Unremovable Wallpaper from AntiVirus System Pro

View previous topic View next topic Go down

Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 7th January 2010, 2:42 am

Hello,

Recently, my father was tricked by AntiVirus System Pro and downloaded it onto our computer, after much toil on Safe Mode, I believe to have successfully removed it with the help of MBAM. But, when I came back to my normal Mode, I noticed that my wallpaper was still covered by an annoying message stating how my System is Infected.

I am currently running another MBAM Quick Scan with hopes of finding the infected object, but it could take up to an hour waiting for it to complete itself.

I would like to show you a log from a scan I did today in Safe Mode, but it does not appear in the Log Tab on MBAM.

The most recent MBAM Log

Malwarebytes' Anti-Malware 1.43
Database version: 3506
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

06/01/2010 11:47:51 PM
mbam-log-2010-01-06 (23-47-51).txt

Scan type: Quick Scan
Objects scanned: 150132
Time elapsed: 1 hour(s), 37 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Last edited by SilverSonata on 7th January 2010, 4:49 am; edited 1 time in total (Reason for editing : MBAM just finished scanning)

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 7th January 2010, 6:40 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 7th January 2010, 9:51 am

ComboFix 10-01-04.01 - Amanda 07/01/2010 1:46.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.301 [GMT -5:00]
Running from: c:\documents and settings\Amanda\desktop\commy.exe
Command switches used :: /stepdel
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\IS15.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-06 22:54 . 2010-01-06 22:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-01-06 05:27 . 2010-01-06 05:27 -------- d-----w- c:\program files\Webroot
2010-01-06 05:27 . 2010-01-06 05:27 -------- d-----w- c:\documents and settings\Tom\Application Data\Webroot
2010-01-06 05:27 . 2010-01-06 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-01-06 05:27 . 2009-08-31 18:00 1563008 ----a-w- c:\windows\WRSetup.dll
2010-01-06 05:03 . 2010-01-06 05:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-22 02:08 . 2009-12-22 02:09 -------- d-----w- C:\Combo-Fix
2009-12-20 23:46 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-20 23:46 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-20 22:48 . 2009-12-20 22:48 -------- d-----w- c:\program files\TrendMicro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 05:19 . 2005-07-04 01:12 82592 -c--a-w- c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 00:15 . 2009-10-28 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 00:15 . 2009-12-03 23:47 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 19:55 . 2009-10-28 02:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54 . 2009-10-28 02:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 04:48 . 2007-02-17 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-21 06:24 . 2006-07-14 19:18 -------- d-----w- c:\documents and settings\Amanda\Application Data\U3
2009-11-19 13:30 . 2008-03-16 12:59 -------- d-----w- c:\program files\McAfee
2009-11-05 02:35 . 2005-02-28 21:38 82592 ----a-w- c:\documents and settings\Amanda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:46 . 2004-08-04 11:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-11-30 05:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-26 02:58 . 2007-09-04 00:25 129862 ----a-w- c:\windows\hpoins13.dat
2009-10-21 05:38 . 2004-08-04 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 11:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 11:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-2-21 156784]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8616:TCP"= 8616:TCP:PORT_8616
"37737:TCP"= 37737:TCP:PORT_37737
"11048:TCP"= 11048:TCP:PORT_11048
"11426:TCP"= 11426:TCP:PORT_11426
"12726:TCP"= 12726:TCP:PORT_12726
"49335:TCP"= 49335:TCP:PORT_49335
"24719:TCP"= 24719:TCP:PORT_24719
"52391:TCP"= 52391:TCP:PORT_52391
"22843:TCP"= 22843:TCP:PORT_22843
"35391:TCP"= 35391:TCP:PORT_35391
"7440:TCP"= 7440:TCP:PORT_7440
"34165:TCP"= 34165:TCP:PORT_34165
"29940:TCP"= 29940:TCP:PORT_29940
"47946:TCP"= 47946:TCP:PORT_47946
"56326:TCP"= 56326:TCP:PORT_56326
"46663:TCP"= 46663:TCP:PORT_46663
"16396:TCP"= 16396:TCP:PORT_16396
"31143:TCP"= 31143:TCP:PORT_31143
"14541:TCP"= 14541:TCP:PORT_14541
"47936:TCP"= 47936:TCP:PORT_47936
"41640:TCP"= 41640:TCP:PORT_41640
"60210:TCP"= 60210:TCP:PORT_60210
"16801:TCP"= 16801:TCP:PORT_16801
"41255:TCP"= 41255:TCP:PORT_41255
"46394:TCP"= 46394:TCP:PORT_46394
"14377:TCP"= 14377:TCP:PORT_14377
"40773:TCP"= 40773:TCP:PORT_40773
"33120:TCP"= 33120:TCP:PORT_33120
"9221:TCP"= 9221:TCP:PORT_9221
"31945:TCP"= 31945:TCP:PORT_31945
"62458:TCP"= 62458:TCP:PORT_62458
"31141:TCP"= 31141:TCP:PORT_31141
"49070:TCP"= 49070:TCP:PORT_49070
"28293:TCP"= 28293:TCP:PORT_28293
"60568:TCP"= 60568:TCP:PORT_60568
"53106:TCP"= 53106:TCP:PORT_53106
"14170:TCP"= 14170:TCP:PORT_14170
"43269:TCP"= 43269:TCP:PORT_43269
"34936:TCP"= 34936:TCP:PORT_34936
"17423:TCP"= 17423:TCP:PORT_17423
"17226:TCP"= 17226:TCP:PORT_17226
"10265:TCP"= 10265:TCP:PORT_10265
"9438:TCP"= 9438:TCP:PORT_9438
"29915:TCP"= 29915:TCP:PORT_29915
"63150:TCP"= 63150:TCP:PORT_63150
"59949:TCP"= 59949:TCP:PORT_59949
"28248:TCP"= 28248:TCP:PORT_28248
"14022:TCP"= 14022:TCP:PORT_14022
"10385:TCP"= 10385:TCP:PORT_10385
"11331:TCP"= 11331:TCP:PORT_11331
"26828:TCP"= 26828:TCP:PORT_26828
"62173:TCP"= 62173:TCP:PORT_62173
"65260:TCP"= 65260:TCP:PORT_65260
"14001:TCP"= 14001:TCP:PORT_14001
"32193:TCP"= 32193:TCP:PORT_32193
"59256:TCP"= 59256:TCP:PORT_59256
"10430:TCP"= 10430:TCP:PORT_10430
"27899:TCP"= 27899:TCP:PORT_27899
"29963:TCP"= 29963:TCP:PORT_29963
"19903:TCP"= 19903:TCP:PORT_19903
"9368:TCP"= 9368:TCP:PORT_9368
"44465:TCP"= 44465:TCP:PORT_44465
"39276:TCP"= 39276:TCP:PORT_39276
"28516:TCP"= 28516:TCP:PORT_28516
"54704:TCP"= 54704:TCP:PORT_54704
"22851:TCP"= 22851:TCP:PORT_22851
"8326:TCP"= 8326:TCP:PORT_8326
"26733:TCP"= 26733:TCP:PORT_26733
"45119:TCP"= 45119:TCP:PORT_45119
"26830:TCP"= 26830:TCP:PORT_26830
"64715:TCP"= 64715:TCP:PORT_64715
"35790:TCP"= 35790:TCP:PORT_35790
"61141:TCP"= 61141:TCP:PORT_61141
"35275:TCP"= 35275:TCP:PORT_35275
"31464:TCP"= 31464:TCP:PORT_31464
"33218:TCP"= 33218:TCP:PORT_33218
"27333:TCP"= 27333:TCP:PORT_27333
"60193:TCP"= 60193:TCP:PORT_60193
"50612:TCP"= 50612:TCP:PORT_50612
"33630:TCP"= 33630:TCP:PORT_33630
"39106:TCP"= 39106:TCP:PORT_39106
"63597:TCP"= 63597:TCP:PORT_63597
"55235:TCP"= 55235:TCP:PORT_55235
"30806:TCP"= 30806:TCP:PORT_30806
"27740:TCP"= 27740:TCP:PORT_27740
"28056:TCP"= 28056:TCP:PORT_28056
"6365:TCP"= 6365:TCP:PORT_6365
"8765:TCP"= 8765:TCP:PORT_8765
"34006:TCP"= 34006:TCP:PORT_34006
"18941:TCP"= 18941:TCP:PORT_18941
"56321:TCP"= 56321:TCP:PORT_56321
"59493:TCP"= 59493:TCP:PORT_59493
"17876:TCP"= 17876:TCP:PORT_17876
"55945:TCP"= 55945:TCP:PORT_55945
"49879:TCP"= 49879:TCP:PORT_49879
"62656:TCP"= 62656:TCP:PORT_62656
"24888:TCP"= 24888:TCP:PORT_24888
"58695:TCP"= 58695:TCP:PORT_58695
"19391:TCP"= 19391:TCP:PORT_19391
"63760:TCP"= 63760:TCP:PORT_63760
"22775:TCP"= 22775:TCP:PORT_22775
"41720:TCP"= 41720:TCP:PORT_41720
"65056:TCP"= 65056:TCP:PORT_65056
"54964:TCP"= 54964:TCP:PORT_54964
"63551:TCP"= 63551:TCP:PORT_63551
"13213:TCP"= 13213:TCP:PORT_13213
"48760:TCP"= 48760:TCP:PORT_48760
"19508:TCP"= 19508:TCP:PORT_19508
"35763:TCP"= 35763:TCP:PORT_35763
"7761:TCP"= 7761:TCP:PORT_7761
"9596:TCP"= 9596:TCP:PORT_9596
"31103:TCP"= 31103:TCP:PORT_31103
"9963:TCP"= 9963:TCP:PORT_9963
"65026:TCP"= 65026:TCP:PORT_65026
"47591:TCP"= 47591:TCP:PORT_47591
"13100:TCP"= 13100:TCP:PORT_13100
"19554:TCP"= 19554:TCP:PORT_19554
"16259:TCP"= 16259:TCP:PORT_16259
"30468:TCP"= 30468:TCP:PORT_30468
"36447:TCP"= 36447:TCP:PORT_36447
"17158:TCP"= 17158:TCP:PORT_17158
"9568:TCP"= 9568:TCP:PORT_9568
"53096:TCP"= 53096:TCP:PORT_53096
"38196:TCP"= 38196:TCP:PORT_38196
"7371:TCP"= 7371:TCP:PORT_7371
"59121:TCP"= 59121:TCP:PORT_59121
"28385:TCP"= 28385:TCP:PORT_28385
"30105:TCP"= 30105:TCP:PORT_30105
"23738:TCP"= 23738:TCP:PORT_23738
"54691:TCP"= 54691:TCP:PORT_54691
"62101:TCP"= 62101:TCP:PORT_62101
"20105:TCP"= 20105:TCP:PORT_20105
"40842:TCP"= 40842:TCP:PORT_40842
"35856:TCP"= 35856:TCP:PORT_35856
"63943:TCP"= 63943:TCP:PORT_63943
"60273:TCP"= 60273:TCP:PORT_60273
"33901:TCP"= 33901:TCP:PORT_33901
"16263:TCP"= 16263:TCP:PORT_16263
"32233:TCP"= 32233:TCP:PORT_32233
"45429:TCP"= 45429:TCP:PORT_45429
"5823:TCP"= 5823:TCP:PORT_5823
"55783:TCP"= 55783:TCP:PORT_55783
"34100:TCP"= 34100:TCP:PORT_34100
"64790:TCP"= 64790:TCP:PORT_64790
"8712:TCP"= 8712:TCP:PORT_8712
"34615:TCP"= 34615:TCP:PORT_34615
"7824:TCP"= 7824:TCP:PORT_7824
"58444:TCP"= 58444:TCP:Pando Media Booster
"58444:UDP"= 58444:UDP:Pando Media Booster
"57094:TCP"= 57094:TCP:Pando Media Booster
"57094:UDP"= 57094:UDP:Pando Media Booster

R2 HPFECP06;HPFECP06;c:\windows\SYSTEM32\DRIVERS\hpfecp06.sys [11/03/2005 3:29 PM 38176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-02 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2004-08-04 00:12]

2009-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-03-16 16:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-03-16 16:22]

2009-12-07 c:\windows\Tasks\QuickClean.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-03-16 16:22]

2009-10-26 c:\windows\Tasks\WebReg Photosmart C4200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-11 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
MSConfigStartUp-CTFMON - (no file)



**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2010-01-07 01:59:15
ComboFix-quarantined-files.txt 2010-01-07 06:59
ComboFix2.txt 2009-12-21 01:02

Pre-Run: 46,625,320,960 bytes free
Post-Run: 46,722,174,976 bytes free

- - End Of File - - B395DFC36C64698AD9F01B351E9BE360

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 7th January 2010, 11:17 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 7th January 2010, 10:21 pm

Malwarebytes' Anti-Malware 1.43
Database version: 3507
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

07/01/2010 5:18:39 PM
mbam-log-2010-01-07 (17-18-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 248328
Time elapsed: 6 hour(s), 14 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0010041.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0010042.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 7th January 2010, 10:45 pm

Even after restarting my computer as instructed by MBAM, the wallpaper hasn't gone away.

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Majere613 on 7th January 2010, 11:12 pm

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic. ~DragonMaster Jay

Majere613
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25315
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 7th January 2010, 11:28 pm

Please download [You must be registered and logged in to see this link.] (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 7th January 2010, 11:37 pm

SmitFraudFix v2.424

Scan done at 18:33:11.92, 07/01/2010
Run from C:\Documents and Settings\Amanda\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Amanda\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Amanda


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Amanda\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Amanda\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Amanda\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 24.200.241.37
DNS Server Search Order: 24.201.245.77
DNS Server Search Order: 24.200.243.189

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDF74250-74F4-4642-ABF0-2471AFD932FD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDF74250-74F4-4642-ABF0-2471AFD932FD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BDF74250-74F4-4642-ABF0-2471AFD932FD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 7th January 2010, 11:43 pm

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.
  • Please disable realtime protection. The only realtime protection that gets in the way and need to be disabled: Windows Defender, Microsoft Security Essentials, Spybot TeaTimer, WinPatrol, and Ad-Aware AdWatch. If you have anyone of those, please disable them.
  • Double-click DragonFix.reg, and follow the prompt(s).
  • Please reboot your computer.


Does the Desktop let you remove/change the wallpaper?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 7th January 2010, 11:46 pm

Umm..
I believe that I do have one of the realtime protection; Microsoft Security Essentials, but how do I disable it?

Yes, the Desktop allows me to change the wallpaper, but I can't remove it.

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 7th January 2010, 11:52 pm

open MSE, click on the Settings tab, Real-Time Protection, and uncheck "turn on real-time protection".

After you run DragonFix and reboot your computer, do the process again to turn MSE back on.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 8th January 2010, 12:01 am

Is Windows Security Center the same thing as Microsoft Security Essentials?

Is this it?



Last edited by DragonMaster Jay on 8th January 2010, 12:08 am; edited 1 time in total (Reason for editing : Tidyness :))

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 8th January 2010, 12:08 am

No it's not. I see you have McAfee. That would be the one to disable normally, but since they do not reverse changes, it is safe to go ahead with DragonFix now!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 8th January 2010, 12:12 am

All I had to do was follow those two steps after clicking on DragonFix.reg?

Now I need to reboot?

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 8th January 2010, 12:35 am

Yep. Done. Now reboot your computer, kindly, and tell me if there was a change.

Please download [You must be registered and logged in to see this link.] by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, click No at the prompt.
Click Exit on the Main menu to close the program.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 8th January 2010, 12:42 am

I'm sorry, but the wallpaper still persists >__<

I'm currently doing another MBAM Quick Scan, while post the log if anything pops up.

---
The log;
---
Malwarebytes' Anti-Malware 1.44
Database version: 3511
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

07/01/2010 10:09:19 PM
mbam-log-2010-01-07 (22-09-19).txt

Scan type: Quick Scan
Objects scanned: 148351
Time elapsed: 1 hour(s), 25 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Last edited by SilverSonata on 8th January 2010, 3:09 am; edited 1 time in total (Reason for editing : Scanning completed)

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 8th January 2010, 3:42 am

I'm not sure if this is relevant but;

I have a computer with many accounts, and when I was on my sister's account to delete her Temporary Internet Files so that the scan would proceed more smoothly, I noticed that her wallpaper was not infected.

Is this because the wallpaper virus did not reach my sister's computer yet?

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 8th January 2010, 6:15 am

Please reboot your computer. To reboot into Safe Mode, tap the F8 key continually, just before Windows starts to load.
Select the first option, to run Windows in Safe Mode, then press "Enter".


Once in Safe Mode, open the SmitfraudFix folder and double click "SmitfraudFix.cmd".
Select option #2 - Clean by typing 2 and press "Enter".
You will be prompted : "Registry cleaning - Do you want to clean the registry?", answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found), answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. If it doesn't, please restart anyway into Normal Mode. A text file will appear, with results from the cleaning process.

Please copy/paste its content into your next reply with a new HijackThis log.

(The report can also be found at the root of the system drive, usually at C:\rapport.txt)

Warning: running option #2 on a non infected computer will remove your Desktop background.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 8th January 2010, 1:09 pm

SmitFraudFix v2.424

Scan done at 7:48:50.01, 08/01/2010
Run from C:\Documents and Settings\Amanda\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDF74250-74F4-4642-ABF0-2471AFD932FD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDF74250-74F4-4642-ABF0-2471AFD932FD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BDF74250-74F4-4642-ABF0-2471AFD932FD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 8th January 2010, 1:12 pm

When I tried to download HijackThis, I received the following;

"The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance."

I am not on Safe Mode, so I presume it is because Windows Installer is not correctly installed...

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 8th January 2010, 2:00 pm

Please navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

Then try it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 8th January 2010, 10:59 pm

=/

Even when I try to run the 'Fix it for me', I still get the same message.
Should I try to do it manually?

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 8th January 2010, 11:46 pm

Ah, I was able to get it running thanks to;
[You must be registered and logged in to see this link.]

Do I still need to do the Microsoft Fix It or can I go straight to HijackThis?

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 8th January 2010, 11:58 pm

Here is the HijackThis log;

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 06:58:18, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Amanda\Desktop\TrendMicro\HiJackThis\HiJackThis.exe

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 7955 bytes

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 9th January 2010, 3:21 am

Please copy and paste the following in to Notepad:
Code:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=-
"NoDispCPL"=-
"NoDispBackgroundPage"=-
"NoDispScrSavPage"=-
"NoDispSettingsPage"=-
"wallpaper"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"wallpaper"=-
"NoDispAppearancePage"=-
"NoDispCPL"=-
"NoDispBackgroundPage"=-
"NoDispScrSavPage"=-
"NoDispSettingsPage"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ActiveDesktop]
"NoChangingWallPaper"="0"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ActiveDesktop]
"NoChangingWallPaper"="0"
Then click File > Save as
Save as wallpaperFIX.reg to your Desktop.
Choose Save as type: All Files.
Click Save.

Exit Notepad, then double-click on wallpaperFIX.reg to run the script.

After you have confirmed the prompts, please restart your computer.

Let me know if your wallpaper will cooperate now.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 9th January 2010, 3:43 am

When I rebooted my computer, I now have two annoying things pop up;

This one appears ar the very beggining after logging in;


And this one starts to load itself automatically after a minute or two and will not disappear unless I use the Ctrl + Alt + Delete Command (If I click Cancel a few times, it will only temporarily go away, and a minute later, it will automatically restart to load again);


Also, while my desktop was loading, before the virus, I usually see my wallpaper appear along with my icons, but ever since the virus, I only see the wallpaper and then the icons appear after 2 minutes (I timed it while waiting). The very same thing happened right now and since it's not like my usual, it's worrying me because it's the exact same behavior as the

Thank you for your patience and perseverance with me. I'm sorry for causing you so many inconveniences.

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 9th January 2010, 4:09 am

Don't worry.

Please go [You must be registered and logged in to see this link.]. Copy and paste the following file path in to the box.

C:\windows\explorer.exe

Then click submit.

Please post the results (URL) to your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 9th January 2010, 4:12 am

[You must be registered and logged in to see this link.]

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 9th January 2010, 4:20 am

I need for that file to be re-analyzed.

It was already analyzed, but a new analysis must be done.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 9th January 2010, 4:22 am

I'm sorry, is this the right one now?

[You must be registered and logged in to see this link.]

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 9th January 2010, 5:37 am

Ok. Good.

Please copy and paste the following in to Notepad:
Code:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=dword:00000000
"NoHTMLWallPaper"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=hex:00,00,00,00
"NoActiveDesktop"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoFolderOptions"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"NoCDBurning"=dword:00000000
"NoComputersNearMe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
"NoActiveDesktopChanges"=hex:00,00,00,00
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=-
"WallPaperStyle"=-
"NoVisualStyleChoice"=dword:00000001 
"NoColorChoice"=dword:00000001 
"NoSizeChoice"=dword:00000001
Then click File > Save as
Save as wallFIX.reg to your Desktop.
Choose Save as type: All Files.
Click Save.

Exit Notepad, then double-click on wallFIX.reg to run the script.

After you have confirmed the prompts, please restart your computer.

Let me know if your wallpaper will cooperate now.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 9th January 2010, 5:53 am

My wallpaper is doing very well now. Thank you very much!

But at the startup of my computer, I still have the 'Found New Hardware Wizard' as well as the other download CD.

As for all the suggested downloads you have asked me to download up to now, can I uninstall them? If so, how?

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 9th January 2010, 7:28 am

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
==

Download WhoCrashed [You must be registered and logged in to see this link.]
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 9th January 2010, 5:04 pm

Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Sun 20/12/2009 10:36:58 PM your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x8284FDA0, 0x8284FF14, 0x8060567E)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\WINDOWS\Minidump\Mini122009-02.dmp
file path: C:\WINDOWS\system32\csrss.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Client Server Runtime Process
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sun 20/12/2009 10:32:14 PM your computer crashed
This was likely caused by the following module: kxloapog.sys
Bugcheck code: 0x10000050 (0xFAE9500B, 0x0, 0xEBF68F60, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini122009-01.dmp



On Tue 10/03/2009 02:29:17 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1F09000, 0x2, 0x0, 0xEE83FD00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030909-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sun 08/03/2009 04:47:35 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1F10000, 0x2, 0x0, 0xEED62D00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030809-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sat 07/03/2009 04:48:47 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1EF8000, 0x2, 0x0, 0xEE809D00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030709-03.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sat 07/03/2009 04:44:20 PM your computer crashed
This was likely caused by the following module: mpfp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xEE508295, 0xED7ED174, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini030709-02.dmp
file path: C:\WINDOWS\system32\drivers\mpfp.sys
product: McAfee Personal Firewall Plus
company: McAfee, Inc.
description: McAfee Personal Firewall Plus Driver



On Sat 07/03/2009 04:35:54 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1F2C000, 0x2, 0x0, 0xEE402D00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030709-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Fri 06/03/2009 10:50:22 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1ECD000, 0x2, 0x0, 0xEE82ED00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030609-02.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Fri 06/03/2009 10:39:47 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1EB6000, 0x2, 0x0, 0xEF26ED00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030609-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Wed 28/06/2006 04:59:13 PM your computer crashed
This was likely caused by the following module: dump_wmimmc.
Bugcheck code: 0x100000CE (0xEDDDFD2F, 0x0, 0xEDDDFD2F, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini062806-03.dmp



On Wed 28/06/2006 04:35:47 PM your computer crashed
This was likely caused by the following module: dump_wmimmc.
Bugcheck code: 0x100000CE (0xEEC5FD2F, 0x0, 0xEEC5FD2F, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini062806-02.dmp



