I also need help with w?nlogon.exe

used HiJack This and deleted it - still runs in my memory

try KillBox didnt work

would a fresh install of windows work


help me please

 

Was System Restore off? Did you run CWShredder?

Perhaps it would be a good idea for you to start with the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’m not around this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP

 

It is not in the LOG anymore but still shows up

 

I see it in your log. Along with a number of other items that need to be addressed as well.

I'm heading out the door & don't know when I can check back. Chaslang may be around soon and may be able to take a look. Hang in there

PP

 

its in the log but cant delete it

it doesnt show up to delete it

and what are the others

 

C:\WINNT\system32\w?nlogon.exe - - - >Did you have the Viewing of Hidden Files Enabled when looking for this one?

There are a lot of 016 entries that I would wonder what rides along with them.

The rest are mostly minor issues:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html Malware
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html Malware
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html Malware
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 24.55.190.159 --> Do you recognize this as legitimate? Likely needs to me removed.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.100 --> Is this your proxy server?

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {92E0F041-4582-3470-D36E-4E861D4A22C0} - C:\WINNT\system32\srria.dll --> I don't recognize this one, do you? Likely Malware.
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {9C33E1BC-62BF-42D2-B83A-AE16D4D0ACF7} - (no file)
O3 - Toolbar: (no name) - {8E929F51-5914-11D6-971F-0050FC3F9161} - (no file)

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 --> Though they deny it, this installs MySearch (which, by the way, is on your machine)
O4 - HKCU\..\Run: [Pnao] C:\Documents and Settings\Administrator\Application Data\wsao.exe --> If you don't know what this is, then probably a Trojan
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe --> Mild spyware, I usually leave it alone


O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm --> Mild spyware, I usually leave it alone
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm --> Mild spyware, I usually leave it alone
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) --> See note above
O15 - Trusted Zone: http://www.mtv.com --> I keep stuff out of here on principle.

You should remove the ones you don't want and delete the corresponding files in Safe Mode.

PP

 

still cant see it

 

When you used Pocket KillBox, did you copy and paste it into the box, or try to navigate to it? What results did you get from CWShredder?

I suggest booting to Safe Mode and firing up KillBox and selecting the Delete on Reboot option and then Copy and Paste C:\WINNT\system32\w?nlogon.exe and reboot. I've never seen this put up such a fight!

PP

 

ok try everything you said
and it still shows up
would a fresh install of windows
delete it that way


I TRY EVERYTHING

 

Yes, a reformat would do the trick, but seems like a lot of hassle for just this one little problem. Plus, I've never had a problem with this guy before. He usually deletes pretty easily!

Is there more than 1 active user account on your computer?

I am cutting out for the night, but let me leave a message for our resident Guru Chaslang to take a look - He enjoys a challenge! Hang in there

PP

 

now what

 

Its Deleted Finally