt will now close. (this one usually pops up twice in a row). Yesterday I could not get this error message to close out after I ran the Trends Micro's free online virus scan; it just kept popping back up after I clicked the x or close. I could not shut down my computer, and gave up and shut it off ( I know, bad, bad).

and

Msimn has caused an error in MSVBVM60.DLL. Msimn will now close. This one has something to do with visual basic.

Mae

 

Thank you for all of your help Chas, you have been so great! I appreciate all of the time you have spent helping me. I am so glad to have all the spyware tools now, and to know that things are clean.
Does this mean I can turn on my system restore?
What about websavings from ebates? Should I just ignore it?

I have posted at the software forum about my dll probs- thanks for pointing me that way.

Mae