Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Desktop background hijack

Started by v2575 , Apr 23 2005 10:58 PM

  • Please log in to reply

#1
v2575
Posted 23 April 2005 - 10:58 PM

v2575

    New Member

  • Member
  • Pip
  • 3 posts
My background convert in to black color and i can't change due hiding the background tab in display menu, i run norton antivirus, ad-aware, spyware blaster and spyware doctor with latest update.
hijackthis log attached, pls help me.

Logfile of HijackThis v1.99.1
Scan saved at 10:23:12 AM, on 24-Apr-05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\netdde.exe
D:\WINNT\System32\msdtc.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\llssrv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
D:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\Program Files\Seagate Software\WCS\pageserver.exe
D:\WINNT\system32\pctspk.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Seagate Software\WCS\WebCompServer.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\Dfssvc.exe
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Microsoft AntiSpyware helper - {3CE556C5-3433-4AC3-A854-996401428904} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3CE556C5-3433-4AC3-A854-996401428904} - (no file) (HKCU)
O12 - Plugin for .NPSSView: D:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c32.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vivek
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4404A6B-AE81-4D19-9110-3785BAAE8D12}: NameServer = 61.0.0.65 61.0.0.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vivek
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vivek
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: CWShredder Service - Unknown owner - D:\Documents and Settings\Administrator\Desktop\CWShredder214.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Seagate Page Server (pageserver) - Unknown owner - D:\Program Files\Seagate Software\WCS\pageserver.exe" -service -cache -deleteCache (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - D:\WINNT\system32\pctspk.exe
O23 - Service: Seagate Web Component Server (WebCompServer) - Unknown owner - D:\Program Files\Seagate Software\WCS\WebCompServer.exe" -service (file missing)
  • 0

Advertisements

#2
Avohir
Posted 08 May 2005 - 02:28 AM

Avohir

    Visiting Staff

  • Visiting Consultant
  • 1,002 posts
Hi and welcome to GTG :tazz:

Sorry for the late reply,
If you’re still looking to resolve this issue,
Please run through the steps outlined in this Topic
Post back a fresh log when done please

If you have resolved this issue please let us know,
Thanks and again sorry for the late reply,

-Avohir
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP