[riceyasian86]

A friend went onto my computer and when I turned the screen on, the background wallpaper had a "DANGER, Get rid of spyware" or some crap like that.
Any idea how I can get my desktop back?

When I right click and go into properties, nothing is there except for screensaver and settings

here is my HiJackThis information:



Logfile of HijackThis v1.99.1
Scan saved at 1:15:40 AM, on 4/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\addqo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\d3ug32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\SYSTEM32\init32m.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\sys5240.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\TDS3\tds-3.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Owner.SPIKE2\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\OWNER~2.SPI\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hqhkm.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\OWNER~2.SPI\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D04B13F5-0E39-EE4E-D33A-14F3941F8539} - C:\WINDOWS\system32\d3ms.dll
O2 - BHO: (no name) - {EA6E0CCD-18ED-41D3-82BE-546D036DB26A} - C:\WINDOWS\System32\bpci.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\OWNER~2.SPI\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [d3ug32.exe] C:\WINDOWS\system32\d3ug32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [511693FE] C:\WINDOWS\sys2744.exe
O4 - HKCU\..\Run: [F11693F6] C:\WINDOWS\sys2749.exe
O4 - HKCU\..\Run: [F48E0ACE] C:\WINDOWS\sys271.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [8A16617E] C:\WINDOWS\sys5320.exe
O4 - HKCU\..\Run: [0A16617E] C:\WINDOWS\sys5324.exe
O4 - HKCU\..\Run: [8AB8797E] C:\WINDOWS\sys5240.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {81637099-66C4-44BA-B020-B970FFEACCE0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {81637099-66C4-44BA-B020-B970FFEACCE0} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.iframeprofit.com/
O15 - Trusted Zone: http://*.mycounter.biz/
O15 - Trusted Zone: http://*.our-counter.com/
O15 - Trusted Zone: http://*.[bleep]-search.biz/[bleep]/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1111967390104
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.reds.../113/rssoft.cab
O18 - Filter: text/html - {06B3CC96-FF8E-41BC-B73E-E58599AD11E4} - C:\WINDOWS\System32\bpci.dll
O18 - Filter: text/plain - {06B3CC96-FF8E-41BC-B73E-E58599AD11E4} - C:\WINDOWS\System32\bpci.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addqo.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Thank you for taking your time to read this.

-John

[Advertisements]

post removed by staff member

Edited by ~Kat~, 22 April 2005 - 03:36 AM.

[iam_clint]

post removed by staff member

Edited by ~Kat~, 22 April 2005 - 03:36 AM.

[riceyasian86]

Here is what the desktop wallpaper says and I'm also able to click it.
I'm about to read the topic link you posted.

Attached Thumbnails

• 

[iam_clint]

*post removed by staff member

Hello! Please do not follow any advice given by someone who is not a member of the GeeksToGo Staff. If you have already followed their advice, please post a fresh HJT log here in a reply, and we will continue on!

Clint...we do not allow non Staff members to post help in the Malware forum. Too much can go wrong when you are not trained in reading and fixing HJT logs. Please do not continue to post, OR to edit MY posts.

Kat
GeeksToGo Global Moderator

Edited by ~Kat~, 22 April 2005 - 03:36 AM.

[Kat]

Hi there, John! My name is Kat, and I will be helping you get your computer fixed back up. Again, please disregard ALL advice given by anyone who is not a Staff Member of GeeksToGo. You can tell who is a STaff Memeber by looking under our user names and avatar pictures for our titles!

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

[riceyasian86]

Logfile of HijackThis v1.99.1
Scan saved at 2:41:55 AM, on 4/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\addqo.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\rundll32.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\SYSTEM32\init32m.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\system32\d3ug32.exe
C:\PROGRA~1\CleanUp!\CleanUp.exe
C:\Documents and Settings\Owner.SPIKE2\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\voeng.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {875B4A75-88F5-E7EE-970A-F733BAD255DD} - C:\WINDOWS\system32\netov.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\OWNER~2.SPI\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [d3ug32.exe] C:\WINDOWS\system32\d3ug32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {81637099-66C4-44BA-B020-B970FFEACCE0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {81637099-66C4-44BA-B020-B970FFEACCE0} - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1114162596608
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addqo.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edited by riceyasian86, 22 April 2005 - 03:42 AM.

[Kat]

Please see my above post. Let me know when you have upgraded to at LEAST Servcie Pack 1a for XP.

Edited by ~Kat~, 22 April 2005 - 03:40 AM.

[iam_clint]

Clint, if you do not refrain from posting help and/or snotty comments about me, your posting priviledges will be removed, and you will be banned from this site. I will not tolerate your snide remarks, about myself, or any user of this site.

Kat


riceyasian: I am deeply sorry about the events that have taken place in your thread. Please know that we do not tolerate rudeness or interruptions such as this on our site. If you still need help..please do post here again and I will help you.

[Metallica]

riceyasian86,

Do you still require help?
Let us know.

Regards,

Pieter