Message On Desktop wallpaper

View previous topic View next topic Go down

Message On Desktop wallpaper

Post by jswift450 on Fri Jan 08, 2010 10:25 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:52 PM, on 1/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\Grandpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\My Documents\My Music\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO:  - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - [You must be registered and logged in to see this link.]
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8818 bytes
HI I Have A Message On My Desktop wallpaper back i have malwareanti program an thats still there how to remove that

jswift450
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 56
Joined Joined : 2010-01-08
OS OS : Windows XP

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by Belahzur on Fri Jan 08, 2010 10:34 pm

Hello.

Please download the LSPfix from here: [You must be registered and logged in to see this link.]
Unzip it to the Desktop (Important!!) and run it. Check the box that says "I know what I'm doing", and then select each instance of "helper32.dll" in the left-hand panel and click >> button to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO:  - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
    O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
    O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by jswift450 on Fri Jan 08, 2010 10:52 pm

Thank You Very Much It Worked Just Pry That The Internet Sec. 2010 Stays Off Here Cause Thats The Main Problem Thank You Again

jswift450
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 56
Joined Joined : 2010-01-08
OS OS : Windows XP

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by Belahzur on Fri Jan 08, 2010 10:53 pm

Hello.
We aren't done just yet.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by jswift450 on Fri Jan 08, 2010 10:55 pm

DDS (Ver_09-12-01.01) - NTFSx86
Run by Grandpa at 17:54:15.78 on Fri 01/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional

5.1.2600.3.1252.1.1033.18.1023.558 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes'

Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program

Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Grandpa\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\Local

Settings\Application

Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Grandpa\My Documents\My

Music\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
BHO: &Yahoo! Toolbar Helper:

{02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program

files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper:

{18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search:

{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg8\avgssie.dll
BHO: Search Helper:

{6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program

files\microsoft\search enhancement pack\search

helper\SearchHelper.dll
BHO: MSN Toolbar Helper:

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program

files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper:

{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class:

{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class:

{fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

files\yahoo!\companion\installs\cpn0\YTSingleInstance.

dll
TB: Yahoo! Toolbar:

{ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn0\yt.dll
TB: MSN Toolbar:

{1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program

files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE

c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program

files\malwarebytes' anti-malware\mbamgui.exe"

/starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} -

[You must be registered and logged in to see this link.]
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -

[You must be registered and logged in to see this link.]
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -

[You must be registered and logged in to see this link.]

ader.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} -

[You must be registered and logged in to see this link.]

ntiVirus.dll
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -

[You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

[You must be registered and logged in to see this link.]

dows-i586.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} -

[You must be registered and logged in to see this link.]

yer_v6.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -

[You must be registered and logged in to see this link.]

dows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

[You must be registered and logged in to see this link.]

dows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

[You must be registered and logged in to see this link.]

h/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} -

[You must be registered and logged in to see this link.]

l
SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 MBAMService;MBAMService;c:\program

files\malwarebytes' anti-malware\mbamservice.exe

[2010-1-8 236368]
R3

MBAMProtector;MBAMProtector;c:\windows\system32\driver

s\mbam.sys [2010-1-8 19160]
S2 MyWebSearchService;My Web Search

Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe -->

c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]

=============== Created Last 30 ================

2010-01-08 22:41:01 0 d-----w-

c:\program files\TrendMicro
2010-01-08 21:50:13 0 d-----w-

c:\docume~1\grandpa\applic~1\Malwarebytes
2010-01-08 21:50:09 38224 ----a-w-

c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 21:50:08 19160 ----a-w-

c:\windows\system32\drivers\mbam.sys
2010-01-08 21:50:08 0 d-----w-

c:\program files\Malwarebytes' Anti-Malware
2010-01-08 21:50:08 0 d-----w-

c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-08 21:27:17 0 ----a-w-

c:\windows\system32\24464.exe
2010-01-08 21:07:16 0 ----a-w-

c:\windows\system32\26962.exe
2010-01-08 20:47:16 0 ----a-w-

c:\windows\system32\29358.exe
2010-01-08 20:27:15 0 ----a-w-

c:\windows\system32\11478.exe
2010-01-08 20:07:15 0 ----a-w-

c:\windows\system32\15724.exe
2010-01-08 19:47:15 0 ----a-w-

c:\windows\system32\19169.exe
2010-01-08 19:27:14 0 ----a-w-

c:\windows\system32\26500.exe
2010-01-08 19:07:14 0 ----a-w-

c:\windows\system32\6334.exe
2010-01-08 18:47:12 0 ----a-w-

c:\windows\system32\18467.exe
2010-01-08 18:04:27 2931 ----a-w-

c:\windows\system32\warning.html
2010-01-02 02:03:41 0 d-----w-

c:\docume~1\grandpa\applic~1\Skunk Studios
2010-01-02 01:56:10 0 d-----w-

c:\docume~1\alluse~1\applic~1\GameXzone
2009-12-27 01:09:16 0 d-----w-

c:\docume~1\alluse~1\applic~1\Alawar Stargaze
2009-12-27 01:08:27 0 d-----w-

c:\program files\Season Match 2
2009-12-27 01:07:58 0 d-----w-

c:\program files\Jewel Match
2009-12-27 01:06:32 0 d-----w-

c:\program files\The Treasures of Montezuma 2
2009-12-17 20:56:51 0 d-----w-

c:\documents and settings\grandpa\System
2009-12-17 20:56:51 0 d-----w-

c:\docume~1\grandpa\applic~1\SmartDraw

==================== Find3M ====================

2009-12-07 03:27:13 604488 ----a-w-

c:\windows\system32\TUProgSt.exe
2009-12-07 03:27:10 361288 ----a-w-

c:\windows\system32\TuneUpDefragService.exe
2009-11-16 11:25:48 29000 ----a-w-

c:\windows\system32\uxtuneup.dll
2009-10-14 00:23:04 15600 ----a-w-

c:\windows\gdrv.sys

============= FINISH: 17:54:26.98 ===============

jswift450
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 56
Joined Joined : 2010-01-08
OS OS : Windows XP

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by jswift450 on Fri Jan 08, 2010 10:55 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT

POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2005 11:24:05 AM
System Uptime: 1/8/2010 5:48:56 PM (0

hours ago)

Motherboard: Gigabyte Technology Co.,

Ltd. | | nForce
Processor: AMD Athlon(tm) 64 Processor

3200+ | Socket 939 | 2100/210mhz

==== Disk Partitions

=========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total,

83.809 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items

=============

Class GUID:

{4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID:

PCI\VEN_1095&DEV_3512&SUBSYS_65121095&RE

V_01\4&3191A3E6&0&6870
Manufacturer:
Name: RAID Controller
PNP Device ID:

PCI\VEN_1095&DEV_3512&SUBSYS_65121095&RE

V_01\4&3191A3E6&0&6870
Service:

==== System Restore Points

===================

RP167: 1/8/2010 5:41:00 PM - Installed

HiJackThis
RP168: 1/8/2010 5:41:43 PM - Installed

AVG Free 9.0

==== Installed Programs

======================

µTorrent
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AIO_Scan
Alex Gordon
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Be Richer
Big Fish Games Client
Big Fish Games Toolbar 2.0
Blokus World Tour
Bob the Builder - Can Do Zoo
BonusBingo 1.0
BufferChm
C4200
C4200_doccd
c4200_Help
Cake Mania Main Street
CallOfDuty
Candy Land - Dora the Explorer Edition
CCScore
Combined Community Codec Pack 2009-09-09
ConvertXtoDVD 3.8.0.193f
Cooking Dash: DinerTown Studios
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diego's Dinosaur Rescue
Diego Dinosaur Rescue
Diego`s Dinosaur Adventure
Diner Dash: Hometown Hero
DocProc
DocProcQFolder
Dora's Carnival 2: Boardwalk Adventure
Doras Carnival 2: At the Boardwalk
Drawn: The Painted Tower ™
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
Fashion Fortune
Fill Up!
Fizzball
Flux Family Secrets: The Ripple Effect
Google Chrome
HiJackThis
Horatio's Travels
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
I SPY Fun House™
Ice Cream Mania
InstallMgr
InterActual Player
Java(TM) 6 Update 15
Jewel Match
Jump Jump Jelly Reactor
Kodak EasyShare software
La Casa De Dora
Lego Chic Boutique
LEGO Fever
Magic Ball 4
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 2.0
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005

Redistributable
MP3 Rocket
Mr Jones' Graveyard Shift
MSN
MSN Toolbar
Mystery Age: The Imperial Staff
Nancy Drew Dossier: Resorting to Danger
Nero 7 Ultra Edition
neroxml
netbrdg
NVIDIA Drivers
NVIDIA nView Desktop Manager
OfotoXMI
Pac-Man
Peggle
Peter Flat's Inflatable Adventures
Professor Fizzwizzle
Professor Fizzwizzle and the Molten

Mystery
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
Pure hȋdden
Purrfect Pet Shop
QuickTime
Realtek AC'97 Audio
Scan
Season Match 2
Security Update for Windows Internet

Explorer 8 (KB972260)
Security Update for Windows Media Player

(KB952069)
Security Update for Windows Media Player

(KB973540)
SFR
SHASTA
skin0001
SKINXSDK
Slingo
Slingo Mystery: Who's Gold
Slingo Quest Hawaii
Slingo Supreme
SolutionCenter
SpongeBob SquarePants Krabby Quest
SpongeBob SquarePants Obstacle Odyssey
staticcr
Status
Super Granny Winter Wonderland
The Treasures of Montezuma 2
Tibet Quest
Toolbox
TrayApp
Treasure Seekers: The Enchanted Canvases
TuneUp Utilities 2009
Turtix
UnloadSupport
Update for Windows Internet Explorer 8

(KB973874)
VideoLAN VLC media player 0.8.6i
VideoToolkit01
Virtual Families
VPRINTOL
WebFldrs XP
WebReg
Wedding Dash: Ready, Aim, Love
Winamp
Windows Internet Explorer 8
Windows Media Component Setup

Application 11.0.5358.4826
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip 12.1
WIRELESS
Xango Tango
Yahoo! BrowserPlus
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past

Week ========

1/8/2010 5:49:29 PM, error: sr [1] -

The System Restore filter encountered

the unexpected error '0xC0000001' while

processing the file '' on the volume

'HarddiskVolume1'. It has stopped

monitoring the volume.
1/8/2010 4:59:55 PM, error: Service

Control Manager [7034] - The TuneUp

Program Statistics Service service

terminated unexpectedly. It has done

this 1 time(s).
1/8/2010 4:48:22 PM, error: Service

Control Manager [7034] - The NVIDIA

Display Driver Service service

terminated unexpectedly. It has done

this 1 time(s).
1/8/2010 4:28:34 PM, error: Service

Control Manager [7034] - The Yahoo!

Updater service terminated unexpectedly.

It has done this 1 time(s).
1/2/2010 9:08:00 AM, error: Service

Control Manager [7000] - The My Web

Search Service service failed to start

due to the following error: The system

cannot find the path specified.

==== End Of File

===========================

jswift450
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 56
Joined Joined : 2010-01-08
OS OS : Windows XP

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by Belahzur on Fri Jan 08, 2010 10:58 pm

Hello.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    Java(TM) 6 Update 15

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    MyWebSearchService

    :files
    c:\windows\system32\24464.exe
    c:\windows\system32\26962.exe
    c:\windows\system32\29358.exe
    c:\windows\system32\11478.exe
    c:\windows\system32\15724.exe
    c:\windows\system32\19169.exe
    c:\windows\system32\26500.exe
    c:\windows\system32\6334.exe
    c:\windows\system32\18467.exe
    c:\windows\system32\warning.html


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by jswift450 on Fri Jan 08, 2010 11:01 pm

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.1.4.0 log created on 01082010_180040

jswift450
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 56
Joined Joined : 2010-01-08
OS OS : Windows XP

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by jswift450 on Fri Jan 08, 2010 11:01 pm

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.1.4.0 log created on 01082010_180040

jswift450
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 56
Joined Joined : 2010-01-08
OS OS : Windows XP

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by Belahzur on Fri Jan 08, 2010 11:03 pm

Did you copy all my script, you should have copied everything inside this code box.

Code:

:services
MyWebSearchService

:files
c:\windows\system32\24464.exe
c:\windows\system32\26962.exe
c:\windows\system32\29358.exe
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\18467.exe
c:\windows\system32\warning.html


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by jswift450 on Fri Jan 08, 2010 11:05 pm

========== SERVICES/DRIVERS ==========
Service MyWebSearchService stopped successfully!
Service MyWebSearchService deleted successfully!
========== FILES ==========
c:\windows\system32\24464.exe moved successfully.
c:\windows\system32\26962.exe moved successfully.
c:\windows\system32\29358.exe moved successfully.
c:\windows\system32\11478.exe moved successfully.
c:\windows\system32\15724.exe moved successfully.
c:\windows\system32\19169.exe moved successfully.
c:\windows\system32\26500.exe moved successfully.
c:\windows\system32\6334.exe moved successfully.
c:\windows\system32\18467.exe moved successfully.
c:\windows\system32\warning.html moved successfully.

OTM by OldTimer - Version 3.1.4.0 log created on 01082010_180530

jswift450
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 56
Joined Joined : 2010-01-08
OS OS : Windows XP

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by Belahzur on Fri Jan 08, 2010 11:06 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Message On Desktop wallpaper

Post by jswift450 on Fri Jan 08, 2010 11:07 pm

lot better i thank you alot

jswift450
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 56
Joined Joined : 2010-01-08
OS OS : Windows XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum