Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"personalized settings" problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"personalized settings" problem

Unread postby ~dj~ » January 5th, 2009, 2:24 am

Hello

Every few minutes (or every minute, at times), a message comes up saying "setting up personalized settings for: C:\RECYCLER\S-1-5-21-1482476501-1644491937-68"

The computer temporarily freezes up, the taskbar disappears and some windows (such as my documents or my pictures) are closed, then the taskbar reappears and everything goes on as normal for a few minutes, until the message comes up again. Just in typing this message, this has happened twice.

Please help...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:29 PM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8068793656
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 7763 bytes

Thank you
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am
Advertisement
Register to Remove

Re: "personalized settings" problem

Unread postby Rodav » January 17th, 2009, 6:29 pm

I'm sorry we couldn't help you sooner but as you can see the forums are extremely busy and our volunteer helpers are at full capacity. I'm subscribed to this topic now and will help you with any malware issues you may have, if you still need any assistance.

As it has been a while since you posted last and changes may have been made to your system please run HijackThis again and post a new log in your next reply along with a brief description of how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: "personalized settings" problem

Unread postby ~dj~ » January 18th, 2009, 12:50 am

Thank you so much, but this problem has not been occurring anymore. I do not know why... but thankfully it is gone!!

I was looking at other posts and noticed that quite a few persons were instructed to remove limewire before further help could be given. I wondered if perhaps that was one of the reasons my post had not been replied to... Since the problem with my computer appears to have ended, I still have not removed limewire, but here is the hijack this log, if you would like to take a look. If you notice any problems that I may not be aware of, I will be willing to follow your instructions. Hopefully everything looks fine....

Thank you very much for being willing to help, it is much appreciated! =)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:14 PM, on 1/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1980807015
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 8079 bytes
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am

Re: "personalized settings" problem

Unread postby Rodav » January 18th, 2009, 2:06 pm

Before I can help you further you must remove Limewire and any other Peer 2 Peer program.

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate Limewire and click on the Change/Remove button to uninstall it.
  3. Repeat for any other P2P program.
  4. Close Add/Remove Programs and Control Panel when done.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: "personalized settings" problem

Unread postby ~dj~ » January 18th, 2009, 6:18 pm

Limewire has been removed.

Also, my brother has noticed that this problem has still occurred at times with him. It comes and goes.

Thank you for your help :)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:51 PM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1980807015
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 7997 bytes
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am

Re: "personalized settings" problem

Unread postby Rodav » January 18th, 2009, 6:58 pm

Limewire has been removed.
If Limewire was removed it would not be running still which it clearly is. I'm going to give you one more chance to uninstall it. Please do the following:

Step 1:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    Limewire

Restart you computer when this is done.

Step 2:
Download at your desktop DDS from one of the links below:

Link1
Link2
Link3
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: "personalized settings" problem

Unread postby ~dj~ » January 18th, 2009, 10:15 pm

I apologize, I had not restarted the computer after removing Limewire. This must be why it still appeared the last time. But it is certainly removed, and I have restarted the computer and followed your instructions. Here are the reports you requested; I have pasted both as asked.

Thank you for your patience, please know your help is much appreciated....



DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 20:04:29.79 on Sun 01/18/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.748 [GMT -6:00]

AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated)
FW: Avanquest NetDefense Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://qus10.hpwis.com/
uSearch Page = hxxp://srch-qus10.hpwis.com/
uDefault_Page_URL = hxxp://qus10.hpwis.com/
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearch Bar = hxxp://srch-qus10.hpwis.com/
mDefault_Page_URL = hxxp://qus10.hpwis.com/
mDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
mSearch Page = hxxp://srch-qus10.hpwis.com/
mStart Page = hxxp://qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: XPL LinkScannerIE: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avanquest\systemsuite\LinkScannerIE.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [CamMonitor] c:\program files\hp\digital imaging\unload\hpqcmon.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [VirusScannerPro] c:\progra~1\avanqu~1\system~1\MemCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSub.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\trendnet tew-421pc_tew-423pi\WlanCU.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: SpSubLSP.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R3 KFilter;KFilter;c:\progra~1\avanqu~1\system~1\KFilter.sys [2008-8-21 54865]
R3 TFilter;TFilter;c:\progra~1\avanqu~1\system~1\TFilter.sys [2008-8-21 20225]
R4 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-8-7 35008]
R4 tmpreflt;tmpreflt;c:\progra~1\avanqu~1\system~1\tmpreflt.sys [2007-9-5 32528]
S3 I97DRIVER;I97DRIVER;c:\progra~1\avanqu~1\system~1\dgs.sys [2007-9-5 6600]
S3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-8-7 300736]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-8-10 193816]
S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-8-15 87200]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-8-15 234656]
S4 mrtRate;mrtRate; [x]
S4 navapsvc;Norton AntiVirus Auto Protect Service;"c:\program files\norton antivirus\navapsvc.exe" --> c:\program files\norton antivirus\navapsvc.exe [?]

