Solved: Infected Searching Results

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Droops9

Thread Starter
Joined
Jul 10, 2007
Messages
43
Hey guys,
i have a problem with my search engines, i primarily use google, and sometimes yahoo, and rarely msn, but anyways, everytime i do a search of anything, i always get search results for creditcards, websites you can order stuff from, like one time my stepsister did a search cause she had a briused tibia, and she got results like "looking for bruised tibia? find exactly what you want today" and "shop for bruised tibia, and deals on tons of other products at monsterplace.com" i have charter security suite, spy sweeper (full version, no trial), ad-ware 2007, and winpatrol. i run scans pretty often, and everytime one of the programs finds something, i delete or quarantine it, but it never fixes my search engines problems, my charter security suite, always labels this one .exe file as "suspicous", its svchost, and its found in c:\windows\system32, and it tells me to rename it, and i do, but when i restart my computer, the file isnt renamed or anything, and im starting suspect that this can be the problem for my weird search results. so has anyone else had this problem, and knows how to fix it??? it would be greatly appreciated.

Thanks.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!


Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
 

Droops9

Thread Starter
Joined
Jul 10, 2007
Messages
43
ok here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:46 AM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security
Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Charter High-Speed Security
Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed
Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed
Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter
High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed
Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE"
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Disc Detector] "C:\Program
Files\Creative\ShareDLL\CtNotify.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program
Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imApp
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Policies\Explorer\Run: [{88ED4469-05B6-1033-0903-031111030001}]
"C:\Program Files\Common
Files\{88ED4469-05B6-1033-0903-031111030001}\Update.exe" te-110-12-0000213
O4 - HKUS\S-1-5-18\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User
'Default user')
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program
Files\Dopewars\WiseUpdt.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program
Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter
High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} -
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} -
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter -
{200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed
Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -
C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... -
{300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed
Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2C12EA94-FAA6-49E2-894F-10A33E80B798}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{360EC0F9-5D22-4F51-8D5E-BEA8ADD22CB5}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{36F6C009-A97F-4578-9898-C2DD2C5B126E}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{55011796-9CC1-4392-A50D-11FF10374B74}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B4D4DA84-B59B-4485-953A-8439549BDCE9}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CS1\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
NameServer = 194.54.90.238
O18 - Protocol: bw+0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3B2ACC35-546F-4F39-902B-B8089EF74D59} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3B2ACC35-546F-4F39-902B-B8089EF74D59} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733)
- BackWeb Technologies Inc. -
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure
Corporation - C:\Program Files\Charter High-Speed Security
Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Charter
High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Program Files\Charter High-Speed Security
Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation -
C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter
High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner
- c:\windows\system32\vhosts.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -
Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 22781 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Go to Add/Remove programs and remove Logitech Desktop Messenger


Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

Droops9

Thread Starter
Joined
Jul 10, 2007
Messages
43
well im doing this from our new laptop, and my computer with the problem is not letting me on this site, or the links you gave me, i copied and pasted the links and emailed them to myself, and when i open the links on my desktop, it says the page cannot be displayed, i downloaded the program to the computer, and emailed the program to myself, but no email supports will allow me to send or open .exe files, i tried from my gmail accont and hotmail account, and none of them wont let me. so are there any alternatives???

Thanks
 

Droops9

Thread Starter
Joined
Jul 10, 2007
Messages
43
Droops9 said:
well im doing this from our new laptop, and my computer with the problem is not letting me on this site, or the links you gave me, i copied and pasted the links and emailed them to myself, and when i open the links on my desktop, it says the page cannot be displayed, i downloaded the program to the computer, and emailed the program to myself, but no email supports will allow me to send or open .exe files, i tried from my gmail accont and hotmail account, and none of them wont let me. so are there any alternatives???

Thanks
ok, well i solved my .exe problem, i remembered i have a flash drive, so im just gnna transfer it from one computer to another.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
OK. You could also rename the file to .txt and then rename it later back to .exe
 

Droops9

Thread Starter
Joined
Jul 10, 2007
Messages
43
ok, here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:23 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security
Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security
Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed
Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed
Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter
High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed
Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Disc Detector] "C:\Program
Files\Creative\ShareDLL\CtNotify.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program
Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy
Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imApp
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-18\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User
'Default user')
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program
Files\Dopewars\WiseUpdt.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program
Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter
High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} -
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} -
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter -
{200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed
Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -
C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... -
{300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed
Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2C12EA94-FAA6-49E2-894F-10A33E80B798}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{360EC0F9-5D22-4F51-8D5E-BEA8ADD22CB5}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{36F6C009-A97F-4578-9898-C2DD2C5B126E}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{55011796-9CC1-4392-A50D-11FF10374B74}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B4D4DA84-B59B-4485-953A-8439549BDCE9}:
NameServer = 194.54.90.238
O17 -
HKLM\System\CS1\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
NameServer = 194.54.90.238
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733)
- BackWeb Technologies Inc. -
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure
Corporation - C:\Program Files\Charter High-Speed Security
Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Charter
High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Program Files\Charter High-Speed Security
Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation -
C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter
High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner
- c:\windows\system32\vhosts.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -
Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10370 bytes
------------------------------------------------------------------------
Here is the ComboFix Log


