Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

So yea. A virus. [RESOLVED]

Started by Bletotum , Aug 20 2008 02:24 PM

  • This topic is locked This topic is locked

#1
Bletotum
Posted 20 August 2008 - 02:24 PM

Bletotum

    New Member

  • Member
  • Pip
  • 7 posts
I already tried anti virus - scanners.

I can't read the log myself.

Any help will be appreciated.

The desktop is frozen to this picture, and the screensaver is the default of the computer. The tabs for the two have dissappeared from the desktop - properties menu. The computer shuts off at random.

http://img80.imagesh...65604805bp3.png

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:01 PM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Justin.tv Publisher - http://www.justin.tv...v_publisher.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Unknown owner - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7171 bytes


-

EDIT:

Everything in the similar topics menu has a title that sounds like some random idiot posted it withought even having a virus...

I should also mention that my computer first had told me that it REMOVED a virus. Then my desktop changed, and it slowly got worse. I asked for help on two - other sites. One was use - less, and the other told me to - go here.

EDIT 2:

If it helps to say where I got it, it was supposed to be an auto installer for materials for the garry's mod game. www.garrysmod.org I guess I should scan things first. Still, any help - would - be - appreciated.

Edited by Bletotum, 20 August 2008 - 03:56 PM.

  • 0

Advertisements

#2
Essexboy
Posted 20 August 2008 - 03:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there firstly I would like a deeper look at your system

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
Bletotum
Posted 20 August 2008 - 04:02 PM

Bletotum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Attached File  OTScanIt.Txt   347.95KB   123 downloads

Edited by Bletotum, 20 August 2008 - 04:02 PM.

  • 0

#4
Essexboy
Posted 20 August 2008 - 04:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Fast reply :)

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\] > -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 90 days]
NY -> 0 -> %SystemRoot%\System32\0
NY -> blphcj41j0e38v.scr -> %SystemRoot%\System32\blphcj41j0e38v.scr
NY -> lphcj41j0e38v.exe -> %SystemRoot%\System32\lphcj41j0e38v.exe
NY -> phcj41j0e38v.bmp -> %SystemRoot%\System32\phcj41j0e38v.bmp
NY -> ~.exe -> %SystemRoot%\System32\~.exe
NY -> 0 -> %SystemRoot%\0
NY -> NARBACULARDROP.INI -> %SystemRoot%\NARBACULARDROP.INI
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ZangoSA -> %AllUsersProfile%\Application Data\ZangoSA
NY -> Zango -> %AppData%\Zango
NY -> ---.wps -> %UserProfile%\My Documents\---.wps
NY -> --- -> %UserProfile%\Desktop\---
NY -> -.bmp -> %UserProfile%\Desktop\-.bmp
NY -> dighfghfgjsg -> %UserProfile%\Desktop\dighfghfgjsg
NY -> Peril (128 x 128)-.jpg -> %UserProfile%\Desktop\Peril (128 x 128)-.jpg
NY -> Peril (256 x 256).jpg -> %UserProfile%\Desktop\Peril (256 x 256).jpg
NY -> Peril (400 x 400).jpg -> %UserProfile%\Desktop\Peril (400 x 400).jpg
NY -> Peril (640 x 480).jpg -> %UserProfile%\Desktop\Peril (640 x 480).jpg
NY -> Peril-tr.gif -> %UserProfile%\Desktop\Peril-tr.gif
NY -> Peril-trans.bmp -> %UserProfile%\Desktop\Peril-trans.bmp
NY -> Peril.tga -> %UserProfile%\Desktop\Peril.tga
NY -> Peril0 (128 x 128).jpg -> %UserProfile%\Desktop\Peril0 (128 x 128).jpg
NY -> Peril1 (128 x 128).jpg -> %UserProfile%\Desktop\Peril1 (128 x 128).jpg
NY -> Peril2 (128 x 128).jpg -> %UserProfile%\Desktop\Peril2 (128 x 128).jpg
NY -> Peril3 (128 x 128).jpg -> %UserProfile%\Desktop\Peril3 (128 x 128).jpg
NY -> Peril4 (128 x 128).jpg -> %UserProfile%\Desktop\Peril4 (128 x 128).jpg
NY -> Peril5 (128 x 128).jpg -> %UserProfile%\Desktop\Peril5 (128 x 128).jpg
NY -> Peril6 (128 x 128).jpg -> %UserProfile%\Desktop\Peril6 (128 x 128).jpg
NY -> peril64.tga -> %UserProfile%\Desktop\peril64.tga
NY -> peril68.vtf -> %UserProfile%\Desktop\peril68.vtf
NY -> perilspray.vtf -> %UserProfile%\Desktop\perilspray.vtf
NY -> PIXresizer (640 x 480).jpg -> %UserProfile%\Desktop\PIXresizer (640 x 480).jpg
NY -> Public_Installer -> %UserProfile%\Desktop\Public_Installer
NY -> RC15B26 -> %UserProfile%\Desktop\RC15B26
[Files/Folders - Modified Within 90 days]
NY -> (null)id -> %SystemRoot%\System32\(null)id
NY -> 0 -> %SystemRoot%\System32\0
NY -> blphcj41j0e38v.scr -> %SystemRoot%\System32\blphcj41j0e38v.scr
NY -> lphcj41j0e38v.exe -> %SystemRoot%\System32\lphcj41j0e38v.exe
NY -> phcj41j0e38v.bmp -> %SystemRoot%\System32\phcj41j0e38v.bmp
NY -> ~.exe -> %SystemRoot%\System32\~.exe
NY -> 0rbujrnw.cmdline -> C:\WINDOWS\Temp\0rbujrnw.cmd
NY -> b_g-okyk.cmdline -> C:\WINDOWS\Temp\b_g-okyk.cmd
NY -> npqqn4gw.cmdline -> C:\WINDOWS\Temp\npqqn4gw.cmd
NY -> s-lxpnly.cmdline -> C:\WINDOWS\Temp\s-lxpnly.cmd
NY -> 0rbujrnw.dll -> C:\WINDOWS\Temp\0rbujrnw.dll
NY -> b_g-okyk.dll -> C:\WINDOWS\Temp\b_g-okyk.dll
NY -> npqqn4gw.dll -> C:\WINDOWS\Temp\npqqn4gw.dll
NY -> s-lxpnly.dll -> C:\WINDOWS\Temp\s-lxpnly.dll
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> ZangoSA -> %AllUsersProfile%\Application Data\ZangoSA
NY -> Zango -> %AppData%\Zango
NY -> --- -> %UserProfile%\Desktop\---
NY -> -.bmp -> %UserProfile%\Desktop\-.bmp
NY -> -pe-r-i-l-trans-par-ent- -> %UserProfile%\Desktop\-pe-r-i-l-trans-par-ent-
NY -> -peril- -> %UserProfile%\Desktop\-peril-
NY -> 50169007-.GIF -> %UserProfile%\Desktop\50169007-.GIF
NY -> 50169007.gif -> %UserProfile%\Desktop\50169007.gif
NY -> peril -> %UserProfile%\Desktop\peril
NY -> Peril (128 x 128)-.jpg -> %UserProfile%\Desktop\Peril (128 x 128)-.jpg
NY -> Peril (256 x 256).jpg -> %UserProfile%\Desktop\Peril (256 x 256).jpg
NY -> Peril (400 x 400).jpg -> %UserProfile%\Desktop\Peril (400 x 400).jpg
NY -> Peril (640 x 480).jpg -> %UserProfile%\Desktop\Peril (640 x 480).jpg
NY -> Peril-tr.gif -> %UserProfile%\Desktop\Peril-tr.gif
NY -> Peril-trans.bmp -> %UserProfile%\Desktop\Peril-trans.bmp
NY -> Peril.tga -> %UserProfile%\Desktop\Peril.tga
NY -> Peril0 (128 x 128).jpg -> %UserProfile%\Desktop\Peril0 (128 x 128).jpg
NY -> Peril1 (128 x 128).jpg -> %UserProfile%\Desktop\Peril1 (128 x 128).jpg
NY -> Peril2 (128 x 128).jpg -> %UserProfile%\Desktop\Peril2 (128 x 128).jpg
NY -> Peril3 (128 x 128).jpg -> %UserProfile%\Desktop\Peril3 (128 x 128).jpg
NY -> Peril4 (128 x 128).jpg -> %UserProfile%\Desktop\Peril4 (128 x 128).jpg
NY -> Peril5 (128 x 128).jpg -> %UserProfile%\Desktop\Peril5 (128 x 128).jpg
NY -> Peril6 (128 x 128).jpg -> %UserProfile%\Desktop\Peril6 (128 x 128).jpg
NY -> peril64.tga -> %UserProfile%\Desktop\peril64.tga
NY -> peril68.vtf -> %UserProfile%\Desktop\peril68.vtf
NY -> perilspray.vtf -> %UserProfile%\Desktop\perilspray.vtf
NY -> Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log and the OTScanit report .
  • 0

#5
Bletotum
Posted 20 August 2008 - 04:26 PM

Bletotum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The OT scan.

X The application or DLL C:\WINDOWS\Temp\0rbujrnw.dll is not a valid Windows image. Please check this against your installation diskette.

The same thing for the following.

Temp\b_g-okyk.dll

npqqn4gw.dll

s-lxpnly.dll

Normal?

EDIT:

The ComboFix program says that it is incompatible with my system, that I need Windows Xp or Vista.

I have Windows Xp...

-
EDIT 2:
-
Attached File  hijackthis__.txt   7.18KB   95 downloads
-
Attached File  08202008_183650_.txt   326KB   90 downloads
-
EDIT 3:
-
And if the virus was supposed to be gone... It isn't.
-

Edited by Bletotum, 20 August 2008 - 05:01 PM.

  • 0

#6
Essexboy
Posted 21 August 2008 - 01:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
By the virus has not gone you mean you still have the display problem ? Before we can commence repairs to the damage done to your system we do need to remove all elements. There is no quick fix


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#7
Bletotum
Posted 21 August 2008 - 04:29 PM

Bletotum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks. It works now.

One last thing, the background to my desktop icons were transparent, along with the backgrounds of the text for them. Now they look dark. A way to change would - be nice.

Attached File  hijackthis____.txt   7.2KB   95 downloads

Attached File  report.txt   4.76KB   96 downloads
  • 0

#8
Essexboy
Posted 22 August 2008 - 10:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok then lets see if we can restore the transparency

1. Right-click My Computer.
2. Choose Properties.
3. Click the Advanced tab in the resulting dialog.
4. Click the Settings button in the Performance panel.
5. Click the Visual Effects tab in the resulting dialog.
6. Check the box whose title begins Use drop shadows for icon . . . .
7. Click OK, OK.

Subject to no further problems

Now the best part of the day ----- Your log now appears clean :)

A good workman allways cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#9
Bletotum
Posted 22 August 2008 - 02:22 PM

Bletotum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks. Although the tip for the desktop icons made things worse.

The shadows didn't go away, they turned blue.

And it made the windows that I have open, and ones that I could open have a cream colored - layout. It was dark before.

:(

Edited by Bletotum, 22 August 2008 - 02:22 PM.

  • 0

#10
Essexboy
Posted 22 August 2008 - 03:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm not sure what caused that (I am on Vista now) any other problems ?
  • 0

#11
Essexboy
Posted 24 August 2008 - 05:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP