Subscribe RSS
Home > Hijackthis Log > HijackThis Log: Locked Wallpaper

HijackThis Log: Locked Wallpaper

Managed to remove the Paytime.exe file in the manner stated on another site. C:\3.tmp C:\5.tmp C:\d.bat C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Documents and Settings\jamal\Application Data\WinTouch\config.cfg.001069c420a399b8fa7af921a835162f C:\Documents and Settings\jamal\Application Data\WinTouch\config.cfg.d9bacd987c58773e5e85a075cef6fe2c C:\Documents and Settings\jamal\err.log C:\Documents and Settings\jamal\ResErrors.log C:\Documents and Settings\jamal\Start Menu\Programs\Startup\TA_Start.lnk C:\Program Files\amsys\awmsg.dat C:\Program Files\amsys\guid.dat C:\Program Files\amsys\ijl15.dll o Click the Close button to leave the control center screen. · On the main screen, under Scan for Harmful Software click Scan your computer. · On the left check C:\Fixed C:\WINDOWS\system32\senekampulqgke.dll (Trojan.TDSS) -> Delete on reboot.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe I tried searching for them but no success. Please note that many features won't work unless you enable it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ptiriber (Trojan.Agent) -> Quarantined and deleted successfully.

Webcam Upload Wrapper) - O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht! O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Also please describe how your computer behaves at the moment. Now: the stupid blue screen with "SPYWARE DETECTED" is gone, and I can see my old desktop background again. Folders Infected: C:\Documents and Settings\Charlie\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Run Combofix ONCE only!! 0 Discussion Starter Vict 7 Years Ago Ok, I downloaded filefind but it couldn't find the file rfjxkq. However, since I knew I'd never look at them, I deleted them as soon as I first saw them! I'm also never told that I have spyware on my computer every 2 seconds anymore! I loved the help that i recieved form here befor eso maybe i could get help agian.

Is this an okay program or was it really the bad thing along with the other Viewpoint program I found and removed? Note:Do not mouse-click combofix's window while it is running. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. REPLY!!!

Logfile of HijackThis v1.99.1 Scan saved at 6:43:54 PM, on 12/26/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Common Service & Support Supportforum Deutsch | English (Spanish) Computerhilfen Log file Show the visitors ratings © 2004 - 2017 Click OK. · Make sure everything in the white box has a check next to it, then click Next. · It will quarantine what it found and if it asks if Thanks a bunch.

Literati - O16 - DPF: Yahoo! Now, launch Notepad (Start>Programs>Accessories>Notepad) Copy/paste all the bold text below to it making sure there is no blank line above REGEDIT4! AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! Back to top #3 Sonachu Sonachu Topic Starter Members 5 posts OFFLINE Local time:03:02 AM Posted 31 October 2005 - 01:38 AM Okay.

ComboFix 07-10-22.1 - jamal 2007-10-21 19:26:37.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.646 [GMT -7:00] Running from: C:\Documents and Settings\jamal\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . It's 100% free. Sign In Create Account Body Background skin color theme reset What the Tech Search Advanced Search section: Google This topic Forums Members Help Files Downloads Unreplied Topics View New Content Heres the log for combofix.

CF disconnects your machine from the internet. REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoViewContextMenu"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoViewContextMenu"=- "NoActiveDesktop"=- "ForceActiveDesktopOn"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoChangingWallPaper"=- "NoComponents"=- "NoAddingComponents"=- "NoDeletingComponents"=- "NoEditingComponents"=- "NoHTMLWallpaper"=- In Notepad, go to File (upper menu bar), and select: Save as In the Save as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.TDSS) -> Delete on reboot.

Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 19:11] "Creative Audio Studio V2.8"="C:\WINDOWS\unimontr.exe" [] "wkrf"="C:\Program Files\Common Files\wkrf\wkrfm.exe" [] "ISMModule6"="C:\Program Files\ISM\ISMModule6.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarra Jump to content Sign In Create Account Search Advanced Search section: This topic Anyway, things are definitely running better. Javascript You have disabled Javascript in your browser.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. You can always manually start it. Download this file : Double click combofix.exe & follow the prompts. scanning hidden files ...

it's funny. My computer is slow---My Blog---Follow me on Twitter.My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!Asking for help Bunny! Register now!

As for these other programs, I'll get them right now and bookmark the two virusscans you said. Those two files did appear on my desktop. Restart the computer. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\xdvkiaaf (Rootkit.Agent) -> Quarantined and deleted successfully.

Back to top #7 Sonachu Sonachu Topic Starter Members 5 posts OFFLINE Local time:03:02 AM Posted 31 October 2005 - 12:07 PM Okay. This will take some time!!!!!!!! So it will be started up with windows again next time. this Topic is closed.

Here is the HijackThis log I just produced.


© Copyright 2017 All rights reserved.