Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help, porno stuff on desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help, porno stuff on desktop

Unread postby Bv202 » January 5th, 2009, 3:45 pm

Hi thrashernyc

Do you still have the Internet Explorer problems? If so, what exactly doesn't work? Do you get any error messages? Also, how is the computer running apart from this problem?

FIX HIJACKTHIS ENTRIES
Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O2 - BHO: D - {7BF9F344-72CF-344A-9D1B-3B7D25C37D34} - C:\WINDOWS\system32\xsl27629.dll (file missing)
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.


Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log

In your next reply, please post:
1) The Kaspersky report
2) A new HijackThis log
3) An answer to the questions at the top of this reply
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)
Advertisement
Register to Remove

Re: Need help, porno stuff on desktop

Unread postby thrashernyc » January 5th, 2009, 8:08 pm

answers to questions: Computer is running ok, no noticeable differences. Google seems to be working properly again.
Internet Explorer just doesn't seem to be there. the desktop icon does nothing, and the quicklaunch on the task bar comes up with an error saying "windows cannot find 'C\Program Files\Internet Explorer\iexplore.exe'. Maker sure you typed the name correctly, then try again. to search for file, click start button, and then click search."





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, January 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 05, 2009 19:35:09
Records in database: 1565596
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 91958
Threat name: 6
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 01:20:06


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll Infected: Trojan.Win32.Agent.bakf 1
C:\Documents and Settings\Sean\Local Settings\Application Data\Mozilla\Firefox\Profiles\z6wgkj7g.default\Cache(2).Trash\Trash(2)\Cache(2)\F09C94D6d01 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Documents and Settings\Sean\My Documents\My Music\downloads\0030C828\180Solutions Content Syndication_.asf Infected: Trojan-Downloader.WMA.Wimad.h 1
C:\Documents and Settings\Sean\My Documents\My Music\downloads\0036B0EA\180Solutions Content Syndication_.asf Infected: Trojan-Downloader.WMA.Wimad.h 1
C:\Program Files\Common Files\Ndm399a2rL.exe Infected: Trojan.Win32.Agent.baki 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\_OTMoveIt\MovedFiles\01032009_153522\windows\system32\monhftd.dll Infected: Trojan.Win32.Agent.baki 1
C:\_OTMoveIt\MovedFiles\01032009_153522\windows\system32\ropfnqz.exe Infected: Trojan-Downloader.Win32.Agent.aukz 1
C:\_OTMoveIt\MovedFiles\01032009_153522\windows\system32\sl27629.dll Infected: Trojan.Win32.Agent.baki 1
C:\_OTMoveIt\MovedFiles\01032009_153522\windows\system32\svchоst.exe Infected: Trojan.Win32.Agent.bdiq 1
C:\_OTMoveIt\MovedFiles\01032009_153522\windows\system32\xsl27629.dll Infected: Trojan.Win32.Agent.baki 1

The selected area was scanned.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:48, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\program files\steam\steam.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [SpiralFrog] "C:\Program Files\SpiralFrog\Spiralfrog.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ResChanger 2005] "C:\Program Files\ResChanger 2005\ResChanger2005.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1566314718
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b55579.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includ ... reQual.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9326 bytes
thrashernyc
Regular Member
 
Posts: 16
Joined: December 26th, 2008, 6:27 pm

Re: Need help, porno stuff on desktop

Unread postby Bv202 » January 6th, 2009, 2:08 pm

Hi thrashernyc

Run OTMoveIt3
Please run OTMoveIt3 again:
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll 
C:\Program Files\Common Files\Ndm399a2rL.exe
C:\Documents and Settings\Sean\My Documents\My Music\downloads\0030C828\180Solutions Content Syndication_.asf
C:\Documents and Settings\Sean\My Documents\My Music\downloads\0036B0EA\180Solutions Content Syndication_.asf

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Reboot the computer

Now let's have a look what happened with Internet Explorer.
Click Start, then click Run and paste the following in the text field:
Code: Select all
cmd.exe /C dir "c:\program files\internet explorer" > "%userprofile%\desktop\dir.txt"

A textfille called dir.txt will appear on your desktop now. Please paste it's content along with the new OTMoveIt3 log in your next reply :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Need help, porno stuff on desktop

Unread postby thrashernyc » January 6th, 2009, 4:59 pm

im getting an error
"Access violation at address 100119AB. Read of address 100119AB."


Also the internet explorer thing, i pasted it and nothing happened.


========== FILES ==========
DllUnregisterServer procedure not found in C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll




i ran it a second time
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll> in the current context!
Error: Unable to interpret <C:\Program Files\Common Files\Ndm399a2rL.exe> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Sean\My Documents\My Music\downloads\0030C828\180Solutions Content Syndication_.asf> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Sean\My Documents\My Music\downloads\0036B0EA\180Solutions Content Syndication_.asf> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_155532
thrashernyc
Regular Member
 
Posts: 16
Joined: December 26th, 2008, 6:27 pm

Re: Need help, porno stuff on desktop

Unread postby Bv202 » January 7th, 2009, 10:44 am

Hi thrashernyc

Sorry about the not-working run command. Please navigate to c:\program files\Internet Explorer
Can you find this folder? If so, how many files are in there? Can you find iexplore.exe in the folder?

Also, please try to run OTMoveIt3 once again with the same lines as above. Make sure you copied everything from the codebox. Please post it's log in your next reply.
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Need help, porno stuff on desktop

Unread postby thrashernyc » January 7th, 2009, 8:20 pm

same error,
here is exactly what i pasted into OTmoveit

:Files
C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll
C:\Program Files\Common Files\Ndm399a2rL.exe
C:\Documents and Settings\Sean\My Documents\My Music\downloads\0030C828\180Solutions Content Syndication_.asf
C:\Documents and Settings\Sean\My Documents\My Music\downloads\0036B0EA\180Solutions Content Syndication_.asf



as for the internet explorer
folder contains 41 files, 6 folders.

i clicked on the iexplore.exe icon in the folder and im getting that error again.
i clicked the iexplore.exe not the shortcut.^
thrashernyc
Regular Member
 
Posts: 16
Joined: December 26th, 2008, 6:27 pm

Re: Need help, porno stuff on desktop

Unread postby thrashernyc » January 8th, 2009, 2:55 pm

i feel like an idiot, there is a file on my desktop called dir.txt

here are the contents.

Volume in drive C has no label.
Volume Serial Number is 44B2-CE32

Directory of c:\program files\internet explorer

12/09/2008 22:59 <DIR> .
12/09/2008 22:59 <DIR> ..
10/31/2006 17:23 <DIR> Connection Wizard
11/07/2006 21:03 33,792 custsat.dll
12/05/2006 17:53 <DIR> en-US
10/17/2006 11:44 60,416 hmmapi.dll
10/17/2006 12:04 69,120 iedw.exe
11/07/2006 21:03 287,744 ieproxy.dll
10/15/2008 02:06 633,632 iexplore.exe
04/12/2008 05:38 <DIR> MUI
11/23/2008 10:36 <DIR> PLUGINS
12/05/2006 17:55 <DIR> SIGNUP
5 File(s) 1,084,704 bytes
7 Dir(s) 136,786,800,640 bytes free
thrashernyc
Regular Member
 
Posts: 16
Joined: December 26th, 2008, 6:27 pm

Re: Need help, porno stuff on desktop

Unread postby Bv202 » January 8th, 2009, 4:20 pm

Hi thrashernyc

Hehe, don't worry about that :)

Run a batch file
Please open up notepad. Copy and paste the below text from the codebox in the notepad document and save it as "fix.bat" (WITH the quotes!!) on your desktop. Now doubleclick fix.bat. A black window will appear and disappear; this is normal. Now, reboot the computer and a new file called deletion.txt should be appeared on your desktop. Please post it's content in your next reply.

Code: Select all
@echo off
echo Trying to delete C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll... > "%userprofile%\desktop\deletion.txt"
del /f /as /ah "C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll" >> "%userprofile%\desktop\deletion.txt"
If not errorlevel 1 echo File deletion successful. >> "%userprofile%\desktop\deletion.txt"
echo. >> "%userprofile%\desktop\deletion.txt"
echo Trying to delete C:\Program Files\Common Files\Ndm399a2rL.exe... >> "%userprofile%\desktop\deletion.txt"
del /f /as /ah "C:\Program Files\Common Files\Ndm399a2rL.exe" >> "%userprofile%\desktop\deletion.txt"
If not errorlevel 1 echo File deletion successful. >> "%userprofile%\desktop\deletion.txt"
echo. >> "%userprofile%\desktop\deletion.txt"
echo Trying to delete C:\Documents and Settings\Sean\My Documents\My Music\downloads\0030C828\180Solutions Content Syndication_.asf... >> "%userprofile%\desktop\deletion.txt"
del /f /as /ah "C:\Documents and Settings\Sean\My Documents\My Music\downloads\0030C828\180Solutions Content Syndication_.asf" >> "%userprofile%\desktop\deletion.txt"
If not errorlevel 1 echo File deletion successful. >> "%userprofile%\desktop\deletion.txt"
echo. >> "%userprofile%\desktop\deletion.txt"
echo Trying to delete C:\Documents and Settings\Sean\My Documents\My Music\downloads\0036B0EA\180Solutions Content Syndication_.asf... >> "%userprofile%\desktop\deletion.txt"
del /f /as /ah "C:\Documents and Settings\Sean\My Documents\My Music\downloads\0036B0EA\180Solutions Content Syndication_.asf" >> "%userprofile%\desktop\deletion.txt"
If not errorlevel 1 echo File deletion successful. >> "%userprofile%\desktop\deletion.txt"


About the Internet Explorer 7 problems: Please try to re-download Internet Explorer 7 from here. Before installing, remove your current copy of IE7 by using add/remove programs (IE7 is called "Windows Internet Explorer 7" there). Does that solve the problem?
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Need help, porno stuff on desktop

Unread postby thrashernyc » January 8th, 2009, 6:02 pm

Trying to delete C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll...
File deletion successful.

Trying to delete C:\Program Files\Common Files\Ndm399a2rL.exe...
File deletion successful.

Trying to delete C:\Documents and Settings\Sean\My Documents\My Music\downloads\0030C828\180Solutions Content Syndication_.asf...
File deletion successful.

Trying to delete C:\Documents and Settings\Sean\My Documents\My Music\downloads\0036B0EA\180Solutions Content Syndication_.asf...
File deletion successful.


Installing windows now, ill edit once done.
thrashernyc
Regular Member
 
Posts: 16
Joined: December 26th, 2008, 6:27 pm

Re: Need help, porno stuff on desktop

Unread postby Bv202 » January 10th, 2009, 12:22 pm

Ok, that's fine :)

Please tell me once you re-installed Internet Explorer 7 :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Need help, porno stuff on desktop

Unread postby thrashernyc » January 10th, 2009, 4:55 pm

nope still not working.
thrashernyc
Regular Member
 
Posts: 16
Joined: December 26th, 2008, 6:27 pm

Re: Need help, porno stuff on desktop

Unread postby Bv202 » January 11th, 2009, 11:40 am

Hi thrashernyc

I don't think the problems with Internet Explorer you have are related to malware. On the websites listed below, you can ask for general computer help. You can mention there the computer is cleaned of malware already so they know it's not malware related.

http://forums.whatthetech.com/forums.html
http://www.techguy.org/
http://www.bleepingcomputer.com/forums/


You said there were some problems with the clock settings - do you still have these? If so, did you try to change it's settings already?

How is the computer running apart from this? Are there any more problems now?
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Need help, porno stuff on desktop

Unread postby thrashernyc » January 11th, 2009, 1:57 pm

the computer seems to be running ok, the IE problem happened sometime during this cleaning process. it was after one of the fixes given to me.
Also im not quite sure how to change the clock from military time to 12 hour?
thrashernyc
Regular Member
 
Posts: 16
Joined: December 26th, 2008, 6:27 pm

Re: Need help, porno stuff on desktop

Unread postby Bv202 » January 12th, 2009, 2:08 pm

Hi thrashernyc

While having a look at the files we deleted when this problem (with Internet Explorer) occured, it seems that you're not the only one with this problem, so let's try something else :)

Click Start, then click Run. Copy and paste this in the text field:
cmd.exe /C reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" >> "%userprofile%\desktop\export.txt"

A textfile called export.txt will be created on your desktop - copy and paste it's content in your next reply.

About the clock settings; please follow these instructions:
Go to the Start Button, then select the Control Panel. In the Control Panel, select the option to Change the format of numbers, dates, and times.

Now select the Customize button in the Standards and formats section, notice the legend for the different time formats on the bottom of the window. Now select the Time tab and then click on the drop down menu arrow next to the Time format box. You now have four different time display options to choose from, two are 12 hour time formats and two are 24 hour (military) type formats. (If there are only 24 hour type presents, then don't use the drop down menu, but just enter the format in the text field.)

Choose the h:mm:ss tt select to change to the default windows format. Then click on Apply or OK to finalize your selection.


In your next reply, please post the content of export.txt and tell me if you managed to change the settings to 12hr format :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Need help, porno stuff on desktop

Unread postby thrashernyc » January 12th, 2009, 4:19 pm

managed to change it back to 12 hour format, Thank you :D. here is the export.txt



! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Salwrap.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
thrashernyc
Regular Member
 
Posts: 16
Joined: December 26th, 2008, 6:27 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware