[whyme]

I ran search and destroy and ad aware in safe mode. Both came up clean. I have not heard of regedit. I am curious. I am concerned that if i do a system restore that the grabage that was on my computer before i ran all of these scans last night will return.  All these scans found substantial junk and it now seems as if it is all cleared out. The computer is flying around now, so speed is not a factor. Incidently, when i rebooted into normal mode, my background did change color, but it still will not let me into the windows XP background. This makes we wonder if in my absent minded haste do rid myself of the original red spyware add that ate my desktop, i accidentally deleted a file that supported my desktop integrity. Any thoughts on the date change. This may sound stupid but i thought it might have suggested a intrusion by someone on the other side of the international date line, who is borrowing my resources.(whatever that means) What do suggest next?

Oh yeah, any thoughts about the double icons that appeared on my 'new' desktop after installing the scanners and cleaners?

[Advertisements]

Any thoughts on the multiple icons displayed after installation of these scanners and cleaners on my 'new' desktop?

[whyme]

Any thoughts on the multiple icons displayed after installation of these scanners and cleaners on my 'new' desktop?

[Lightninghawk]

Sorry about the length of time it took to post this reply. My computer at home was crashed by my sister. so I have not been able to access the internet.

I'm not sure about the double Icons. you should just be able to delete them. I don't believe your system restore would reload all of your spyware problems. It might get rid of a few. Try a System Restore to A previous night. One that everything was working fine on. I believe you said that last thursday was when your problems started.. so maybe go back to last tuesday. give it a shot and let me know what you come up with.

and regedit is a last resort. I won't even begin to walk you through it because you have never used it before. It is a very precise and tedious technique. I have ruin my own computer before just experimenting with it so that I could learn about it. If you delete just one wrong file. Your computer will no longer work.

[whyme]

no problem, I thought i lost you. Tried a system restore for the tuesday and the computer wouldn't do it. Tried again for the sunday before and the computer wouldn't do it again. Any more suggesgtions?

[whyme]

my problem is the exact same one that the posts by alexs464 is having, if that helps

[Lightninghawk]

Where is that post located?

[whyme]

Malware removal. here is a link:
http://www.geekstogo...top-t15003.html

[Lightninghawk]

I've Found it. Thanks for the link though. That was helpful . Umm.. have you tried following the steps posted there for removing these things? Just out of curiousity. Thought you might try that. If so thats a good thing. If not give it a shot. I'm at school and I'm researching everything I can find on it. You don't need to download the trojan hunter or anything like that though. Brb.

[whyme]

I have tried it through removing things from the safe mode step. Did that last night, but the files he was looking for me to delete were not on my computer. Although my computer seems to be working, except for missing my desktop of course, i may have deleted to much stuff. I run those hijackthis logs and they come back with virtually nothing on them. I cannot do a system restore, i am becoming worried that i have really done some damage. I wish i found this forum before i started poking and proding my computer. i really appreciate the time you have invested and continue to hope for positive results. i am at work today till four and then i have to write a paper for school, so i probably won't leave here till around six tongiht, at the earliest. Point being you can take your time researching what to do, can't apply any suggestions until later tonight. However, anything you do find i will attempt tonight and get back to you as soon as possible.

[Lightninghawk]

Ok I'll have something very soon. Hopefully with a great result at the end of it

[whyme]

Check it out. This is all that hijackthis is pulling up now. compared with the first log i sent which had lots of stuff on it. This is scaring the crap out of me.

Logfile of HijackThis v1.99.1
Scan saved at 8:03:13 PM, on 4/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atievxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jeff\Desktop\HijackThis-3.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\23c929be5c0510672389df589a274f77\update\update.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

is this normal, or do you see anything that may help us eliminate very frustrating problem?

[Lightninghawk]

Everything is fine except.
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

I'll post a solution first thing in the morning at school. I'm working the night shift tonight.

[whyme]

This problem is starting to pick up in frequency in the forum, yet no one has been able to regain all desk top functions back, including right click options. pretty wierd stuff. Let me know what you come up with for the 023-(file missing) thing when you get a chance. i should be home earlier tonight and i am begining to have some fun hunting this sucker down. Someone in one of the other strings mentioned that this type of virus or spyware, whatever it is, probably has some keywatch, or something like that, attached. can you explain to me what that may be?

[Lightninghawk]

By keywatch I assume they mean keylogger. It's a very basic program. I used one to get the password to the blocker my mother placed on the computer. It's function is very simple. It records every keystroke you make on your keyboard. Then sends the log to a specified destination. Such as an E-mail account.

[Lightninghawk]

I found out that wdfmgr.exe is a non-required file for Windows Media Player 10. File Information

I don't think it would hurt to go ahead and delete it from HJT because it's missing anyway, but if you would like to retrieve the file let me know and I'll will upload it to my site and give you a link to download it from.

Here is a program that may help us with the spyware. I had a friend look it up because he had the same thing. He used the microsoft beta version tool.

Microsoft Antispy Direct Dowload Link

Edited by Lightninghawk, 05 April 2005 - 08:22 AM.