|
Whats wrong wit my backround??
|
|
|
Colman
Newbie
|
5. February 2006 @ 16:35 |
Link to this message
|
|
My backround keeps changing colors i know there is a virus and every time i try and delelte it it jus comes back. HELPPP???
|
|
Advertisement
|
|
|
|
Senior Member
|
6. February 2006 @ 03:36 |
Link to this message
|
|
Post a HJT log, look at my sticky thread at the top of this forum and download HijackThis.
|
|
Colman
Newbie
|
6. February 2006 @ 06:13 |
Link to this message
|
heres the log file i think
Logfile of HijackThis v1.99.1
Scan saved at 11:12:58 AM, on 2/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Tony\My Documents\My eBooks\BitComet\BitComet.exe
C:\WINDOWS\System32\shell386.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Tony\LOCALS~1\Temp\Rar$EX01.109\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 218.98.195.20:553
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\System32\winapi32.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE (file missing)
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
|
Senior Member
|
6. February 2006 @ 07:16 |
Link to this message
|
|
Yep thats the log and i just skimmed through and noticed theres somthing going on, i'll be right with you and tell you what to fix in a bit, just hold on.
|
|
Colman
Newbie
|
6. February 2006 @ 07:20 |
Link to this message
|
|
thanks
|
Senior Member
|
6. February 2006 @ 08:37 |
Link to this message
|
|
Right im back, checking it now so you know.
|
Senior Member
|
6. February 2006 @ 09:16 |
Link to this message
|
Fix the folowing:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
(they are known to be spyware)
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\System32\winapi32.dll, this is known as all kinds of names and i think its going to be harder ro remove than i'm thinking, for now just disable system restore and scan with trend micro, (how to disable system restore)http://download.nai.com/products/mcafee-avert/SystemHelpDocs/Disa...
Look at my sticky thread at the top of this forum and in the online scans section choose trend micro.
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
(im not totaly sure what this is yet but looks insafe, best not delete it yet)
Run scans with ewido and trend micro then scan in safe mode with ewido, then finaly send in another HJT log.
|
|
Jeanc1
Suspended permanently
|
6. February 2006 @ 11:19 |
Link to this message
|
|
@RAV009
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
could be Norton Wizzard a worm that leaves a PC open ! Well known to be part of numerous trojans ---- IF there is NO NVIDIA card in the hardware.
==========================
If there is an NVIDIA card installed then -- to correct the problem mentioned at the start of this thread -- all that is required is that the NVidia card be re-installed -- to refresh the drivers. ""My backround keeps changing colors"" is what shows wrong when a bad NVIDIA install is noticed.
This message has been edited since posting. Last time this message was edited on 6. February 2006 @ 11:43
|
|
Colman
Newbie
|
6. February 2006 @ 15:36 |
Link to this message
|
|
iam realy new to this how do i fix the stuff?? and i do have nvida hardware
|
|
Jeanc1
Suspended permanently
|
6. February 2006 @ 16:00 |
Link to this message
|
|
Best you first of all -- identify your hardware , by looking at your PC specs -- what type of NVidia card you have -- then go to the manufacturer's website and look for latest drivers that will match that card !
You didnt give any details when you opened this thread -- those are important if you want help !
What is confusing people in here -- is that you say "" i know there is a virus and every time i try and delelte it it jus comes back. "" -- what have you been trying to delete ? -- ! Dont get me wrong -- you could very well have a virus/trojan also ! that has hijacked your NVIDIA driver modules - that is one of the way, people making trojan use-- they will overwrite a legitimate file to hide themselves -- nwiz.exe is corrupted like that sometimes !
So your first step is to re-install your graphic card -- and if that does not suffice -- then look for a piece of malware !
|
|
Colman
Newbie
|
7. February 2006 @ 09:15 |
Link to this message
|
|
thanks, i have a nividia geforce4 mx
|
|
Jeanc1
Suspended permanently
|
7. February 2006 @ 12:18 |
Link to this message
|
|
Best you just unisnstall then re-install your Graphic card with the disk that came with your card ! See if that clears up your problem ! If not, then you can look for a piece of malware after cleaning up your Temporary Folder and running a few tools in Safe Mode as suggested in numerous post -- CCleaner, Ad-Aware Se,SpyBot, Ewido, and an online scan !
This message has been edited since posting. Last time this message was edited on 7. February 2006 @ 12:18
|
|
jmc23200
Newbie
|
13. February 2006 @ 03:59 |
Link to this message
|
|
sounds similar to smitfraud.c
|
|
Advertisement
|
|
|
Senior Member
|
13. February 2006 @ 04:24 |
Link to this message
|
|
Smitfraud puts a background saying "spyware infection" and trys to make you buy the software to remove it(ofcourse it wont remove it).. i spose there kinda similer..
|