Code:
2006-08-13 11:45      104    --a------
C:\Qoobox\Quarantine\C\DOCUME~1\ANDREW~1\Desktop\Internet Explorer.lnk.vir
2007-02-01 17:56      911    --a------
C:\Qoobox\Quarantine\C\WINDOWS\system32\unsvchosts.lzma.vir
2007-03-16 23:41      89    --a------
C:\Qoobox\Quarantine\C\DOCUME~1\ANDREW~1\APPLIC~1\Macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-03-20 20:51      0    --a------
C:\Qoobox\Quarantine\C\WINDOWS\system32\RunOnce3.tm_.vir
2007-03-20 20:51      2    --a------
C:\Qoobox\Quarantine\C\WINDOWS\system32\RunOnce3.t__.vir
2007-03-21 21:57      0    --a------
C:\Qoobox\Quarantine\C\WINDOWS\system32\IExplorer.dll
                                      .dbt.vir
2007-06-25 14:25      376832    --a------
C:\Qoobox\Quarantine\C\WINDOWS\system32\WinNB58.dll.vir
2007-06-27 18:00      64849938    --a------
C:\Qoobox\Quarantine\C\bold.log.vir


Folder PATH listing
Volume serial number is 88ED-4469
C:\QOOBOX
\---Quarantine
   +---C
   |   |   bold.log.vir
   |   |
   |   +---DOCUME~1
   |   |   \---ANDREW~1
   |   |       +---APPLIC~1
   |   |       |   \---Macromedia
   |   |       |       \---Flash Player
   |   |       |           \---macromedia.com
   |   |       |               \---support
   |   |       |                   \---flashplayer
   |   |       |                       \---sys
   |   |       |                           \---#www.broadcaster.com
   |   |       |                                   settings.sol.vir
   |   |       |
   |   |       \---Desktop
   |   |               Internet Explorer.lnk.vir
   |   |
   |   \---WINDOWS
   |       \---system32
   |               IExplorer.dll
                  .dbt.vir
   |               RunOnce3.tm_.vir
   |               RunOnce3.t__.vir
   |               unsvchosts.lzma.vir
   |               WinNB58.dll.vir
   |
   \---Registry_backups
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svchost] C:\WINDOWS\system32\LA71D.tmp.exe (User'Default user')
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C12EA94-FAA6-49E2-894F-10A33E80B798}:
NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{360EC0F9-5D22-4F51-8D5E-BEA8ADD22CB5}:
NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{36F6C009-A97F-4578-9898-C2DD2C5B126E}:
NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{55011796-9CC1-4392-A50D-11FF10374B74}:
NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4D4DA84-B59B-4485-953A-8439549BDCE9}:
NameServer = 194.54.90.238
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C0F56FC-A9C8-4A78-AD18-C8654EAC1F0C}:
NameServer = 194.54.90.238
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe

Close all applications and browser windows before you click "fix checked".



Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\LA71D.tmp.exe
    c:\windows\system32\vhosts.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

Click Exit on the Main menu to close the program.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.
 

Droops9

Thread Starter
Joined
Jul 10, 2007
Messages
43
Hey cybertech,
all that you told me to do fixed it THANKS I GREATLY APPRECIATE IT, the search engines are working fine, and now i can login to Gmail, because whatever i had wasnt letting me login to my Gmail account, so THANKS.
(y) :) (y) :) (y) :)
 

Droops9

Thread Starter
Joined
Jul 10, 2007
Messages
43
Hey cybertech,
all that you told me to do fixed it THANKS I GREATLY APPRECIATE IT, the search engines are working fine, and now i can login to Gmail, because whatever i had wasnt letting me login to my Gmail account, and it also wasnt letting me come on to this site, and now it is, so THANKS.
(y) :) (y) :) (y) :)
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Great! Happy to hear it.

Please post your hijackthis log again as there may be some clean up to do. Also please turn off word wrap in Notepad so the log comes out better.

:)
 

Droops9

Thread Starter
Joined
Jul 10, 2007
Messages
43
ok here it is, and is it ok to reinstall logitech messenger, because i think its keeping my itouch from starting up when windows start, itouch is for my keyboard so it can do all its shortcut functions, and i also have AIM, and when i close AIM, it doesnt go to the sytem tray, is this something that all these programs did???


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:57 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Disc Detector] "C:\Program Files\Creative\ShareDLL\CtNotify.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9548 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Droops9 said:
ok here it is, and is it ok to reinstall logitech messenger
Yes you can do that.


Download the KillBox

Save the file to your desktop.

Double click the file to run KillBox.exe.

Select the Delete on Reboot option.

In the Full Path of File to Delete field copy and paste the following bolded entry.
Click the red circle with the white X in it,
When it asks if you want to delete the file on reboot click Yes.
When it asks you to reboot, click No.

c:\windows\system32\vhosts.exe

Close Killbox.

Click Start - Run - and type in:

services.msc

Click OK.

In the services window find:

Microsoft security update service (msupdate)

Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK.
Exit the Services utility.


Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


Run HJT again and put a check in the following:

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)

Close all applications and browser windows before you click "fix checked".

Now restart the machine and post your log once more.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top