|
| ||
| desktop/background locked Just wondering if someone could look at the following and give me some suggestions on how i can fix my problem. (PROBLEM.... my background settings seem to be locked and computer has been running slower than normal) i have run virus softwear and come across limited problems and fixed what problems were there. i have also read similar posts and assume this is the best way for someone to help me, regards Adamo. the following is a logfile from hijack this, just run on my computer Logfile of HijackThis v1.99.1 Scan saved at 11:25:17 AM, on 8/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\csrss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS.0\system32\S24EvMon.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\WINDOWS.0\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS.0\system32\RegSrvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\On Screen Display\Hotkey.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS.0\AGRSMMSG.exe C:\Program Files\Battery miser\batterymiser.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS.0\system32\mpcsr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS.0\System32\alg.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\WINDOWS.0\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\adam work\junk\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [mpcsr] C:\WINDOWS.0\system32\mpcsr.exe O4 - HKLM\..\Run: [mpcsrv] C:\WINDOWS.0\system32\mpcsrv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.EXE -onlytray O4 - HKLM\..\Run: [dmpnv.exe] C:\WINDOWS.0\system32\dmpnv.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by136fd.bay136.hotmail.msn.co...s/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4CC1CA47-ACF9-4FD3-BF2B-B51499D60C45}: NameServer = 85.255.115.154,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{8949E308-5BEE-4906-A3BC-E432FF775FAF}: NameServer = 85.255.115.154,85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9BB2E1A-0865-4E2F-A5D6-6286FA05DAF1}: NameServer = 85.255.115.154,85.255.112.67 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe |
| ||
| Re: desktop/background locked ==Download fixwareout from http://www.bleepingcomputer.com/file...Fixwareout.exe - and save it to your desktop. Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal. Next check some settings....In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks. Now flush the DNS cache: Go Start > Run, type cmd and click OK. In the command screen, type in cd\ and then press Enter. Now type in ipconfig /flushdns and then Enter. [space after ipconfig]. Type Exit. ==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe - to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply. A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Okay, please run HT again and repost with the fixwareout and combofix logs. |
| ||
| Re: desktop/background locked i have done what you suggested, i think i have all the logs you require here, they are in order of HT log, Fixwareout log then combofix log. cheers, adamo Logfile of HijackThis v1.99.1 Scan saved at 10:55:43 AM, on 8/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS.0\system32\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS.0\system32\RegSrvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\On Screen Display\Hotkey.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS.0\AGRSMMSG.exe C:\Program Files\Battery miser\batterymiser.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS.0\system32\mpcsr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS.0\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS.0\system32\wuauclt.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\FinePixViewer\QuickDCF.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\explorer.exe C:\WINDOWS.0\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\adam work\junk\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [mpcsr] C:\WINDOWS.0\system32\mpcsr.exe O4 - HKLM\..\Run: [mpcsrv] C:\WINDOWS.0\system32\mpcsrv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.EXE -onlytray O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by136fd.bay136.hotmail.msn.co...s/MsnPUpld.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS.0\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS.0\system32\S24EvMon.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Username "Owner" - 2007-08-09 10:11:36 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmpnv" HKLM\SOFTWARE\~\Winlogon\ "System"="kdcht.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.115.154 85.255.112.67" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4CC1CA47-ACF9-4FD3-BF2B-B51499D60C45} "nameserver"="85.255.115.154,85.255.112.67" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8949E308-5BEE-4906-A3BC-E432FF775FAF} "nameserver"="85.255.115.154,85.255.112.67" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A9BB2E1A-0865-4E2F-A5D6-6286FA05DAF1} "nameserver"="85.255.115.154,85.255.112.67" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{48387CA1-7382-4163-8066-320B9DFE0B6D} "DhcpNameServer"="85.255.115.154,85.255.112.67" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A9BB2E1A-0865-4E2F-A5D6-6286FA05DAF1} "DhcpNameServer"="85.255.115.154,85.255.112.67" <Value cleared. Successfully flushed the DNS Resolver Cache. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B4D7C8CC39CA-89D9-FE24-E6F5-88BBF9D1{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "2" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "3" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "4" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "5" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "6" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "8" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "9" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "10" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "11" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "12" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "13" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "14" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "huhmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "15" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "16" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "17" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "18" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "19" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "20" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "21" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "22" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "25" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "vnpmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "26" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "27" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "28" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "29" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "30" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "31" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "33" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "34" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "35" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "36" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "37" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "38" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "39" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "40" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "41" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "42" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "43" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "44" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "45" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "46" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "47" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "48" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "49" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "50" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "51" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "52" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "53" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "54" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "55" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "56" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "57" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "58" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "59" Deleted .... »»»»» Misc files. C:\Documents and Settings\Owner\Application Data\Install.dat Deleted .... »»»»» Checking for older varients. .... »»»»» Other C:\WINDOWS.0\temp\kdcht.ren 65070 08/04/2004 »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "KeybdUtility"="\"C:\\Program Files\\On Screen Display\\Hotkey.exe\"" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "AGRSMMSG"="AGRSMMSG.exe" "batterymiser"="C:\\Program Files\\Battery miser\\batterymiser.exe" "NeroFilterCheck"="C:\\WINDOWS.0\\system32\\NeroCheck.exe" "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe" "mpcsr"="C:\\WINDOWS.0\\system32\\mpcsr.exe" "mpcsrv"="C:\\WINDOWS.0\\system32\\mpcsrv.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~2.EXE -onlytray" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "ctfmon.exe"="C:\\WINDOWS.0\\system32\\ctfmon.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» ComboFix 07-08-09.3 - "Owner" 2007-08-09 10:49:38.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT 10:00] ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 ))))))))))))))))))))))))))))))) 2007-08-09 10:32 51,200 --a------ C:\WINDOWS.0\nircmd.exe 2007-08-09 10:11 7,334 --a------ C:\dnsbak.reg 2007-07-25 14:01 <DIR> d-------- C:\Program Files\VideoLAN 2007-07-18 21:45 <DIR> d-------- C:\Radiation safety V2 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-06 11:44 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\AdobeUM 2007-07-25 13:25 --------- d-------- C:\Program Files\LimeWire 2007-06-25 10:05 --------- d-------- C:\Program Files\Google 2007-06-21 10:55 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-05-17 01:12 86528 --a--c--- C:\WINDOWS.0\system32\dllcache\directdb.dll 2007-05-17 01:12 85504 --a--c--- C:\WINDOWS.0\system32\dllcache\wabimp.dll 2007-05-17 01:12 683520 --a--c--- C:\WINDOWS.0\system32\dllcache\inetcomm.dll 2007-05-17 01:12 683520 --a------ C:\WINDOWS.0\system32\inetcomm.dll 2007-05-17 01:12 510976 --a--c--- C:\WINDOWS.0\system32\dllcache\wab32.dll 2007-05-17 01:12 1314816 --a--c--- C:\WINDOWS.0\system32\dllcache\msoe.dll 2006-11-29 00:24 2834552 --a------ C:\Program Files\CDI Backup 20062811 142445.zip 2006-11-28 13:25 81920 --a------ C:\Program Files\CDI_Valuelists.CD3 2006-11-28 13:25 548864 --a------ C:\Program Files\CDI_Scheduled_Calls.CD3 2006-11-28 13:25 159744 --a------ C:\Program Files\CDI_SMS.CD3 2006-11-28 13:25 1482752 --a------ C:\Program Files\CDI_Listings.CD3 2006-11-28 13:25 139264 --a------ C:\Program Files\CDI_Letters.CD3 2006-11-28 13:25 1175552 --a------ C:\Program Files\CDI_Contacts.CD3 2006-11-28 13:25 1167360 --a------ C:\Program Files\CDI_Main_Menu.CD3 2006-11-22 20:15 94208 --a------ C:\Program Files\CDI_Goals.CD3 2006-11-22 20:09 3228 --a------ C:\Program Files\cd_mailmerge.mer 2006-11-13 15:34 94208 --a------ C:\Program Files\CDI_Mail_Merge_Fields.CD3 2006-11-13 15:34 90112 --a------ C:\Program Files\CDI_Trails.CD3 2006-11-13 15:34 811008 --a------ C:\Program Files\CDI_Ideal_Week.CD3 2006-11-13 15:34 77824 --a------ C:\Program Files\CDI_Call_Logging.CD3 2006-11-13 15:34 4067328 --a------ C:\Program Files\CDI_Solicitors.CD3 2006-11-13 15:34 376832 --a------ C:\Program Files\CDI_Results.CD3 2006-11-13 15:34 3321856 --a------ C:\Program Files\CDI_Postcodes.CD3 2006-11-13 15:34 176128 --a------ C:\Program Files\CDI_Quotes.CD3 2006-11-13 15:34 172032 --a------ C:\Program Files\CDI_Support.CD3 2006-11-13 15:34 163840 --a------ C:\Program Files\CDI_Agent_Fees.CD3 2006-11-13 15:34 159744 --a------ C:\Program Files\CDI_Inspections.CD3 2006-11-13 15:34 143360 --a------ C:\Program Files\CDI_Email.CD3 2006-11-13 15:34 118784 --a------ C:\Program Files\CDI_Trail_Activities.CD3 2006-11-13 15:34 114688 --a------ C:\Program Files\CDI_Templates.CD3 2006-11-12 02:12 563762 --a------ C:\Program Files\Complete Data PDF trails.zip 2006-11-12 02:11 219164 --a------ C:\Program Files\CD MS Word letters.zip 2005-12-02 10:30 4730880 --a------ C:\Program Files\Complete Data Individual.exe 2005-12-02 10:25 311296 --a------ C:\Program Files\DBConverter.dll 2005-12-02 10:24 733184 --a------ C:\Program Files\XMLEngine.dll 2005-12-02 10:24 102400 --a------ C:\Program Files\FML10.dll 2005-12-02 10:23 532480 --a------ C:\Program Files\ProofReader.dll 2005-12-02 10:22 380928 --a------ C:\Program Files\XText.dll 2005-12-02 10:22 2093056 --a------ C:\Program Files\FMRSRC.dll 2005-12-02 10:21 528384 --a------ C:\Program Files\XFC.dll 2005-12-02 10:21 393216 --a------ C:\Program Files\FMUserModel.dll 2005-12-02 10:21 110592 --a------ C:\Program Files\FMWrapper.dll 2005-12-02 10:20 438272 --a------ C:\Program Files\XDraw.dll 2005-12-02 10:18 425984 --a------ C:\Program Files\FMScript.dll 2005-12-02 10:17 41472 --a------ C:\Program Files\NSViews.dll 2005-12-02 10:17 241664 --a------ C:\Program Files\FMLayout.dll 2005-12-02 10:17 217088 --a------ C:\Program Files\XGrfx.dll 2005-12-02 10:17 126976 --a------ C:\Program Files\FMOLE.dll 2005-12-02 10:16 2260992 --a------ C:\Program Files\DBEngine.dll 2005-12-02 10:16 114688 --a------ C:\Program Files\MFCX.dll 2005-12-02 10:16 106496 --a------ C:\Program Files\XCore.dll 2005-12-02 10:14 450560 --a------ C:\Program Files\HBAM.dll 2005-12-02 10:13 1265664 --a------ C:\Program Files\Support.dll 2005-06-30 18:06 44900 --a------ C:\Program Files\FMP Acknowledgements.pdf 2005-05-17 14:05 847872 --a------ C:\Program Files\libeay32.dll 2005-05-17 14:05 159744 --a------ C:\Program Files\ssleay32.dll 2005-04-18 17:43 942080 --a------ C:\Program Files\omniORB4.dll 2005-04-18 17:43 16896 --a------ C:\Program Files\omnithread.dll 2005-04-18 17:43 1224192 --a------ C:\Program Files\omniDynamic4.dll 2005-02-28 10:33 1388544 --a------ C:\Program Files\xerces.dll 2005-02-28 10:32 94208 --a------ C:\Program Files\XalanTransformer.dll 2005-02-28 10:32 630784 --a------ C:\Program Files\XSLT.dll 2005-02-28 10:32 38912 --a------ C:\Program Files\XalanDOM.dll 2005-02-28 10:32 37376 --a------ C:\Program Files\DOMSupport.dll 2005-02-28 10:32 360448 --a------ C:\Program Files\XPath.dll 2005-02-28 10:32 24064 --a------ C:\Program Files\XalanExtensions.dll 2005-02-28 10:32 212992 --a------ C:\Program Files\PlatformSupport.dll 2005-02-28 10:32 188416 --a------ C:\Program Files\XercesParserLiaison.dll 2005-02-28 10:32 135168 --a------ C:\Program Files\XalanSourceTree.dll 2005-02-28 10:32 126976 --a------ C:\Program Files\XMLSupport.dll 2005-02-03 09:44 4479682 --a------ C:\Program Files\CD Individual User Guide.pdf 2004-11-17 13:03 21928 --a------ C:\Program Files\Complete Data Licence Agreement.pdf 2004-05-26 16:44 1170241 --a------ C:\Program Files\Mail Merge Guide.pdf 2003-03-18 20:12 1047552 --a------ C:\Program Files\MFC71u.dll 2003-03-18 19:14 499712 --a------ C:\Program Files\msvcp71.dll 2003-02-21 03:42 348160 --a------ C:\Program Files\msvcr71.dll 2001-08-23 05:00 1700352 --a------ C:\Program Files\GdiPlus.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 20:10] "KeybdUtility"="C:\Program Files\On Screen Display\Hotkey.exe" [2004-08-26 16:14] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-13 08:19] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-13 08:18] "AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 14:54 C:\WINDOWS.0\AGRSMMSG.exe] "batterymiser"="C:\Program Files\Battery miser\batterymiser.exe" [2004-08-28 09:05] "NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 20:50] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-04 01:47] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 16:35] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36] "mpcsr"="C:\WINDOWS.0\system32\mpcsr.exe" [2005-09-21 14:47] "mpcsrv"="C:\WINDOWS.0\system32\mpcsrv.exe" [2005-09-30 11:09] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-29 16:34] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.exe" [2005-12-13 07:49] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-09 16:56] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-25 05:37] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 15:56] "ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-04 22:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\WINDOWS.0\system32\bmpsap.dll [2004-08-27 15:05 73728] ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-09 10:51:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-09 10:52:27 C:\ComboFix-quarantined-files.txt ... 2007-08-09 10:52 --- E O F --- |
| ||
| Re: desktop/background locked Okayyy... first off, you seem to have two XP OS's on you C: drive...? You are booting into the first, windows.0, but I wager there is a Windows.1...? Imesh. Do you like it? I leave that up to you.... remove via add/rmv pgms in control panel.... there is a O2 entry also... O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll Right. Fix these with hijackthis: O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [mpcsr] C:\WINDOWS.0\system32\mpcsr.exe O4 - HKLM\..\Run: [mpcsrv] C:\WINDOWS.0\system32\mpcsrv.exe Delete these files: C:\WINDOWS.0\system32\mpcsr.exe C:\WINDOWS.0\system32\mpcsrv.exe Unlocker 1.8.5 [-just in case you need it.] ==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/ Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool. Now: ==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way. Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner. [For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.] Finally: ==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 or here.. http://free.grisoft.com/freeweb.php/...i-spyware-free -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it. Start AVG a-s 7.5; -under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan. -press Apply all Actions and Save the log file. Post the log file. ... and that should be it. |
| ||
| Re: desktop/background locked genious! thats all i can say, all fixed! thanks buddy, if your ever in melbourne australia send me a email, i owe you a couple of beers! cheers adamo. |
| ||
| Re: desktop/background locked Hey, that's nice.... could I see the AVG log, pls? |
| ||
| Re: desktop/background locked report as follows, also avg found..... trojan.wimad.a dropper.small and additional medium level risks such as tracking cookies. i assume i should quarantine/delete all risk files found.. one last question i have is, should i remove one of the windows files that are on my computer, i have windows and windows.0 in my c:\ and what way would be the best way to remove if i have to? thanks --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 1:02:27 PM 8/10/2007 + Scan result: HKU\S-1-5-21-1645522239-1606980848-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : No action taken. C:\QooBox\Quarantine\C\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL.vir -> Adware.IMeshBar : No action taken. C:\System Volume Information\_restore{68E23236-10E2-499A-804D-4A012C4B499B}\RP729\A0068084.DLL -> Adware.IMeshBar : No action taken. C:\System Volume Information\_restore{68E23236-10E2-499A-804D-4A012C4B499B}\RP676\A0058164.exe -> Dropper.Small : No action taken. C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Owner\Cookies\owner@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\hn\Cookies\hn@search.msn[2].txt -> TrackingCookie.Msn : No action taken. C:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken. C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken. C:\My Downloads\01 Track 1.wma -> Trojan.Wimad.a : No action taken. ::Report end |
| ||
| Re: desktop/background locked Orrite, do that, remove all those files that AVG quarantined. =If everything is now working okay you should clear all your system restore points because some have been infected.... AVG may have cleaned them, but we cannot be sure it found everything. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK. [[a quick way in is Start > run, paste: control sysdm.cpl,,4 -and OK]] =Because I cannot see your sys I do not know if you have duplicated My Documents folders - log into the unwanted windows OS and if there are files in its My Docs that you want copy them out to an std directory eg.. C:\Othersysfiles\ so that you can later access them -this is just in case. Then if happy, simply log into the Windows that you wish to keep and go CP, System, Advanced, Startup n recovery Settings, press Edit. A notepad with your boot.ini files will open - be careful with it, if you make errors in it and hit save you may face problems..... if you like just post it here for guidance. Keen to try it yourself? Okay, it will look something like this: [boot loader] timeout=20 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0 [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect -the idea is to set in the default= line the OS you wish to keep [in this example it is windows.0], and simply delete the line under [operating systems] representing the OS you wish to remove. And hit Save. Next you start your sys and delete the Windows folder that you do not want. Post your boot.ini file if at all unsure!!! [I assume here that you would remove the earlier windows version cos you must have had some reason for reinstalling...?] |
| ||
| Re: desktop/background locked mostly all sweet now, just cant seem to get rid of 3 .dll files, shfolder.dll, qmgr.dll and winhttp.dll i removed these files from the windows folder as they were the only files obstrcting me from deleting that folder, any suggestions to remove these? other than that, background is all fixed, only only one version of windows remains on my computer adamo |
| ||
| Re: desktop/background locked ==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/ Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool. Just make sure your other windows directory has these files first... |
| All times are GMT -4. The time now is 2:26 am. |
Forum system based on vBulletin Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
©2003 - 2010 DaniWeb® LLC