Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

just jacked.w32/Nsaq.B...with log plz help (W/update, not bump) [

Started by Turbo_Infidel , Feb 21 2006 02:41 PM

This topic is locked

#16
Turbo_Infidel

Posted 22 February 2006 - 06:39 PM

Member

Topic Starter
Member
31 posts

Please don't be offended by this but did you look for it in the Smitrem Folder? I am asking this because many users look for it on their desktop, out in the open.

Trevuren

you can never be offended if you dont know...and you hit the nail on the head, besides the desktop :tazz:

, where would I find the correct folder?

#17
Turbo_Infidel

Posted 22 February 2006 - 06:50 PM

Member

Topic Starter
Member
31 posts

is this the correct log?
on a side note, alltho my desktop is still corrupted, when I restart the comp. a message pops up saying, cannot find C:\delfiles.cmd
not shur if this means anything....

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 02/22/2006
The current time is: 16:32:46.93

Running from
C:\Documents and Settings\koz\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 760 'explorer.exe'
Killing PID 760 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :tazz:

Edited by Turbo_Infidel, 22 February 2006 - 06:53 PM.

#18
Trevuren

Posted 22 February 2006 - 07:44 PM

Old Dog

Retired Staff
18,699 posts

Please try the following to repair your desktop. This regfix often works. It is from greyknight17.

1. Backup the registry by going to Start>Run> and type ‘regedit’ without the quotes. Once the Registry Editor opens, please do the following:

Highlight My Computer
From the file menu choose ‘export’ in XP.
Choose Desktop as the destination
Under Export Range, choose "ALL"
Use Sysreg as the file name
Click Save and EXIT the Registry Editor once the operation is completed
To verify that the export was successful, you should see a "blue cube icon" on your desktop named Sysreg.reg

If a restore of the registry is required, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successful.

2. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=""
"OriginalWallpaper"=""
"ConvertedWallpaper"="C:\\WINDOWS\\Web\\Wallpaper\\Windows XP.jpg"
"ConvertedWallpaper Last WriteTime"=hex:00,60,6b,4e,dd,27,c1,01

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=-
"ForceActiveDesktopOn"=-
"NoActiveDesktop"=dword:00000001
"NoViewContextMenu"=-
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General]
"BackupWallpaper"=""
"WallpaperFileTime"=hex:00,00,00,00,00,00,00,00
"WallpaperLocalFileTime"=hex:00,f8,29,17,d6,ff,ff,ff
"TileWallpaper"="0"
"Wallpaper"=""
"ComponentsPositioned"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\User Shell Folders]
"Desktop"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c, 44,65,73,6b,74,6f,\
70,00
"Custom Desktop"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoViewContextMenu"=-


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop"=""

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Desktop"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c, 44,65,73,6b,74,6f,\
70,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"="C:\\Documents and Settings\\All Users\\Desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4f,46,49, 4c,45,25,5c,\
44,65,73,6b,74,6f,70,00

3. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

4. Reboot your computer.

5. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

#19
Turbo_Infidel

Posted 22 February 2006 - 07:58 PM

Member

Topic Starter
Member
31 posts

Logfile of HijackThis v1.99.1
Scan saved at 5:56:05 PM, on 2/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...sario&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127848926015
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

#20
Trevuren

Posted 22 February 2006 - 08:20 PM

Old Dog

Retired Staff
18,699 posts

Did it help any?

Trevuren

#21
Turbo_Infidel

Posted 22 February 2006 - 08:46 PM

Member

Topic Starter
Member
31 posts

T,
yes and no, since you have been assisting me I havent used my laptop for much more than that, and all seems fine except that my desktop is now white, even when I apply a picture of my choosing it blinks , and remains white...
I dont know how to better describe this to you, so let me know what you want me to do next...

thanx

#22
Trevuren

Posted 22 February 2006 - 09:01 PM

Old Dog

Retired Staff
18,699 posts

We will try a system repair. If there is no change, then I'll ask one of our superduper trusted techs to poke his/her head in and have a looksee.

1. Please go to Start -> Run -> type cmd and press Enter.

2. At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker.

3. Follow the prompts, and insert your Windows installation CD if requested.

4. Then please REBOOT your computer.

5. Please tell me if there is any improvement or not.

Trevuren

#23
Turbo_Infidel

Posted 23 February 2006 - 02:43 PM

Member

Topic Starter
Member
31 posts

T,
I followed your directions and performed a "system repair" as you directed..and during the action I was not prompted to use my windows installation CD which is a good thing being that I have been looking for it since this happened, I figured that I might need it, but was unable to locate it, I think I MISPLACED IT...is there a way to get a replacement for it? in case I need it in the future?

when my laptop is loading , my real desktop background is present for aprox 3 seconds before it changes to a white background..aslo when shutting down I can see my preffered background again for aprox 3 seconds.

it is still screwed up..

thanx for all the assistance..

#24
Trevuren

Posted 23 February 2006 - 06:37 PM

Old Dog

Retired Staff
18,699 posts

As previously discussed, I have asked one of our excellent techs to come in and see if we can get you back up and running properly

Trevuren

#25
Trevuren

Posted 23 February 2006 - 08:56 PM

Old Dog

Retired Staff
18,699 posts

A. Clean your Java Cache

1. Go to Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked:

1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.

B. Try right-clicking on the desktop and go to properties, click the desktop tab, click the customize desktop button, click the web tab and uncheck or delete whatever is in there. Click Ok, Apply, Ok. Try changing it again.

Trevuren

#26
wannabe1

Posted 23 February 2006 - 10:31 PM

Tech Staff

Technician
16,645 posts

Hi guys...

Please navigate to each of the following registry keys in Registry Editor (regedit) and list all of the strings in the right pane here for me (top string in the list should be "Default" in each key).

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ ActiveDesktop (May or may not be there)

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System

wannabe1

#27
Turbo_Infidel

Posted 23 February 2006 - 11:13 PM

Member

Topic Starter
Member
31 posts

Hi guys...

Please navigate to each of the following registry keys in Registry Editor (regedit) and list all of the strings in the right pane here for me (top string in the list should be "Default" in each key).

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ ActiveDesktop (May or may not be there)

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System

wannabe1

Im sorry, this went WAY over my head...plz "dumb it down a little"

and my desktop is still white, I can choose properties but

it says that it is a HTML document...file://C:\WINDOWS\warnhp.html

Edited by Turbo_Infidel, 23 February 2006 - 11:18 PM.

#28
wannabe1

Posted 23 February 2006 - 11:26 PM

Tech Staff

Technician
16,645 posts

Sorry Turbo_Infidel... :tazz:

Click Start, then Run, type regedit in the box, and click "Ok".

In the left pane, expand (click +) HKEY_CURRENT_USER, then Software, then Microsoft, then Windows, then CurrentVersion, then Policies, and click on Explorer. In the right pane, list everything that appears.

Then click on ActiveDesktop (if listed) and list everything in the right pane.

Then click on System and list everything in the right pane.

#29
Turbo_Infidel

Posted 23 February 2006 - 11:46 PM

Member

Topic Starter
Member
31 posts

(default) reg_sz
NoDriveTypeAutoRun REG_DWORD 0x00000091 (145)
NoSaveSettings REG_DWORD 0X00000000 (0)
NoThemesTab REG_DWORD 0X00000000 (0)

there is only a explorer folder in policies nothing else

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer

these are not there...

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ ActiveDesktop

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System

this is the source of whatever is on my desktop,

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY
style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none"
bottomMargin=0 bgColor=#9dacbd leftMargin=0 background="" topMargin=0
rightMargin=0>
<DIV
style="LEFT: 0px; WIDTH: 1440px; POSITION: absolute; TOP: 0px; HEIGHT: 900px"><IMG
style="LEFT: 0px; WIDTH: 100%; POSITION: absolute; TOP: 0px; HEIGHT: 100%" cache
src="file:///C:/Documents%20and%20Settings/koz/Local%20Settings/Application%20Data/Microsoft/Wallpaper1.bmp">
</DIV><IFRAME id=0
style="BACKGROUND: none transparent scroll repeat 0% 0%; LEFT: 0px; WIDTH: 1440px; POSITION: absolute; TOP: 0px; HEIGHT: 866px"
name=DeskMovrW marginWidth=0 marginHeight=0 src="file:///C:/WINDOWS/warnhp.html"
frameBorder=0 subscribed_url="" resizeable="粶터 "> </IFRAME>
<OBJECT id=ActiveDesktopMover
style="LEFT: 0px; VISIBILITY: hidden; WIDTH: 0px; POSITION: absolute; TOP: 0px; HEIGHT: 0px; container: positioned; zIndex: 5"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>
<OBJECT id=ActiveDesktopMoverW
style="Z-INDEX: -1; LEFT: 0px; VISIBILITY: hidden; WIDTH: 1px; POSITION: absolute; TOP: 0px; HEIGHT: 866px; container: positioned"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT> 
</BODY></HTML>

#30
wannabe1

Posted 24 February 2006 - 12:11 AM

Tech Staff

Technician
16,645 posts

Looks like a couple of Kellyskorner tweaks in there...but what I was looking for isn't there.

Try this...it appears to have been overlooked earlier. Go to your desktop and right click. Select "Properties", click the "Desktop" tab, click Customize Desktop" near the bottom, select the "Web" tab. In the box "Web pages", see if file:///C:/WINDOWS/warnhp.html is there. If it is, select it and delete it. "Apply" the change.

Reboot and see if you can change the desktop image.