On Wed 28/06/2006 04:22:31 PM your computer crashed
This was likely caused by the following module: dump_wmimmc.
Bugcheck code: 0x100000CE (0xEE678D2F, 0x0, 0xEE678D2F, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini062806-01.dmp



On Sun 25/12/2005 02:41:33 PM your computer crashed
This was likely caused by the following module: ssrtln.sys
Bugcheck code: 0x100000D1 (0xF8136D9C, 0x2, 0x1, 0xF88B282F)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini122505-01.dmp
file path: C:\WINDOWS\system32\drivers\ssrtln.sys
company: Sonic Solutions
description: Shared Driver Component




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

13 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. nȯne it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 9th January 2010, 6:23 pm

I was just doing a scan on MBAM and the results were interesting;

Malwarebytes' Anti-Malware 1.44
Database version: 3527
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

09/01/2010 01:20:29 PM
mbam-log-2010-01-09 (13-20-29).txt

Scan type: Full Scan (A:\|D:\|E:\|)
Objects scanned: 134139
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.


---

So that was the infection that covered my wallpaper? I should have scanned my A:\|D:\|E:\| Drives earlier. =/

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 9th January 2010, 11:40 pm

Must have been. We took care of it anyway, because we locked the keys, so you have control over the wallpaper only. At least you have wallpaper back.

Now let's find out what that driver is that keeps crashing a system file on your computer. Also, the culprit in those Found New Hardware popups.
==

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 10th January 2010, 6:25 am

[You must be registered and logged in to see this link.]

Thank you very much for helping me. =)

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 10th January 2010, 10:20 am

The new hardware popup cannot be determined, because it is hard to tell what needs to be installed. In the GSI log, all I can see is an Unknown Device.

Your Windows Installer is not functioning properly. Do you know the version number of Windows Installer on your computer? It can be found in Add or Remove Programs (Control Panel).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 10th January 2010, 4:52 pm

I'm sorry, but I'm having trouble finding out the number of my Windows Installer, what name is it under in the 'Add or Remove Programs' because I can't find it on the long list.

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 10th January 2010, 5:25 pm

No biggie. Big Grin

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 10th January 2010, 5:28 pm

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee SecurityCenter
``````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 11th January 2010, 12:00 am

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Lastly, see [You must be registered and logged in to see this link.] for more info about malware and prevention.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 11th January 2010, 2:27 am

Thank you so very much for all the help and support you have given me.
=)

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 11th January 2010, 2:49 am

When I read the article you suggested to me, I saw many free antiviruses that interested me.

Which antivirus would you suggest to me because my McAfee program is nearing it's expiration and I would like to consider all the posibilites. Should I wait for the expiration to come to a full end before I download these antiviruses?
Because I heard that having too many of them just causes them to clash with eachother.

Is there also a limit to the number of firewalls one can have on the computer?

Also, my father recently bought 'Webroot Internet Security Essentials 2010' is this program a antivirus with a firewall? It only came with the box and it's CD, and I browsed to check it's ratings, and they seem fine, but I would like to know your opinion if the Antiviruses and Firewall you suggest in the link are more effective than this program.

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 11th January 2010, 6:51 am

Webroot should be fine.

Only one firewall is necessary and will work.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 12th January 2010, 2:14 am

I'm sorry to bother you again, but both 'Found New Hardware Wizard' and the 'Status' windows still appear at startup of my computer.

Is there any way to permenantly remove it?

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by Dr Jay on 12th January 2010, 3:24 am

As I said a little bit ago, it is not possible to find the root of the issue there, because I cannot tell from here the unknown device. If I knew the unknown device, it would be easier to configure it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Unremovable Wallpaper from AntiVirus System Pro

Post by SilverSonata on 12th January 2010, 3:29 am

Ok, thank you very much for trying so hard to help me with all these problems. =)

SilverSonata
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-11-30
OS OS : Windows 7
Protection Protection : Norton Internet Security
Points Points : 26375
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum