[calgooda1323]

Ok, here they are.. I also tried to do the desktop thing you said and it didn't change anything. I just left it as a general microsodt picture and it only shows part of the picture

Attached Files

•  mbam_log_3_20_2008__17_49_38_.txt   3.93KB   115 downloads
•  OTmoveIt2.txt   1.93KB   98 downloads

[Advertisements]

OH, and my system is moving much quicker and without all the crap. I definately see a HUGE improvement. I actually took my computer somewhere last time to have it fixed and they never could get rid of it all. Or so they say. I think it may have been conquered this time. THANKS

[calgooda1323]

OH, and my system is moving much quicker and without all the crap. I definately see a HUGE improvement. I actually took my computer somewhere last time to have it fixed and they never could get rid of it all. Or so they say. I think it may have been conquered this time. THANKS

[RatHat]

Lets see if we can fix your desktop:

Right click on Repair Desktop and download that file.

Double click on it, and click Yes when it asks you if you want to merge it into the registry. Once that's done, restart your computer.

Now try the procedure that I posted earlier, and see if you can get your background back.

Let me know how it goes.

Regards,
RatHat

[calgooda1323]

I downloaded it.. then when I click on it on my desktop it says " Windows cannot find REPAIR~1.REG."

Does this mean anything to you?? Or did I do something wrong??

Did we get rid of all the other junk?

Edited by calgooda1323, 20 March 2008 - 07:21 PM.

[RatHat]

Can you check something for me:

Go to Start, then Run, and type in regedit.

It should bring up the windows registry editor. If it does, just close it down.

Let me know what happens.

[calgooda1323]

It did bring it up

Edited by calgooda1323, 20 March 2008 - 07:48 PM.

[RatHat]

I'm pretty sure that we have got risd of all the rest of the junk, but something is not right, that it is effecting your desktop like this, and I don't want to give up on it.

Can you download Combofix again, and run it for me, then post me the new log:

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[calgooda1323]

Ok, here it is.

Attached Files

•  new_report.txt   9.73KB   187 downloads

[RatHat]

Combofix deleted a few more items, so whatever is causing this is well hidden! Lets do this:


1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Cortney\Application Data\GDIPFONTCACHEV1.DAT
C:\WINDOWS\Fonts\SET5FF.tmp
C:\WINDOWS\Fonts\SET50E.tmp
C:\WINDOWS\Fonts\SET5FE.tmp
C:\WINDOWS\Fonts\SET50D.tmp
C:\WINDOWS\Fonts\SET5FD.tmp
C:\WINDOWS\Fonts\SET50C.tmp
C:\WINDOWS\Fonts\SET5FC.tmp
C:\WINDOWS\Fonts\SET50B.tmp
C:\WINDOWS\Fonts\SET5FB.tmp
C:\WINDOWS\Fonts\SET50A.tmp
C:\WINDOWS\Fonts\SET602.tmp
C:\WINDOWS\Fonts\SET511.tmp
C:\WINDOWS\Fonts\SET601.tmp
C:\WINDOWS\Fonts\SET510.tmp
C:\WINDOWS\Fonts\SET600.tmp
C:\WINDOWS\Fonts\SET50F.tmp

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post Combofix.txt in your next reply. Please don't attach it, as it makes it harder to research files.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

• Go to http://support.f-sec.../home/ols.shtml
• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
• Allow the Active X control to be installed on your computer, then click the Accept button
• Click Full System Scan and allow the components to download and the scan to complete.
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

• When the cleaning option is presented, Uncheck Submit samples to F-Secure
• Click Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

• This scan will only work with Internet Explorer
• You must have administrator rights to run this scan
• This scan can take a while, so please be patient

[calgooda1323]

ComboFix 08-03-20.5 - Cortney 2008-03-20 21:00:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.138 [GMT -6:00]
Running from: C:\Documents and Settings\Cortney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cortney\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Cortney\Application Data\GDIPFONTCACHEV1.DAT
C:\WINDOWS\Fonts\SET50A.tmp
C:\WINDOWS\Fonts\SET50B.tmp
C:\WINDOWS\Fonts\SET50C.tmp
C:\WINDOWS\Fonts\SET50D.tmp
C:\WINDOWS\Fonts\SET50E.tmp
C:\WINDOWS\Fonts\SET50F.tmp
C:\WINDOWS\Fonts\SET510.tmp
C:\WINDOWS\Fonts\SET511.tmp
C:\WINDOWS\Fonts\SET5FB.tmp
C:\WINDOWS\Fonts\SET5FC.tmp
C:\WINDOWS\Fonts\SET5FD.tmp
C:\WINDOWS\Fonts\SET5FE.tmp
C:\WINDOWS\Fonts\SET5FF.tmp
C:\WINDOWS\Fonts\SET600.tmp
C:\WINDOWS\Fonts\SET601.tmp
C:\WINDOWS\Fonts\SET602.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Cortney\Application Data\GDIPFONTCACHEV1.DAT
C:\WINDOWS\Fonts\SET50A.tmp
C:\WINDOWS\Fonts\SET50B.tmp
C:\WINDOWS\Fonts\SET50C.tmp
C:\WINDOWS\Fonts\SET50D.tmp
C:\WINDOWS\Fonts\SET50E.tmp
C:\WINDOWS\Fonts\SET50F.tmp
C:\WINDOWS\Fonts\SET510.tmp
C:\WINDOWS\Fonts\SET511.tmp
C:\WINDOWS\Fonts\SET5FB.tmp
C:\WINDOWS\Fonts\SET5FC.tmp
C:\WINDOWS\Fonts\SET5FD.tmp
C:\WINDOWS\Fonts\SET5FE.tmp
C:\WINDOWS\Fonts\SET5FF.tmp
C:\WINDOWS\Fonts\SET600.tmp
C:\WINDOWS\Fonts\SET601.tmp
C:\WINDOWS\Fonts\SET602.tmp

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-20 20:13 . 2008-03-20 20:13 <DIR> d-------- C:\ComboFix(2)
2008-03-20 17:44 . 2008-03-20 17:44 <DIR> d-------- C:\Documents and Settings\Cortney\Application Data\Malwarebytes
2008-03-20 17:43 . 2008-03-20 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-20 17:41 . 2008-03-20 17:41 <DIR> d-------- C:\_OTMoveIt
2008-03-19 22:23 . 2008-03-19 22:23 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-03-14 23:36 . 2008-03-14 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-14 21:00 . 2008-03-14 22:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-14 21:00 . 2008-03-14 22:27 <DIR> d-------- C:\Documents and Settings\Cortney\Application Data\SUPERAntiSpyware.com
2008-03-14 21:00 . 2008-03-14 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-11 10:13 . 2008-03-20 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 10:13 . 2008-03-20 21:02 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 03:59 --------- d-----w C:\Program Files\Trend Micro
2008-03-15 02:18 --------- d-----w C:\Program Files\Java
2008-03-11 15:40 --------- d-----w C:\Program Files\Lx_cats
2008-02-22 15:51 --------- d-----w C:\Program Files\Diet Analysis Plus 8.0
2008-02-19 17:00 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-15 02:24 --------- d-----w C:\Program Files\Roguescanfix
2008-02-15 02:24 --------- d-----w C:\Program Files\Alfa & Ariss
2008-02-04 15:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 15:23 --------- d-----w C:\Program Files\Yahoo!
.

((((((((((((((((((((((((((((( snapshot@2008-03-20_10.59.57.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-20 16:48:27 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2008-03-21 02:15:03 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24 65536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 06:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 02:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 02:07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 13:20 88363 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-17 19:38 159744]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 20:00 126976]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2003-10-31 17:01 1019904]
"TPSMain"="TPSMain.exe" [2003-11-19 23:15 278528 C:\WINDOWS\system32\TPSMain.exe]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39 159744]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 18:16 172032]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-04-15 22:01 258048]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 12:29 40960]
"TFNF5"="TFNF5.exe" [2003-10-15 18:03 73728 C:\WINDOWS\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-11-20 19:24 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-11-20 19:25 77824]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-03-25 07:30 57344]
"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 12:42 69632]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-06 23:56 188416]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 10:30 65536]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 19:09 842584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 15:23:32 51776]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04 83360]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-03-07 19:42:20 1306624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-05-26 16:17 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2002-06-06 03:07]
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 11:03]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-14 19:38]

.
Contents of the 'Scheduled Tasks' folder
"2006-12-14 07:45:35 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 21:04:37
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-03-20 21:06:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 03:06:21
ComboFix2.txt 2008-03-21 02:22:47
ComboFix3.txt 2008-03-20 17:00:39

[RatHat]

Can you get your desktop background back yet?

[calgooda1323]

Scanning Report
Thursday, March 20, 2008 21:10:52 - 21:51:27

Computer name: TOSHIBA-USER
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 16 malware found
Trojan-Downloader.Win32.Agent.kvv (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\DOCUMENTS AND SETTINGS\CORTNEY\DESKTOP\OTSCANIT\MOVEDFILES\03202008_134456\WINDOWS\MROFINU1000106.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Agent.lbx (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\DOCUMENTS AND SETTINGS\CORTNEY\DESKTOP\OTSCANIT\MOVEDFILES\03202008_134456\WINDOWS\MROFINU572.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Busky.gen (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\SYSTEM32\4E3807EE.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\GDNUS2335.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\GDNUS2335.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Small.cxg (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\GDNUS2335.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Small.czm (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.6\GDNUS2335.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.5\GDNUS2335.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.4\GDNUS2335.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\GDNUS2335.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Small.czw (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.7\GDNUS2335.EXE (Renamed & Submitted)

Trojan.Win32.Runner.j (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\SYSTEM32\ETMT2.EXE (Renamed & Submitted)

Trojan.Win32.Scapur.k (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE (Renamed & Submitted)

Trojan.Win32.Small.ev (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\PJ.EXE (Renamed & Submitted)

Vundo.gen38 (virus)

* C:\DOCUMENTS AND SETTINGS\CORTNEY\DESKTOP\OTSCANIT\MOVEDFILES\03202008_134456\WINDOWS\SYSTEM32\JQXDCVEB.INI (Submitted)

Vundo.gen84 (virus)

* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\DOCUMENTS AND SETTINGS\CORTNEY\DESKTOP\OTSCANIT\MOVEDFILES\03202008_134456\WINDOWS\SYSTEM32\LEJBYAGV.DLL (Submitted)

Statistics
Scanned:

* Files: 27012
* System: 3600
* Not scanned: 11

Actions:

* Disinfected: 0
* Renamed: 14
* Deleted: 0
* None: 2
* Submitted: 16

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
* C:\WINDOWS\$NTUNINSTALLKB828035$\WKSSVC.DLL
* C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
* C:\WINDOWS\$NTUNINSTALLKB824141$\WIN32K.SYS

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-03-21
* F-Secure AVP: 7.0.171, 2008-03-20
* F-Secure Pegasus: 1.20.0, 2008-02-20
* F-Secure Blacklight: 1.0.64

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

[calgooda1323]

Nope, still no desktop. I tried what you said about right clicking on the desktop.. there is no option other than a general tab inside the properties. I did however go into my desktop setting by start-control panel-display-desktop.

I have tried changing it several times, and like you said I used the desktops images already on the computer.

Also I have this pop-up when I boot up... does this mean anything?

On the first page of the attachment is what pops up immediately when loaded. then if you scroll down to the second word page it shows what happens when I click ok. I have never had this pop up until I started having these problems. I just didn't know if this might be part of the problem. OR how do I clear it?

Attached Files

•  weird_desktop.doc   262.5KB   9 downloads

Edited by calgooda1323, 20 March 2008 - 09:59 PM.

[calgooda1323]

OK, I am just thinking about this whole thing. Can this "malware" or whatever it is mess with the sound on my computer? I always have msn on and since all this has happened it doesn't ding when I get a message. I know that I haven't changed the settings in it. It just seems odd I would have problems with it when I started having all these other problems.

[RatHat]

Well F-Secure only showed items in the Quarantine folders, where the malware is safe. Something is hiding in there which I cant see and must be affecting your desktop and messenger, so I'm going to ask you to use one of the most powerful tools we have available so PRINT OUT these instructions and follow them closely. If you are not sure of something, ask first.

Please download and unzip Icesword to its own folder.

If you get a lot of "red entries" in an IceSword log, don't worry, most of them will be legitimate.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.

Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.

Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.

Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.

Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.

Now post all of the data collected under the headings for :

• Processes
• Win32 Services
• Startup
• SSDT
• Message Hooks