Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop: System Stopped


  • Please log in to reply

#1
11010110

11010110

    Member

  • Member
  • PipPipPip
  • 169 posts
On my desktop, the wallpaper has been changed to a large blue screen that reads:
SYSTEM STOPPED
system has been stopped due to a serious malfunction.
Spyware activity has been detected.
It is recomended that you use a spyware removal tool to prevent data loss.
Do not use computer brfore all spyware removed.


It is a wallpaper, not a popup. there is no right click on the screen and when I access appearances, it won't allow me to change anything. Im not sure if it is spyware or what. It is related to Spyware Sheriff so i need help with that too. heres my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 10:03:39 PM, on 6/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ewido\security suite\securitysuite.exe
C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Spy Defense Arsenal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.COMCAST.NET/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.COMCAST.NET/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....ink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By A Drunken Midget
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll (file missing)
O2 - BHO: (no name) - {7495A744-DE3F-0DEE-33E9-BDC883E0D674} - C:\WINDOWS\System32\20d111Gb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AutoLoaderuwwu1WMQXOLU] "C:\WINDOWS\System32\ipstclog.exe" /HideDir /HideUninstall /PC="CP.DEF2" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [u3FS3qR] t2e42.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ecezas] c:\windows\system32\okbqhj.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vlmmlk.exe reg_run
O4 - HKLM\..\Run: [gshbmtni] c:\windows\system32\gshbmtni.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BioniXWallpaper] "C:\My Downloads\Adult 3D Sex Games ('Virtual Sluts', 'Beach Exposure' and '3D teen rape') -[bleep] sex sexy woman teen butt(1)\Program Files\BioniX Wallpaper v4.60\BioniX Wallper.exe"
O4 - HKCU\..\Run: [svcSystem] C:\WINDOWS\System32\lrdsvr.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [f0w2Rkd8g] sclannel.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MarketBrowser.lnk = C:\Program Files\MarketBrowser\lmt\mktbrws.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: *.bestcounter.biz
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 195.95.218.170
O15 - Trusted IP range: 195.95.218.170 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...stx/install.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0015.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91F174BD-74B8-461F-92A1-367EF1D0A414}: Domain = ,J›
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: bHCRXOdOsEucF - {7495A73E-DE3F-0D94-7A65-ACDC83E0D671} - C:\WINDOWS\System32\hqhm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Please respond.

Edited by 11010110, 15 June 2005 - 08:05 PM.

  • 0

Advertisements


#2
Phrostbite

Phrostbite

    New Member

  • Member
  • Pip
  • 3 posts
Hi there,

I got the same problem,tried AdAware,CWShredder,Spybot,CleanUp,TrendMicro,Panda and HijackThis! wich removed Spy Sheriff but not the wallpaper.
I hope someone has a solution for our problem.

Thanx for your help,

Jim Phrostbite

Logfile of HijackThis v1.99.1
Scan saved at 10:47:32 AM, on 6/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
e:\Popup Blocker\popkill.exe
C:\Documents and Settings\Jim\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.168.1:82/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.168.1:82/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: netMonior Class - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O4 - Global Startup: ATI CATALYST System Tray.lnk.disabled
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\SiSoft\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\SiSoft\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe


Uninstall list:

Ad-Aware SE Personal
Adobe Acrobat 5.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BitTorrent 4.0.2
BPFTP Server (remove only)
CleanUp!
DAEMON Tools
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
DivX Codec
DjVu Browser Plug-in 3.6
dMC Power Pack
Elecard MPEG 2 Player Version 1.35
eMule Plus 1.1d
FlashFXP
HexDump plug-in for Ad-Aware SE
HijackThis 1.99.1
Internet Explorer Q822925
ISO Recorder
Linkbot Pro 5.5
LSP Explorer plug-in for Ad-Aware SE
MailWasher
Microsoft .NET Framework 1.1
Microsoft Excel Viewer 97
MMSSTV Ver. 1.09
mp3-2-wav converter 1.14
Mscan Meteo Pro
Mscan SSTV
MSN Messenger 7.0
Nero 6 Ultra Edition
Nova for Windows
OLYMPUS C-3.0W95E
Outlook Express Update Q330994
Quake III Arena Point Release 1.32
QuickTime
RealPlayer
Reason 3.0
RedFoxIndexer
Shockwave
SiSoftware Sandra Professional 2005 (Win64/32/CE)
Spybot - Search & Destroy 1.3
SpySheriff
SpySubtract
Steinberg Nuendo
Super Popup Blocker 2.4
Teletekstbrowser versie 3.x
Total Commander (Remove or Repair)
Trojan Remover 6.4.0
Unreal Tournament 2004
VQLog 2.3B
VX2 Cleaner plug-in for Ad-Aware SE
Wave Splitter 2.10
Winamp (remove only)
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824146
Windows XP Hotfix (SP1) [See Q318966 for more information]
Windows XP Hotfix (SP1) [See Q320174 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinImage
WinRAR archiver
XoftSpy
Yahoo! Messenger

Edited by Phrostbite, 16 June 2005 - 02:48 AM.

  • 0

#3
master

master

    New Member

  • Member
  • Pip
  • 1 posts
:tazz: i had the same problem as you guys and im not sure if this will help you at all but i was able to get rid of it.

go into start menu and go into run.
type regedit and click ok.
under edit click find and type in wallpaper
(before you delete anything you want to make sure its the right one or it could cause a serious problem)
but you want to look for a something that says default up top with no user value and below it it should say wallpaper and thats what you right click on to delete. hopefully this works
reboot and good luck
  • 0

#4
Phrostbite

Phrostbite

    New Member

  • Member
  • Pip
  • 3 posts
Hi Master,thank you for trying but it didn't work.

I found a solution after two days of work and here it is:

Open the attached zip file,you will find a Fix.reg file inside.

Double-click on the file Fix.reg and click "Yes" to merge with the registry.

Then find and delete this file: C:\WINDOWS\desktop.html

Now you should be able to change your background,if not you might have to change your Windows theme before the change takes effect.

Now reboot and your system should work normal again.

Greetz from Jim Phrostbite

PS: THIS ONLY WORKS IF YOUR SYSTEM IS SPYWARE FREE !!!!
(If Spy Sheriff and relating files are not totally removed it will reinstall itself!)

And please let me know if this helped you solve the problem.

Attached Files


Edited by Phrostbite, 19 June 2005 - 05:12 AM.

  • 0

#5
Omid

Omid

    New Member

  • Member
  • Pip
  • 2 posts
Thanks Phrostbite... but what you said didn't work... it just returns after a system reboot...
  • 0

#6
rakype

rakype

    New Member

  • Member
  • Pip
  • 1 posts
HI!! I am a new member. I have exactly the same problem. My wallpaper says "SYSTEM STOPPED etc..." I cannot cannot change it and i have no clue what i should do!!! Please help!!! Thank you so much. This is a report form hijackthis. I hope it helps!!!

Logfile of HijackThis v1.99.1
Scan saved at 16:21:39, on 19/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Ptxy\Dohlokj.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ioannis\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - _{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: My Next Search - Toolbar - {1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} - C:\Program Files\My Next Search Toolbar\toolbar2.dll (file missing)
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [muApCQcym] C:\WINDOWS\uiqdirwr.exe
O4 - HKLM\..\Run: [Nffxnw] C:\Program Files\Ptxy\Dohlokj.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRA~1\CleanUp!\CleanUp.exe /WindowsRestart
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZU
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://irc.everywher...va/cfs40320.cab
O16 - DPF: DigiChat Applet - http://www.omogenia....s/Client_IE.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks for your time!!
  • 0

#7
Omid

Omid

    New Member

  • Member
  • Pip
  • 2 posts
Hellooo to all... i finally found a cure for this problem... check out http://www.webuser.c...sb=5&o=93&part=
  • 0

#8
screwy_looie

screwy_looie

    Member

  • Member
  • PipPip
  • 86 posts
tryt downloading this for future problems it is free and has found viruses that norton didnt find EWIDO SECURITY SUITE. it also got rid of aurora for me
  • 0

#9
Hurao

Hurao

    New Member

  • Member
  • Pip
  • 1 posts

Hi Master,thank you for trying but it didn't work.

I found a solution after two days of work and here it is:

Open the attached zip file,you will find a Fix.reg file inside.

Double-click on the file Fix.reg and click "Yes" to merge with the registry.

Then find and delete this file: C:\WINDOWS\desktop.html

Now you should be able to change your background,if not you might have to change your Windows theme before the change takes effect.

Now reboot and your system should work normal again.

Greetz from Jim Phrostbite

PS: THIS ONLY WORKS IF YOUR SYSTEM IS SPYWARE FREE !!!!
      (If Spy Sheriff and relating files are not totally removed it will reinstall itself!)

And please let me know if this helped you solve the problem.

View Post



Thanks Phrostbite, it worked!!!
  • 0

#10
Phrostbite

Phrostbite

    New Member

  • Member
  • Pip
  • 3 posts
Thank you all for the feedback.

My method works fine for this problem,but ONLY when your system is free of spyware.
Use AdAware,SpySubtract,HijackThis and Panda Online Scan to clean your system.

Only using one program won't get rid of all the crap on your system.

Greetz,

Jim Phrostbite
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP