Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I'm Full Of Viruses


  • Please log in to reply
12 replies to this topic

#1 bgardner

bgardner

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Massachusetts
  • Local time:01:21 AM

Posted 14 August 2006 - 08:36 PM

Downloaded HJT and ran a scan and saved the log, Trying to increase performance, trying to get rid of viruses scans did not pick up, and trying to get it to run faster and boot faster. all help appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:17:45 PM, on 8/14/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\loadqm.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\WINNT\Explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
C:\Documents and Settings\Keith\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#12802
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#12802
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O2 - BHO: (no name) - {524DFB4B-CD2D-4A93-B530-CB489E43A6C7} - C:\WINNT\System32\defehnld.dll
O2 - BHO: ViewSource Class - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\Keith\Application Data\wingz\wingz32.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINNT\system\pss.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Keith\Application Data\wingz\msiesh.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\RunOnce: [fat.exe] C:\Program Files\WinAntiVirus Pro 2006\fat.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O18 - Protocol: bw+0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BB952A32-88B7-4E93-B042-0048C9A4F215} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: logwms - C:\WINNT\System32\logwms.dll
O20 - Winlogon Notify: pss - C:\WINNT\system\pss.dll
O20 - Winlogon Notify: wwwxulhn - C:\WINNT\SYSTEM32\wwwxulhn.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 15 August 2006 - 08:25 PM

Add remove programs remove Logitech Desktop Messenger - WinAntiVirus (Bogus AV) - All occurences of Viewpoint

==================

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
===================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to all but system restore:


* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 bgardner

bgardner
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Massachusetts
  • Local time:01:21 AM

Posted 16 August 2006 - 08:22 AM

I was able to remove a few viruses already using AVG late last night, but after a few hours of scanning the laptop just keep rebooting itself, not sure why, I will do what else you said and post a new log.

Thanks,

#4 bgardner

bgardner
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Massachusetts
  • Local time:01:21 AM

Posted 17 August 2006 - 08:45 PM

I think i cleaned up a lot, it seems to be running a little faster already. I will finish uninstalling viewpoint but I have to close IE first.


Here is the spy sweeper log:

