1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Infected Searching Results

Discussion in 'Virus & Other Malware Removal' started by Droops9, Jul 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Droops9

    Droops9 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    43
    Hey guys,
    i have a problem with my search engines, i primarily use google, and sometimes yahoo, and rarely msn, but anyways, everytime i do a search of anything, i always get search results for creditcards, websites you can order stuff from, like one time my stepsister did a search cause she had a briused tibia, and she got results like "looking for bruised tibia? find exactly what you want today" and "shop for bruised tibia, and deals on tons of other products at monsterplace.com" i have charter security suite, spy sweeper (full version, no trial), ad-ware 2007, and winpatrol. i run scans pretty often, and everytime one of the programs finds something, i delete or quarantine it, but it never fixes my search engines problems, my charter security suite, always labels this one .exe file as "suspicous", its svchost, and its found in c:\windows\system32, and it tells me to rename it, and i do, but when i restart my computer, the file isnt renamed or anything, and im starting suspect that this can be the problem for my weird search results. so has anyone else had this problem, and knows how to fix it??? it would be greatly appreciated.

    Thanks.
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Droops9

    Droops9 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    43
    ok here is the log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:50:46 AM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device
    Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Charter High-Speed Security
    Suite\backweb\3528733\program\fsbwsys.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
    C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
    C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Charter High-Speed Security
    Suite\backweb\3528733\Program\fspex.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper -
    {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed
    Security Suite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed
    Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter
    High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed
    Security Suite\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE"
    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [Disc Detector] "C:\Program
    Files\Creative\ShareDLL\CtNotify.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program
    Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP
    Studios\WinPatrol\winpatrol.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\LogitechDesktopMessenger.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
    ee://aol/imApp
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{88ED4469-05B6-1033-0903-031111030001}]
    "C:\Program Files\Common
    Files\{88ED4469-05B6-1033-0903-031111030001}\Update.exe" te-110-12-0000213
    O4 - HKUS\S-1-5-18\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User
    'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [LDM] C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User
    'Default user')
    O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program
    Files\Dopewars\WiseUpdt.exe
    O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program
    Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program
    Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter
    High-Speed Security Suite\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} -
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} -
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web Filter -
    {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed
    Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -
    C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... -
    {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed
    Security Suite\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{2C12EA94-FAA6-49E2-894F-10A33E80B798}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{360EC0F9-5D22-4F51-8D5E-BEA8ADD22CB5}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{36F6C009-A97F-4578-9898-C2DD2C5B126E}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{55011796-9CC1-4392-A50D-11FF10374B74}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{B4D4DA84-B59B-4485-953A-8439549BDCE9}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CS1\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
    NameServer = 194.54.90.238
    O18 - Protocol: bw+0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
    C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} -
    C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program
    Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
    Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733)
    - BackWeb Technologies Inc. -
    C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
    C:\WINDOWS\system32\CTSvcCDA.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure
    Corporation - C:\Program Files\Charter High-Speed Security
    Suite\Anti-Virus\fsgk32st.exe
    O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Charter
    High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
    Corporation - C:\Program Files\Charter High-Speed Security
    Suite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation -
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter
    High-Speed Security Suite\Common\FSMA32.EXE
    O23 - Service: HP Port Resolver - Hewlett-Packard Company -
    C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company -
    C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel
    32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program
    Files\iPod\bin\iPodService.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner
    - c:\windows\system32\vhosts.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -
    Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 22781 bytes
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Go to Add/Remove programs and remove Logitech Desktop Messenger


    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  5. Droops9

    Droops9 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    43
    well im doing this from our new laptop, and my computer with the problem is not letting me on this site, or the links you gave me, i copied and pasted the links and emailed them to myself, and when i open the links on my desktop, it says the page cannot be displayed, i downloaded the program to the computer, and emailed the program to myself, but no email supports will allow me to send or open .exe files, i tried from my gmail accont and hotmail account, and none of them wont let me. so are there any alternatives???

    Thanks
     
  6. Droops9

    Droops9 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    43
    ok, well i solved my .exe problem, i remembered i have a flash drive, so im just gnna transfer it from one computer to another.
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK. You could also rename the file to .txt and then rename it later back to .exe
     
  8. Droops9

    Droops9 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    43
    ok, here is the HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:17:23 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device
    Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Charter High-Speed Security
    Suite\backweb\3528733\program\fsbwsys.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
    C:\Program Files\Charter High-Speed Security
    Suite\backweb\3528733\Program\fspex.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
    C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
    C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper -
    {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed
    Security Suite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed
    Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter
    High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed
    Security Suite\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [Disc Detector] "C:\Program
    Files\Creative\ShareDLL\CtNotify.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program
    Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP
    Studios\WinPatrol\winpatrol.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
    Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
    ee://aol/imApp
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKUS\S-1-5-18\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User
    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User
    'Default user')
    O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program
    Files\Dopewars\WiseUpdt.exe
    O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program
    Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program
    Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter
    High-Speed Security Suite\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} -
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} -
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web Filter -
    {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed
    Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -
    C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... -
    {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed
    Security Suite\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{2C12EA94-FAA6-49E2-894F-10A33E80B798}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{360EC0F9-5D22-4F51-8D5E-BEA8ADD22CB5}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{36F6C009-A97F-4578-9898-C2DD2C5B126E}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{55011796-9CC1-4392-A50D-11FF10374B74}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{B4D4DA84-B59B-4485-953A-8439549BDCE9}:
    NameServer = 194.54.90.238
    O17 -
    HKLM\System\CS1\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
    NameServer = 194.54.90.238
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program
    Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
    Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733)
    - BackWeb Technologies Inc. -
    C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
    C:\WINDOWS\system32\CTSvcCDA.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure
    Corporation - C:\Program Files\Charter High-Speed Security
    Suite\Anti-Virus\fsgk32st.exe
    O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Charter
    High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
    Corporation - C:\Program Files\Charter High-Speed Security
    Suite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation -
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter
    High-Speed Security Suite\Common\FSMA32.EXE
    O23 - Service: HP Port Resolver - Hewlett-Packard Company -
    C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company -
    C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel
    32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program
    Files\iPod\bin\iPodService.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner
    - c:\windows\system32\vhosts.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -
    Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 10370 bytes
    ------------------------------------------------------------------------
    Here is the ComboFix Log


    Code:
    2006-08-13 11:45      104    --a------
    C:\Qoobox\Quarantine\C\DOCUME~1\ANDREW~1\Desktop\Internet Explorer.lnk.vir
    2007-02-01 17:56      911    --a------
    C:\Qoobox\Quarantine\C\WINDOWS\system32\unsvchosts.lzma.vir
    2007-03-16 23:41      89    --a------
    C:\Qoobox\Quarantine\C\DOCUME~1\ANDREW~1\APPLIC~1\Macromedia\Flash
    Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
    2007-03-20 20:51      0    --a------
    C:\Qoobox\Quarantine\C\WINDOWS\system32\RunOnce3.tm_.vir
    2007-03-20 20:51      2    --a------
    C:\Qoobox\Quarantine\C\WINDOWS\system32\RunOnce3.t__.vir
    2007-03-21 21:57      0    --a------
    C:\Qoobox\Quarantine\C\WINDOWS\system32\IExplorer.dll
                                          .dbt.vir
    2007-06-25 14:25      376832    --a------
    C:\Qoobox\Quarantine\C\WINDOWS\system32\WinNB58.dll.vir
    2007-06-27 18:00      64849938    --a------
    C:\Qoobox\Quarantine\C\bold.log.vir
    
    
    Folder PATH listing
    Volume serial number is 88ED-4469
    C:\QOOBOX
    \---Quarantine
       +---C
       |   |   bold.log.vir
       |   |
       |   +---DOCUME~1
       |   |   \---ANDREW~1
       |   |       +---APPLIC~1
       |   |       |   \---Macromedia
       |   |       |       \---Flash Player
       |   |       |           \---macromedia.com
       |   |       |               \---support
       |   |       |                   \---flashplayer
       |   |       |                       \---sys
       |   |       |                           \---#www.broadcaster.com
       |   |       |                                   settings.sol.vir
       |   |       |
       |   |       \---Desktop
       |   |               Internet Explorer.lnk.vir
       |   |
       |   \---WINDOWS
       |       \---system32
       |               IExplorer.dll
                      .dbt.vir
       |               RunOnce3.tm_.vir
       |               RunOnce3.t__.vir
       |               unsvchosts.lzma.vir
       |               WinNB58.dll.vir
       |
       \---Registry_backups
    
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKUS\S-1-5-18\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User'Default user')
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
    NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C12EA94-FAA6-49E2-894F-10A33E80B798}:
    NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{360EC0F9-5D22-4F51-8D5E-BEA8ADD22CB5}:
    NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36F6C009-A97F-4578-9898-C2DD2C5B126E}:
    NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{55011796-9CC1-4392-A50D-11FF10374B74}:
    NameServer = 194.54.90.238
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B4D4DA84-B59B-4485-953A-8439549BDCE9}:
    NameServer = 194.54.90.238
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
    NameServer = 194.54.90.238
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe

    Close all applications and browser windows before you click "fix checked".



    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\LA71D.tmp.exe
      c:\windows\system32\vhosts.exe


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  10. Droops9

    Droops9 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    43
    Hey cybertech,
    all that you told me to do fixed it THANKS I GREATLY APPRECIATE IT, the search engines are working fine, and now i can login to Gmail, because whatever i had wasnt letting me login to my Gmail account, so THANKS.
    (y) :) (y) :) (y) :)
     
  11. Droops9

    Droops9 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    43
    Hey cybertech,
    all that you told me to do fixed it THANKS I GREATLY APPRECIATE IT, the search engines are working fine, and now i can login to Gmail, because whatever i had wasnt letting me login to my Gmail account, and it also wasnt letting me come on to this site, and now it is, so THANKS.
    (y) :) (y) :) (y) :)
     
  12. Droops9

    Droops9 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    43
    (y) (messed up my edit so thats why theres two)
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Great! Happy to hear it.

    Please post your hijackthis log again as there may be some clean up to do. Also please turn off word wrap in Notepad so the log comes out better.

    :)
     
  14. Droops9

    Droops9 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    43
    ok here it is, and is it ok to reinstall logitech messenger, because i think its keeping my itouch from starting up when windows start, itouch is for my keyboard so it can do all its shortcut functions, and i also have AIM, and when i close AIM, it doesnt go to the sytem tray, is this something that all these programs did???


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:47:57 PM, on 7/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\CTSvcCDA.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
    C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
    C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
    C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    c:\program files\internet explorer\iexplore.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [Disc Detector] "C:\Program Files\Creative\ShareDLL\CtNotify.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
    O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
    O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 9548 bytes
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Yes you can do that.


    Download the KillBox

    Save the file to your desktop.

    Double click the file to run KillBox.exe.

    Select the Delete on Reboot option.

    In the Full Path of File to Delete field copy and paste the following bolded entry.
    Click the red circle with the white X in it,
    When it asks if you want to delete the file on reboot click Yes.
    When it asks you to reboot, click No.

    c:\windows\system32\vhosts.exe

    Close Killbox.

    Click Start - Run - and type in:

    services.msc

    Click OK.

    In the services window find:

    Microsoft security update service (msupdate)

    Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK.
    Exit the Services utility.


    Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


    Run HJT again and put a check in the following:

    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)

    Close all applications and browser windows before you click "fix checked".

    Now restart the machine and post your log once more.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/594302

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice