| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91163 | 2008-06-28 03:44:00 | Active desktop recovery background | aidanmaz (7180) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 683330 | 2008-06-28 03:44:00 | my friend in the states has got this background and his computer has been running really slow, i beleive its a virus or something like that, but now he cannot use a browser to get it solved (AIM messenger works) he did hav internet access yesterday and i got him to put avast on....and the internet stopped working so to speak, meaning IE just returned a white blank page. what can we do to solve this? | aidanmaz (7180) | ||
| 683331 | 2008-06-28 04:12:00 | Assuming its XP - (normally you would do Via the desktop, but It prob wont work) Open the control Panel/ Display / Desktop Tab, Customize Desktop/Web Tab, untick anything that's ticked, from there you may be able to change the desktop. Download from my sig all the cleaners, install and run, download Spyware terminator (www.spywareterminator.com/). IF possible get HijackThis (http:) - do a scan and post a Log back. |
wainuitech (129) | ||
| 683332 | 2008-06-28 04:35:00 | Assuming its XP - (normally you would do Via the desktop, but It prob wont work) Open the control Panel/ Display / Desktop Tab, Customize Desktop/Web Tab, untick anything that's ticked, from there you may be able to change the desktop. Download from my sig all the cleaners, install and run, download Spyware terminator ( IF possible get HijackThis (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis" target="_blank">www.spywareterminator.com/). IF possible get HijackThis (http:) - do a scan and post a Log back. i did the desktop thing, both ways no help, used avast home edition and that too a few spyware away. at the moment he cannot surf the net but can use AOL AIM messenger. is there a program can get and send to him via that, that might help instead of giving him all of them? |
aidanmaz (7180) | ||
| 683333 | 2008-06-28 04:45:00 | here is his hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:48 PM, on 2/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\Common Files\System Doctor\dcmon.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\lxcfcoms.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = dpxml.verizon.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [{AD-DE-E6-69-DW}] C:\windows\system32\jqwnw64s.exe DWram O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ncntrkdm.exe DWram O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase.exe O4 - HKLM\..\Run: [System Doctor Free] C:\Program Files\System Doctor Free\systemdoc.exe -scan O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\System Doctor\dcmon.exe" dm=http://systemdoctor.com ad=http://systemdoctor.com sd=http://log.systemdoctor.com/ O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [BM3499ed5a] Rundll32.exe "C:\WINDOWS\system32\adobrabr.dll",s O4 - HKLM\..\Run: [37aadec6] rundll32.exe "C:\WINDOWS\system32\bgdwmaav.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe" O4 - HKCU\..\Run: [Obsd] "C:\WINDOWS\ASEMBL~1\arpa.exe" -vt yazb O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\shelby\Application Data\Microsoft\dtsc\5413.exe O4 - HKCU\..\Run: [Ntt] "C:\Documents and Settings\shelby\Application Data\a?sembly\d?xplore.exe" O4 - HKCU\..\Run: [A00F11F975.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F11F975.exe O4 - HKCU\..\Run: [A00F804772.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F804772.exe O4 - HKCU\..\Run: [A00F10F75AD.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F10F75AD.exe O4 - HKCU\..\Run: [A00F456B2D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F456B2D.exe O4 - HKCU\..\Run: [A00F158355.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F158355.exe O4 - HKCU\..\Run: [A00F4328D8.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F4328D8.exe O4 - HKCU\..\Run: [A00FC21CB.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FC21CB.exe O4 - HKCU\..\Run: [A00F9A2686.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F9A2686.exe O4 - HKCU\..\Run: [A00F8A351C.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F8A351C.exe O4 - HKCU\..\Run: [A00F707246.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F707246.exe O4 - HKCU\..\Run: [A00F7F4453.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F7F4453.exe O4 - HKCU\..\Run: [A00FF56898.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FF56898.exe O4 - HKCU\..\Run: [A00F102832F.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F102832F.exe O4 - HKCU\..\Run: [A00F115153.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F115153.exe O4 - HKCU\..\Run: [A00F10717D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F10717D.exe O4 - HKCU\..\Run: [A00F1488E5.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1488E5.exe O4 - HKCU\..\Run: [A00F10246D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F10246D.exe O4 - HKCU\..\Run: [A00FC3A8E.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FC3A8E.exe O4 - HKCU\..\Run: [A00F2E001C.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F2E001C.exe O4 - HKCU\..\Run: [A00F2F2A1E.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F2F2A1E.exe O4 - HKCU\..\Run: [A00F900CC.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F900CC.exe O4 - HKCU\..\Run: [A00F909498.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F909498.exe O4 - HKCU\..\Run: [A00F1275C79.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1275C79.exe O4 - HKCU\..\Run: [A00F1234CB2.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1234CB2.exe O4 - HKCU\..\Run: [A00F158B214.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F158B214.exe O4 - HKCU\..\Run: [A00F9B40BA.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F9B40BA.exe O4 - HKCU\..\Run: [A00F2C1B14.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F2C1B14.exe O4 - HKCU\..\Run: [A00FF1EF08.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FF1EF08.exe O4 - HKCU\..\Run: [A00F12C66BA.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F12C66BA.exe O4 - HKCU\..\Run: [A00F12EB7C4.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F12EB7C4.exe O4 - HKCU\..\Run: [A00FF2970.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FF2970.exe O4 - HKCU\..\Run: [A00FBE65F.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FBE65F.exe O4 - HKCU\..\Run: [A00F1230FC0.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1230FC0.exe O4 - HKCU\..\Run: [A00F501926.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F501926.exe O4 - HKCU\..\Run: [A00F19E95D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F19E95D.exe O4 - HKCU\..\Run: [A00F438751.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F438751.exe O4 - HKCU\..\Run: [A00F19EE379.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F19EE379.exe O4 - HKCU\..\Run: [A00F1B3DE3E.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1B3DE3E.exe O4 - HKCU\..\Run: [A00F1BC53D1.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1BC53D1.exe O4 - HKCU\..\Run: [A00FE216D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FE216D.exe O4 - HKCU\..\Run: [A00F165D4CE.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F165D4CE.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\ncntrkdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\jqwnw64s.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: AltaVista Home - jump.altavista.com O8 - Extra context menu item: AV Search This Term - jump.altavista.com O8 - Extra context menu item: AV Translate Selection - jump.altavista.com O8 - Extra context menu item: AV Translate this Web Page - jump.altavista.com O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Dial 4.0\ControlPad\Misc\a_menu.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - 69.65.108.158 O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - activatemyfios.verizon.net O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com O23 - Service: Carbon Copy 32 (CarbonCopy32) - Unknown owner - C:\WINDOWS\system32\ccsrvc.exe (file missing) O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Unknown owner - C:\WINDOWS\system32\schdsrvc.exe (file missing) O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\System32\lxcfcoms.exe O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 13257 bytes |
aidanmaz (7180) | ||
| 683334 | 2008-06-28 05:04:00 | Its covered in crap Disable system restore Run HJT again tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [{AD-DE-E6-69-DW}] C:\windows\system32\jqwnw64s.exe DWram O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase.exe Uninstall this O4 - HKLM\..\Run: [System Doctor Free] C:\Program Files\System Doctor Free\systemdoc.exe -scan O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\System Doctor\dcmon.exe" dm=http://systemdoctor.com ad=http://systemdoctor.com sd=http://log.systemdoctor.com/ O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min O4 - HKLM\..\Run: [BM3499ed5a] Rundll32.exe "C:\WINDOWS\system32\adobrabr.dll",s O4 - HKLM\..\Run: [37aadec6] rundll32.exe "C:\WINDOWS\system32\bgdwmaav.dll",b Be careful with this its a trojan, by the looks of it O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe" O4 - HKCU\..\Run: [Obsd] "C:\WINDOWS\ASEMBL~1\arpa.exe" -vt yazb O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\shelby\Application Data\Microsoft\dtsc\5413.exe O4 - HKCU\..\Run: [Ntt] "C:\Documents and Settings\shelby\Application Data\a?sembly\d?xplore.exe" O4 - HKCU\..\Run: [A00F11F975.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F11F975.exe O4 - HKCU\..\Run: [A00F804772.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F804772.exe O4 - HKCU\..\Run: [A00F10F75AD.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F10F75AD.exe O4 - HKCU\..\Run: [A00F456B2D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F456B2D.exe O4 - HKCU\..\Run: [A00F158355.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F158355.exe O4 - HKCU\..\Run: [A00F4328D8.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F4328D8.exe O4 - HKCU\..\Run: [A00FC21CB.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FC21CB.exe O4 - HKCU\..\Run: [A00F9A2686.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F9A2686.exe O4 - HKCU\..\Run: [A00F8A351C.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F8A351C.exe O4 - HKCU\..\Run: [A00F707246.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F707246.exe O4 - HKCU\..\Run: [A00F7F4453.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F7F4453.exe O4 - HKCU\..\Run: [A00FF56898.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FF56898.exe O4 - HKCU\..\Run: [A00F102832F.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F102832F.exe O4 - HKCU\..\Run: [A00F115153.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F115153.exe O4 - HKCU\..\Run: [A00F10717D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F10717D.exe O4 - HKCU\..\Run: [A00F1488E5.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1488E5.exe O4 - HKCU\..\Run: [A00F10246D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F10246D.exe O4 - HKCU\..\Run: [A00FC3A8E.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FC3A8E.exe O4 - HKCU\..\Run: [A00F2E001C.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F2E001C.exe O4 - HKCU\..\Run: [A00F2F2A1E.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F2F2A1E.exe O4 - HKCU\..\Run: [A00F900CC.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F900CC.exe O4 - HKCU\..\Run: [A00F909498.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F909498.exe O4 - HKCU\..\Run: [A00F1275C79.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1275C79.exe O4 - HKCU\..\Run: [A00F1234CB2.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1234CB2.exe O4 - HKCU\..\Run: [A00F158B214.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F158B214.exe O4 - HKCU\..\Run: [A00F9B40BA.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F9B40BA.exe O4 - HKCU\..\Run: [A00F2C1B14.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F2C1B14.exe O4 - HKCU\..\Run: [A00FF1EF08.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FF1EF08.exe O4 - HKCU\..\Run: [A00F12C66BA.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F12C66BA.exe O4 - HKCU\..\Run: [A00F12EB7C4.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F12EB7C4.exe O4 - HKCU\..\Run: [A00FF2970.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FF2970.exe O4 - HKCU\..\Run: [A00FBE65F.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FBE65F.exe O4 - HKCU\..\Run: [A00F1230FC0.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1230FC0.exe O4 - HKCU\..\Run: [A00F501926.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F501926.exe O4 - HKCU\..\Run: [A00F19E95D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F19E95D.exe O4 - HKCU\..\Run: [A00F438751.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F438751.exe O4 - HKCU\..\Run: [A00F19EE379.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F19EE379.exe O4 - HKCU\..\Run: [A00F1B3DE3E.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1B3DE3E.exe O4 - HKCU\..\Run: [A00F1BC53D1.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F1BC53D1.exe O4 - HKCU\..\Run: [A00FE216D.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00FE216D.exe O4 - HKCU\..\Run: [A00F165D4CE.exe] C:\DOCUME~1\shelby\LOCALS~1\Temp\_A00F165D4CE.exe O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\ncntrkdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\jqwnw64s.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - jump.altavista.com (file missing) O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Dial 4.0\ControlPad\Misc\a_menu.exe (file missing) Then reboot, then tell him to get This (www.malwarebytes.org) And get trojan remover in my sig, install and update both. Then scan Then select all options under utilities in trojan remover. Then open my computer, highlight c / right mouse / scan with trojan remover Uninstall Viewpoint Manager Service Uninstall this whatever it is O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe Next time he decides to install crap, tell him to google it first. So, he knows what he's installing |
Speedy Gonzales (78) | ||
| 683335 | 2008-06-28 05:17:00 | I'll see if Pancake can help with this one | Speedy Gonzales (78) | ||
| 683336 | 2008-06-28 05:20:00 | how do i uninstall all those? just check them in HJT? | aidanmaz (7180) | ||
| 683337 | 2008-06-28 05:21:00 | Yes I see the problem . Its a Vundo variant . Ok . Lets download ComboFix . exe . This will give me a better view to the files running and also hidden on your computer and also those in the registry . . Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix ( . bleepingcomputer . com/combofix/how-to-use-combofix" target="_blank">www . bleepingcomputer . com) <====== Go here Please ensure you read this guide carefully and install the Recovery Console first . This applies to XP Pro and XP Home users only . If you have SP3 installed you will need to use SP2 The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode . This allows us to more easily help you should your computer have a problem after an attempted removal of malware . It is a simple procedure that will only take a few moments of your time . Once installed, you should get a prompt that says: The Recovery Console was successfully installed . Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . (2) Click Yes to allow ComboFix to continue scanning for malware . When the tool is finished, it will produce a report for you . Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix . txt New HijackThis log . Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix . Mal use can cause serious computer problems NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security . If this is an issue or makes it difficult for you - please let me know . |
Pancake (6359) | ||
| 683338 | 2008-06-28 05:25:00 | Uninstall Mywebsearch, AntiSpywareExpert, Viewpoint Manager Service, SystemDoctor Free and Authentium AntiVirus in control panel / add/remove programs . Tick the rest I posted, then tick fix checked . Then reboot . Then get trojan remover and malwarebytes as in my previous post Get the file Pancake posted as well He may have to get rid of some things first Pancake browser is dead . |
Speedy Gonzales (78) | ||
| 683339 | 2008-06-28 05:32:00 | cheers pancake but lets just keep in mind my friend is in the USA and isnt too tech savvy, i dont want him to break his computer xD | aidanmaz (7180) | ||
| 1 2 3 4 | |||||