9:18 PM: Removal process completed. Elapsed time 00:00:45
9:18 PM: Quarantining All Traces: tacoda cookie
9:18 PM: Quarantining All Traces: reliablestats cookie
9:18 PM: Quarantining All Traces: 2o7.net cookie
9:17 PM: Quarantining All Traces: linksynergy cookie
9:17 PM: Quarantining All Traces: overture cookie
9:17 PM: Quarantining All Traces: enhance cookie
9:17 PM: Quarantining All Traces: ask cookie
9:17 PM: Quarantining All Traces: atwola cookie
9:17 PM: Quarantining All Traces: 80503492 cookie
9:17 PM: Quarantining All Traces: winantivirus pro
9:17 PM: Quarantining All Traces: tibs dialer
9:17 PM: Quarantining All Traces: virtumonde
9:17 PM: Quarantining All Traces: directrevenue-abetterinternet
9:17 PM: Removal process initiated
9:16 PM: Traces Found: 22
9:16 PM: Full Sweep has completed. Elapsed time 00:44:39
9:16 PM: File Sweep Complete, Elapsed Time: 00:32:19
9:10 PM: Warning: Failed to open file "c:\documents and settings\keith\application data\mozilla\profiles\default\aa9ntnl6.slt\parent.lock". The operation completed successfully
9:10 PM: Warning: Failed to open file "c:\program files\logitech\desktop messenger\8876480\users\keith\data\d0000000.fcs". The operation completed successfully
8:45 PM: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (ID = 2147513771)
8:45 PM: Found Adware: winantivirus pro
8:44 PM: Starting File Sweep
8:44 PM: Warning: Failed to access drive A:
8:44 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
8:44 PM: c:\documents and settings\keith\cookies\keith@tacoda[1].txt (ID = 6444)
8:44 PM: Found Spy Cookie: tacoda cookie
8:44 PM: c:\documents and settings\keith\cookies\keith@stats1.reliablestats[2].txt (ID = 3254)
8:44 PM: Found Spy Cookie: reliablestats cookie
8:44 PM: c:\documents and settings\keith\cookies\keith@msnportal.112.2o7[1].txt (ID = 1958)
8:44 PM: Found Spy Cookie: 2o7.net cookie
8:44 PM: c:\documents and settings\keith\cookies\keith@linksynergy[1].txt (ID = 2926)
8:44 PM: Found Spy Cookie: linksynergy cookie
8:44 PM: c:\documents and settings\keith\cookies\keith@data3.perf.overture[1].txt (ID = 3106)
8:44 PM: Found Spy Cookie: overture cookie
8:44 PM: c:\documents and settings\keith\cookies\keith@c.enhance[1].txt (ID = 2614)
8:44 PM: Found Spy Cookie: enhance cookie
8:44 PM: c:\documents and settings\keith\cookies\keith@atwola[2].txt (ID = 2255)
8:44 PM: c:\documents and settings\keith\cookies\keith@ask[1].txt (ID = 2245)
8:44 PM: Found Spy Cookie: ask cookie
8:44 PM: c:\documents and settings\keith\cookies\keith@ar.atwola[1].txt (ID = 2256)
8:44 PM: Found Spy Cookie: atwola cookie
8:44 PM: c:\documents and settings\keith\cookies\keith@80503492[1].txt (ID = 2013)
8:44 PM: Found Spy Cookie: 80503492 cookie
8:44 PM: Starting Cookie Sweep
8:44 PM: Registry Sweep Complete, Elapsed Time:00:01:46
8:43 PM: HKLM\software\classes\clsid\{f0c8173f-bc0e-4a06-aba9-db5a3e1fda89}\ (ID = 975142)
8:43 PM: HKCR\clsid\{f0c8173f-bc0e-4a06-aba9-db5a3e1fda89}\ (ID = 975033)
8:43 PM: Found Adware: tibs dialer
8:43 PM: HKLM\software\classes\msevents.msevents.1\ (ID = 749157)
8:43 PM: HKLM\software\classes\msevents.msevents\ (ID = 749153)
8:43 PM: HKCR\msevents.msevents.1\ (ID = 749136)
8:43 PM: HKCR\msevents.msevents\ (ID = 749130)
8:43 PM: Found Adware: virtumonde
8:43 PM: HKCR\typelib\{8ea362bd-39cb-40f5-9226-73cd40999095}\ (ID = 146146)
8:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{38d4d5d0-423e-4220-b6f9-30918c2ae4a4}\ (ID = 145938)
8:43 PM: HKLM\software\classes\typelib\{8ea362bd-39cb-40f5-9226-73cd40999095}\ (ID = 145901)
8:43 PM: HKLM\software\classes\clsid\{38d4d5d0-423e-4220-b6f9-30918c2ae4a4}\ (ID = 145875)
8:43 PM: HKCR\clsid\{38d4d5d0-423e-4220-b6f9-30918c2ae4a4}\ (ID = 145795)
8:43 PM: Found Adware: directrevenue-abetterinternet
8:42 PM: Starting Registry Sweep
8:42 PM: Memory Sweep Complete, Elapsed Time: 00:10:03
8:32 PM: Starting Memory Sweep
8:32 PM: Sweep initiated using definitions version 691
8:32 PM: Spy Sweeper 5.0.5.1286 started
8:32 PM: | Start of Session, Thursday, August 17, 2006 |
********
8:32 PM: | End of Session, Thursday, August 17, 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:31 PM: Shield States
8:30 PM: Spyware Definitions: 691
8:29 PM: Spy Sweeper 5.0.5.1286 started
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:04 AM: Shield States
6:04 AM: Spyware Definitions: 691
6:03 AM: Spy Sweeper 5.0.5.1286 started
8:56 PM: | End of Session, Wednesday, August 16, 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
8:54 PM: Messenger service has been disabled.
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:54 PM: Shield States
8:53 PM: Spyware Definitions: 691
8:52 PM: Spy Sweeper 5.0.5.1286 started
8:52 PM: Spy Sweeper 5.0.5.1286 started
8:52 PM: | Start of Session, Wednesday, August 16, 2006 |
********
5:35 AM: Quarantining All Traces: virtumonde
5:35 AM: Removal process initiated
9:58 PM: Access to Hosts file allowed for C:\WINNT\EXPLORER.EXE
9:57 PM: Access to Hosts file allowed for C:\WINNT\EXPLORER.EXE
9:56 PM: Access to Hosts file allowed for C:\WINNT\EXPLORER.EXE
9:55 PM: Access to Hosts file allowed for C:\WINNT\EXPLORER.EXE
9:54 PM: Access to Hosts file allowed for C:\WINNT\EXPLORER.EXE
9:52 PM: Traces Found: 33
9:52 PM: Full Sweep has completed. Elapsed time 00:55:52
9:52 PM: File Sweep Complete, Elapsed Time: 00:42:29
9:41 PM: Warning: Failed to open file "c:\program files\logitech\desktop messenger\8876480\users\keith\data\d0000000.fcs". The operation completed successfully
9:41 PM: Warning: Failed to open file "c:\documents and settings\keith\application data\mozilla\profiles\default\aa9ntnl6.slt\parent.lock". The operation completed successfully
9:32 PM: Spy Installation Shield: found: Adware: virtumonde, version 1.0.0.0
9:31 PM: C:\WINNT\system32\drivers\DP.sys (ID = 236607)
9:25 PM: Spy Installation Shield: found: Adware: directrevenue-abetterinternet, version 1.1.1.1
9:25 PM: C:\WINNT\sasent.dll (ID = 83494)
9:22 PM: Spy Installation Shield: found: Trojan Horse: trojan-downloader-winshow, version 1.0.0.0
9:22 PM: C:\WINNT\Temporary Internet Files\Content.IE5\97XHXVM7\f12802[1].gif (ID = 81098)
9:22 PM: Found Trojan Horse: trojan-downloader-winshow
9:10 PM: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (ID = 2147513771)
9:10 PM: Found Adware: winantivirus pro
9:09 PM: Starting File Sweep
9:09 PM: Warning: Failed to access drive A:
9:09 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
9:09 PM: c:\documents and settings\keith\cookies\keith@tacoda[1].txt (ID = 6444)
9:09 PM: Found Spy Cookie: tacoda cookie
9:09 PM: c:\documents and settings\keith\cookies\keith@stats1.reliablestats[2].txt (ID = 3254)
9:09 PM: Found Spy Cookie: reliablestats cookie
9:09 PM: c:\documents and settings\keith\cookies\keith@msnportal.112.2o7[1].txt (ID = 1958)
9:09 PM: Found Spy Cookie: 2o7.net cookie
9:09 PM: c:\documents and settings\keith\cookies\keith@linksynergy[1].txt (ID = 2926)
9:09 PM: Found Spy Cookie: linksynergy cookie
9:09 PM: c:\documents and settings\keith\cookies\keith@data3.perf.overture[1].txt (ID = 3106)
9:09 PM: Found Spy Cookie: overture cookie
9:09 PM: c:\documents and settings\keith\cookies\keith@c.enhance[1].txt (ID = 2614)
9:09 PM: Found Spy Cookie: enhance cookie
9:09 PM: c:\documents and settings\keith\cookies\keith@atwola[2].txt (ID = 2255)
9:09 PM: c:\documents and settings\keith\cookies\keith@ask[1].txt (ID = 2245)
9:09 PM: Found Spy Cookie: ask cookie
9:09 PM: c:\documents and settings\keith\cookies\keith@ar.atwola[1].txt (ID = 2256)
9:09 PM: Found Spy Cookie: atwola cookie
9:09 PM: c:\documents and settings\keith\cookies\keith@80503492[1].txt (ID = 2013)
9:09 PM: Found Spy Cookie: 80503492 cookie
9:09 PM: Starting Cookie Sweep
9:09 PM: Registry Sweep Complete, Elapsed Time:00:02:02
9:08 PM: HKLM\system\currentcontrolset\services\dp1112\ (ID = 1138322)
9:08 PM: HKLM\software\classes\clsid\{f0c8173f-bc0e-4a06-aba9-db5a3e1fda89}\ (ID = 975142)
9:08 PM: HKCR\clsid\{f0c8173f-bc0e-4a06-aba9-db5a3e1fda89}\ (ID = 975033)
9:08 PM: Found Adware: tibs dialer
9:08 PM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\progid\ (ID = 749172)
9:08 PM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (ID = 749166)
9:08 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (ID = 749160)
9:08 PM: HKLM\software\classes\msevents.msevents.1\ (ID = 749157)
9:08 PM: HKLM\software\classes\msevents.msevents\ (ID = 749153)
9:08 PM: HKCR\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (ID = 749140)
9:08 PM: HKCR\msevents.msevents.1\ (ID = 749136)
9:08 PM: HKCR\msevents.msevents\ (ID = 749130)
9:08 PM: HKCR\typelib\{8ea362bd-39cb-40f5-9226-73cd40999095}\ (ID = 146146)
9:08 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{38d4d5d0-423e-4220-b6f9-30918c2ae4a4}\ (ID = 145938)
9:08 PM: HKLM\software\classes\typelib\{8ea362bd-39cb-40f5-9226-73cd40999095}\ (ID = 145901)
9:08 PM: HKLM\software\classes\clsid\{38d4d5d0-423e-4220-b6f9-30918c2ae4a4}\ (ID = 145875)
9:08 PM: HKCR\clsid\{38d4d5d0-423e-4220-b6f9-30918c2ae4a4}\ (ID = 145795)
9:08 PM: Found Adware: directrevenue-abetterinternet
9:07 PM: Starting Registry Sweep
9:07 PM: Memory Sweep Complete, Elapsed Time: 00:10:50
8:57 PM: Detected running threat: C:\WINNT\system\pss.dll (ID = 77)
8:56 PM: Starting Memory Sweep
8:56 PM: C:\WINNT\system\pss.dll (ID = 1142187)
8:56 PM: HKCR\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\inprocserver32\ (ID = 1142187)
8:56 PM: Found Adware: virtumonde
8:56 PM: Sweep initiated using definitions version 691
8:56 PM: Spy Sweeper 5.0.5.1286 started
8:56 PM: | Start of Session, Wednesday, August 16, 2006 |
********






here is a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:31:08 PM, on 8/17/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\loadqm.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Keith\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {524DFB4B-CD2D-4A93-B530-CB489E43A6C7} - C:\WINNT\System32\defehnld.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINNT\System32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Smiley District] "C:\Program Files\SmileyDistrict\plugin.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O20 - Winlogon Notify: logwms - C:\WINNT\System32\logwms.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: wwwxulhn - C:\WINNT\SYSTEM32\wwwxulhn.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 17 August 2006 - 09:05 PM

Right click on HijackThis.exe and rename to HJT.exe
================

download http://www.mvps.org/winhelp2002/DelDomains.inf

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
==================
Post a new log from hijack
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 bgardner

bgardner
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Massachusetts
  • Local time:01:21 AM

Posted 18 August 2006 - 06:27 AM

Is the highjackthis icon on the desktop that launches the program that I would change?

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 18 August 2006 - 04:44 PM

No the actual exe

C:\Documents and Settings\Keith\Desktop\HijackThis.exe
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 bgardner

bgardner
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Massachusetts
  • Local time:01:21 AM

Posted 18 August 2006 - 10:34 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:16:48 PM, on 8/18/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\loadqm.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Keith\Desktop\HJT.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {524DFB4B-CD2D-4A93-B530-CB489E43A6C7} - C:\WINNT\System32\defehnld.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINNT\System32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Smiley District] "C:\Program Files\SmileyDistrict\plugin.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O20 - Winlogon Notify: logwms - C:\WINNT\System32\logwms.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: wwwxulhn - C:\WINNT\SYSTEM32\wwwxulhn.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 19 August 2006 - 01:01 PM

You may want to print this or save it to notepad as we will go to safe mode.

Add remove programs – remove SmileyDistrict

Fix these with HJT – mark them, close IE, click fix checked

O2 - BHO: (no name) - {524DFB4B-CD2D-4A93-B530-CB489E43A6C7} - C:\WINNT\System32\defehnld.dll

O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll

O4 - HKLM\..\Run: [Smiley District] "C:\Program Files\SmileyDistrict\plugin.exe"

O20 - Winlogon Notify: logwms - C:\WINNT\System32\logwms.dll

O20 - Winlogon Notify: wwwxulhn - C:\WINNT\SYSTEM32\wwwxulhn.dll

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\SmileyDistrict
C:\WINNT\System32\logwms.dll
C:\WINNT\SYSTEM32\wwwxulhn.dll
C:\WINNT\System32\defehnld.dll


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 bgardner

bgardner
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Massachusetts
  • Local time:01:21 AM

Posted 20 August 2006 - 09:36 AM

Only one of the temp files out of 160 did not delete, thats pretty good, and the killbox seemed to work OK

I dont think the system is going to get a ton faster as it is, just trying to do what I can to speed it up, its got less then 256mb of RAM, and is fairly old, im suspicious that it originally had windows 98 installed on it.

Anything else you see in the following log?

Logfile of HijackThis v1.99.1
Scan saved at 10:20:42 AM, on 8/20/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\loadqm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Keith\Desktop\HJT.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINNT\System32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O20 - Winlogon Notify: logwms - C:\WINNT\System32\logwms.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 20 August 2006 - 12:07 PM

More memory would help – www.crucial.com

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HJT – mark them, close IE, click fix checked

R3 - Default URLSearchHook is missing

O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)

O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)

O20 - Winlogon Notify: logwms - C:\WINNT\System32\logwms.dll

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINNT\System32\logwms.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#12 bgardner

bgardner
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Massachusetts
  • Local time:01:21 AM

Posted 21 August 2006 - 07:17 PM

Killbox would not let me delete that file.

I think we are pretty well off, let time run its course. Posting final HJT Log for final review.

Logfile of HijackThis v1.99.1
Scan saved at 8:00:58 PM, on 8/21/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\loadqm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Keith\Desktop\HJT.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith\Application Data\Mozilla\Profiles\default\aa9ntnl6.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINNT\System32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O20 - Winlogon Notify: logwms - C:\WINNT\System32\logwms.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

#13 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 21 August 2006 - 07:26 PM

You need to use the DELETE ON REBOOT option to delete that file
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users