=============== Created Last 30 ================

2009-01-17 14:07 89,600 a------- C:\dyr.exe
2009-01-07 17:59 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-04 23:28 <DIR> --d----- c:\program files\Trend Micro
2009-01-04 00:14 132 a------- C:\DeletePrintJobs.cmd
2009-01-01 13:08 286,720 a------- c:\windows\system32\sndp610.dll
2009-01-01 13:08 61,440 a------- c:\windows\system32\dsndp610.dll
2009-01-01 13:08 219,392 a------- c:\windows\system32\drivers\sndp610.sys
2009-01-01 13:08 61,440 a------- c:\windows\system32\csndp610.dll
2009-01-01 13:08 36,864 a------- c:\windows\system32\vsndp610.dll
2009-01-01 13:08 28,672 a------- c:\windows\system32\dsndp610.ax
2008-12-25 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WildTangent
2008-12-20 19:44 <DIR> --d----- c:\windows\system32\LogFiles

==================== Find3M ====================

2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-08 23:38 3,888 a------- c:\windows\viassary-hp.reg
2008-12-08 23:35 2,041 a------- c:\windows\GedBot.exe
2008-12-08 22:53 42,166 a------- c:\windows\system32\bZip.exe
2008-11-30 14:09 74,999 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-21 17:52 28,928 a------- c:\windows\hpoins03.dat
2008-11-21 15:37 274,432 a------- c:\windows\system32\TubeFinder.exe
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-04-12 20:48 62,048 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 20:04:58.40 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2008 2:31:34 PM
System Uptime: 1/18/2009 7:58:33 PM (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel(R) Pentium(R) 4 CPU 2.50GHz | Socket 478 | 2500/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 105 GiB total, 44.04 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 2.386 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: USB Device
Device ID: USB\VID_046D&PID_0920\5&126700AE&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_046D&PID_0920\5&126700AE&0&2
Service:

==== System Restore Points ===================

RP1: 11/16/2008 2:38:36 PM - Installed TRENDnet TEW-421PC or TEW-423PI
RP2: 11/16/2008 2:04:37 PM - Installed Java(TM) 6 Update 10
RP3: 11/16/2008 3:13:52 PM - Installed 1200
RP4: 11/16/2008 3:14:01 PM - Installed 1000Tour
RP5: 11/16/2008 3:14:07 PM - Installed 1200_Help
RP6: 11/16/2008 3:14:13 PM - Installed 1200Trb
RP7: 11/16/2008 7:58:01 PM - Installed Windows Live Messenger
RP8: 11/16/2008 7:58:36 PM - Installed Windows Live Sign-in Assistant
RP9: 11/17/2008 5:27:08 PM - Installed Windows Installer KB893803v2.
RP10: 11/17/2008 5:29:16 PM - Installed SystemSuite 8 Professional
RP11: 11/17/2008 5:58:45 PM - Restore Operation
RP12: 11/17/2008 7:57:10 PM - Removed Java(TM) 6 Update 10
RP13: 11/17/2008 7:58:41 PM - Installed Java(TM) 6 Update 10
RP14: 11/17/2008 8:46:29 PM - Restore Operation
RP15: 11/20/2008 9:17:34 PM - Configured TRENDnet TEW-421PC or TEW-423PI
RP16: 11/20/2008 9:19:13 PM - Installed TRENDnet TEW-421PC or TEW-423PI
RP17: 11/20/2008 9:33:33 PM - Restore Operation
RP18: 11/20/2008 9:35:04 PM - Restore Operation
RP19: 11/20/2008 9:46:35 PM - Unsigned driver install
RP20: 11/21/2008 4:14:35 PM - Installed Windows Live Messenger
RP21: 11/21/2008 4:15:04 PM - Installed Windows Live Sign-in Assistant
RP22: 11/21/2008 5:52:31 PM - Installed 1200
RP23: 11/21/2008 5:52:38 PM - Installed 1000Tour
RP24: 11/21/2008 5:52:44 PM - Installed 1200_Help
RP25: 11/21/2008 5:52:47 PM - Installed 1200Trb
RP26: 11/22/2008 6:35:20 PM - System Checkpoint
RP27: 11/23/2008 8:54:23 PM - Installed Windows Installer KB893803v2.
RP28: 11/23/2008 9:01:54 PM - Installed SystemSuite 8 Professional
RP29: 11/23/2008 9:30:50 PM - Restore Operation
RP30: 11/25/2008 8:52:36 AM - System Checkpoint
RP31: 11/26/2008 6:57:21 PM - System Checkpoint
RP32: 11/27/2008 7:32:03 PM - Installed Java(TM) 6 Update 10
RP33: 11/28/2008 7:32:24 PM - System Checkpoint
RP34: 11/30/2008 9:07:34 AM - System Checkpoint
RP35: 11/30/2008 1:22:26 PM - Installed Windows Installer KB893803v2.
RP36: 11/30/2008 1:28:12 PM - Installed SystemSuite 8 Professional
RP37: 11/30/2008 1:59:32 PM - Installed Windows XP Service Pack 3.
RP38: 11/30/2008 2:11:41 PM - Installed Windows XP KB946648.
RP39: 11/30/2008 3:47:04 PM - Removed SystemSuite 8 Professional
RP40: 11/30/2008 3:48:40 PM - Installed QuickTime
RP41: 11/30/2008 7:59:38 PM - Software Distribution Service 3.0
RP42: 11/30/2008 8:09:44 PM - SS8
RP43: 11/30/2008 8:12:58 PM - Installed SystemSuite 8 Professional
RP44: 11/30/2008 8:19:44 PM - Software Distribution Service 3.0
RP45: 11/30/2008 8:30:17 PM - Removed SystemSuite 8 Professional
RP46: 11/30/2008 8:46:25 PM - Installed SystemSuite 8 Professional
RP47: 11/30/2008 9:01:39 PM - Software Distribution Service 3.0
RP48: 12/1/2008 4:27:37 PM - Software Distribution Service 3.0
RP49: 12/2/2008 4:30:55 PM - Installed Java(TM) 6 Update 11
RP50: 12/3/2008 4:47:12 PM - System Checkpoint
RP51: 12/4/2008 7:13:07 PM - System Checkpoint
RP52: 12/4/2008 10:26:54 PM - Restore Operation
RP53: 12/4/2008 10:32:15 PM - Restore Operation
RP54: 12/5/2008 6:53:20 PM - Restore Operation
RP55: 12/5/2008 7:10:37 PM - Restore Operation
RP56: 12/7/2008 1:56:19 PM - Restore Operation
RP57: 12/7/2008 10:00:19 PM - Restore Operation
RP58: 12/7/2008 10:13:29 PM - Restore Operation
RP59: 12/8/2008 7:35:25 PM - Installed iTunes
RP60: 12/9/2008 12:27:12 PM - Software Distribution Service 3.0
RP61: 12/9/2008 9:25:14 PM - Software Distribution Service 3.0
RP62: 12/10/2008 10:19:08 PM - Removed SystemSuite 8 Professional
RP63: 12/10/2008 10:25:11 PM - Installed SystemSuite 8 Professional
RP64: 12/12/2008 4:31:06 PM - Software Distribution Service 3.0
RP65: 12/12/2008 4:33:35 PM - Software Distribution Service 3.0
RP66: 12/12/2008 4:35:02 PM - Software Distribution Service 3.0
RP67: 12/12/2008 4:37:43 PM - Software Distribution Service 3.0
RP68: 12/12/2008 11:24:47 PM - Software Distribution Service 3.0
RP69: 12/13/2008 9:22:54 PM - Software Distribution Service 3.0
RP70: 12/14/2008 1:43:55 AM - Software Distribution Service 3.0
RP71: 12/14/2008 10:26:37 AM - Software Distribution Service 3.0
RP72: 12/14/2008 12:22:48 PM - Software Distribution Service 3.0
RP73: 12/14/2008 3:09:13 PM - Software Distribution Service 3.0
RP74: 12/14/2008 10:18:15 PM - Software Distribution Service 3.0
RP75: 12/15/2008 2:08:08 PM - Software Distribution Service 3.0
RP76: 12/15/2008 2:54:28 PM - Installed iTunes
RP77: 12/15/2008 6:12:48 PM - Software Distribution Service 3.0
RP78: 12/15/2008 11:48:06 PM - Installed OpenOffice.org 2.4
RP79: 12/15/2008 11:52:48 PM - Software Distribution Service 3.0
RP80: 12/16/2008 5:49:54 PM - Software Distribution Service 3.0
RP81: 12/16/2008 11:08:52 PM - Software Distribution Service 3.0
RP82: 12/17/2008 6:12:17 PM - Software Distribution Service 3.0
RP83: 12/17/2008 9:19:47 PM - Software Distribution Service 3.0
RP84: 12/17/2008 10:58:12 PM - Installed SA21xx Device Manager
RP85: 12/18/2008 1:06:22 PM - Software Distribution Service 3.0
RP86: 12/18/2008 1:14:58 PM - Software Distribution Service 3.0
RP87: 12/18/2008 5:48:28 PM - Software Distribution Service 3.0
RP88: 12/18/2008 11:23:54 PM - Avira AntiVir Personal - 12/18/2008 23:23
RP89: 12/19/2008 1:30:34 AM - Software Distribution Service 3.0
RP90: 12/19/2008 12:30:01 PM - Software Distribution Service 3.0
RP91: 12/19/2008 1:10:26 PM - Avira AntiVir Personal - 12/19/2008 13:10
RP92: 12/19/2008 1:27:11 PM - Software Distribution Service 3.0
RP93: 12/20/2008 1:17:17 PM - Software Distribution Service 3.0
RP94: 12/20/2008 10:59:46 PM - Software Distribution Service 3.0
RP95: 12/22/2008 12:19:03 PM - System Checkpoint
RP96: 12/22/2008 1:51:19 PM - Installed Google SketchUp 7
RP97: 12/23/2008 4:30:32 PM - System Checkpoint
RP98: 12/24/2008 4:49:56 PM - System Checkpoint
RP99: 12/26/2008 2:48:01 PM - System Checkpoint
RP100: 12/26/2008 4:13:32 PM - Removed Bonjour
RP101: 12/27/2008 11:04:43 PM - Installed WinZip 12.0
RP102: 12/29/2008 10:42:43 AM - System Checkpoint
RP103: 12/29/2008 3:26:21 PM - Installed Windows Live Upload Tool
RP104: 12/30/2008 3:54:47 PM - System Checkpoint
RP105: 12/31/2008 4:34:22 PM - System Checkpoint
RP106: 1/1/2009 1:08:40 PM - Installed Dual Mode Camera
RP107: 1/3/2009 9:18:16 PM - System Checkpoint
RP108: 1/4/2009 10:49:28 PM - Restore Operation
RP109: 1/4/2009 10:56:05 PM - Restore Operation
RP110: 1/5/2009 11:02:31 PM - System Checkpoint
RP111: 1/7/2009 4:36:32 PM - System Checkpoint
RP112: 1/8/2009 8:40:36 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP113: 1/9/2009 9:09:09 PM - System Checkpoint
RP114: 1/10/2009 9:21:15 PM - System Checkpoint
RP115: 1/12/2009 5:02:54 PM - System Checkpoint
RP116: 1/13/2009 6:53:47 PM - System Checkpoint
RP117: 1/13/2009 11:50:14 PM - Software Distribution Service 3.0
RP118: 1/15/2009 1:35:11 PM - System Checkpoint
RP119: 1/16/2009 5:38:38 PM - System Checkpoint
RP120: 1/18/2009 7:46:40 PM - System Checkpoint

==== Installed Programs ======================


1000Tour
1200
1200_Help
1200Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
AiO_Scan
AIOMinimal
AiOSoftware
Apple Mobile Device Support
Apple Software Update
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Holidays (Free with HP Game Console)
Bounce Symphony from Compaq (remove only)
CC_ccStart
ccCommon
Compaq Connections
Compaq Instant Support
Compaq Organize
Copy
CreativeProjects
Director
DocProc
Dual Mode Camera
Easy Internet Sign-up
Excavation from Compaq (remove only)
Fax
Five Card Frenzy from Compaq (remove only)
FoxyTunes for Firefox
Free FLV Converter V 5.9
Google SketchUp 7
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Deskjet Preloaded Printer Drivers
HP Game Console
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 10
KBD
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (3.0.5)
MSRedist
MSXML 4.0 SP2 (KB954430)
MUSICMATCH® Jukebox
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
NVIDIA GART Driver
OpenOffice.org 2.4
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
Overball from Compaq (remove only)
PC-Doctor for Windows
PhoTags Express
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Compaq (remove only)
PrintScreen
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
QuickTime
Readme
RealPlayer
RecordNow!
SA21xx Device Manager
Scan
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SkinsHP1
SkinsHP2
Slyder from Compaq (remove only)
Sonic Update Manager
SpamSubtract
SymNet
SystemSuite 8 Professional
TrayApp
Unload
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player (Remove Only)
Watchtower Library 2007 - English
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Live Messenger
Windows Live Upload Tool
Windows XP Service Pack 3
WinZip 12.0
Yahoo! Companion
Zone Deluxe Games

==== Event Viewer Messages From Past Week ========

1/13/2009 4:17:55 PM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/13/2009 4:17:55 PM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/13/2009 4:17:55 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
1/13/2009 4:17:55 PM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
1/16/2009 3:59:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2009 12:35:57 AM, error: Service Control Manager [7034] - The SystemSuite Task Manager service terminated unexpectedly. It has done this 1 time(s).
1/18/2009 2:14:46 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014D1340636. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/18/2009 8:00:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
1/18/2009 8:00:28 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am

Re: "personalized settings" problem

Unread postby Rodav » January 19th, 2009, 3:49 pm

Step 1:
Older versions of Java have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel > Add/Remove Programs.
  • Check Java 2 Runtime Environment, SE v1.4.2
  • Click the Remove or Change/Remove button.
  • Repeat for Java(TM) 6 Update 10.
  • Reboot your computer once all Java components are removed.
Then download the latest version of Java Runtime Environment(JRE) and install it to your computer.


Step 2:
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application and Restart your computer.


Step 3:
Please visit Virustotal

Copy/paste this file and path into the white box at the top:
Code: Select all
c:\windows\GedBot.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response. If VirusTotal is busy try http://virusscan.jotti.org/

Repeat for the following file:
Code: Select all
C:\dyr.exe



Step 4:
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.


Step 5:
Run HijackThis, do a system scan and post the following:
  • The Virustotal/jotti results
  • The online NOD32 scan results
  • The new HijackThis log
Also let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: "personalized settings" problem

Unread postby ~dj~ » January 22nd, 2009, 6:19 pm

Done

File GedBot.exe received on 01.22.2009 06:43:54 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.22 -
AhnLab-V3 5.0.0.2 2009.01.22 -
AntiVir 7.9.0.57 2009.01.21 -
Authentium 5.1.0.4 2009.01.22 -
Avast 4.8.1281.0 2009.01.21 -
AVG 8.0.0.229 2009.01.22 -
BitDefender 7.2 2009.01.22 -
CAT-QuickHeal 10.00 2009.01.22 -
ClamAV 0.94.1 2009.01.22 -
Comodo 940 2009.01.21 -
DrWeb 4.44.0.09170 2009.01.22 -
eSafe 7.0.17.0 2009.01.20 -
eTrust-Vet 31.6.6319 2009.01.21 -
F-Prot 4.4.4.56 2009.01.21 -
F-Secure 8.0.14470.0 2009.01.22 -
Fortinet 3.117.0.0 2009.01.22 -
GData 19 2009.01.22 -
Ikarus T3.1.1.45.0 2009.01.22 -
K7AntiVirus 7.10.599 2009.01.22 -
Kaspersky 7.0.0.125 2009.01.22 -
McAfee 5502 2009.01.21 -
McAfee+Artemis 5502 2009.01.21 -
Microsoft 1.4205 2009.01.22 -
NOD32 3787 2009.01.22 -
Norman 5.93.01 2009.01.21 -
nProtect 2009.1.8.0 2009.01.22 -
Panda 9.5.1.2 2009.01.21 -
PCTools 4.4.2.0 2009.01.21 -
Prevx1 V2 2009.01.22 -
Rising 21.13.30.00 2009.01.22 -
SecureWeb-Gateway 6.7.6 2009.01.21 -
Sophos 4.37.0 2009.01.22 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.22 -
TheHacker 6.3.1.5.225 2009.01.21 -
TrendMicro 8.700.0.1004 2009.01.22 -
VBA32 3.12.8.10 2009.01.22 -
ViRobot 2009.1.22.1573 2009.01.22 -
VirusBuster 4.5.11.0 2009.01.21 -
Additional information
File size: 2041 bytes
MD5...: af2f9701ff2b7582112b36547dcbbe3c
SHA1..: f36ccffadfa094e678713072da77e8871e523ddc
SHA256: 9bb2f72331ba138c3875cb5cd6e296caf4f7edefe726df637f301e118da05a9b
SHA512: 29a1ee9dd6133c7290a0e9a467b58daff0d3513d5030421743f27d324aeadaca<br>87e5bd1e32c31b544bc937266502ca850ef343989415d754b56de4a278cd8857<br>
ssdeep: 48:e9MFfAaMe82wXdgTRxUB8Ea4p5zpmpPlN:yMZAaL82ygTR6q4rtmJlN<br>
PEiD..: -
TrID..: File type identification<br>file seems to be plain text/ASCII (0.0%)
PEInfo: -



File dyr.exe received on 01.22.2009 06:46:54 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.22 P2P-Worm.Win32.Agent!IK
AhnLab-V3 5.0.0.2 2009.01.22 -
AntiVir 7.9.0.57 2009.01.21 Worm/Agent.KP.1
Authentium 5.1.0.4 2009.01.22 -
Avast 4.8.1281.0 2009.01.21 Win32:Crypt-DHQ
AVG 8.0.0.229 2009.01.22 SHeur2.JRP
BitDefender 7.2 2009.01.22 Worm.Generic.43093
CAT-QuickHeal 10.00 2009.01.22 I-Worm.Agent.kp
ClamAV 0.94.1 2009.01.22 -
Comodo 940 2009.01.21 -
DrWeb 4.44.0.09170 2009.01.22 -
eSafe 7.0.17.0 2009.01.20 -
eTrust-Vet 31.6.6319 2009.01.21 -
F-Prot 4.4.4.56 2009.01.21 -
F-Secure 8.0.14470.0 2009.01.22 -
Fortinet 3.117.0.0 2009.01.22 -
GData 19 2009.01.22 Worm.Generic.43093
Ikarus T3.1.1.45.0 2009.01.22 P2P-Worm.Win32.Agent
K7AntiVirus 7.10.599 2009.01.22 P2P-Worm.Win32.Agent.kp
Kaspersky 7.0.0.125 2009.01.22 P2P-Worm.Win32.Agent.kp
McAfee 5502 2009.01.21 W32/Autorun.worm.gen
McAfee+Artemis 5502 2009.01.21 W32/Autorun.worm.gen
Microsoft 1.4205 2009.01.22 Worm:Win32/Autorun.GR
NOD32 3787 2009.01.22 -
Norman 5.93.01 2009.01.21 -
nProtect 2009.1.8.0 2009.01.22 -
Panda 9.5.1.2 2009.01.21 -
PCTools 4.4.2.0 2009.01.21 -
Prevx1 V2 2009.01.22 Worm
Rising 21.13.30.00 2009.01.22 -
SecureWeb-Gateway 6.7.6 2009.01.21 Worm.Agent.KP.1
Sophos 4.37.0 2009.01.22 Mal/Generic-A
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.22 W32.SillyFDC
TheHacker 6.3.1.5.225 2009.01.21 W32/Agent.kp
TrendMicro 8.700.0.1004 2009.01.22 -
VBA32 3.12.8.10 2009.01.22 -
ViRobot 2009.1.22.1573 2009.01.22 -
VirusBuster 4.5.11.0 2009.01.21 -
Additional information
File size: 89600 bytes
MD5...: d03b343d0014a0cdfcbe3ecd30d70840
SHA1..: 56316487785c15e0af2828fd5605f98c24845990
SHA256: 62110151314d212bc7903fc3d88eda6941449fa4b350ad21c73341a49f71f313
SHA512: 6d6d07f7e3b90f35762cba90b84a8e94f8b6580952b3d182231c2d8d6c377653<br>43a66179bd8fa450d5a8d4ade25a08fd64086f0055822362aafdd764f5b7c5f5<br>
ssdeep: 1536:lhkB0OR3/Z5ifZMya89+DfZu4SeD0TDw6W2l5JNPvmmstr3:60Ox/Z5ixMy<br>a896RiZO2zmmstr<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40d2a0<br>timedatestamp.....: 0x49626866 (Mon Jan 05 20:07:02 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x121b4 0x12200 7.78 c87bedb375cdacf2e060c2a058dcbcf5<br>.rdata 0x14000 0x1a54 0x1c00 5.40 760da94ee89cf1b59b8e5f925903562e<br>.data 0x16000 0x25dc 0x1c00 5.69 713f96f33a84f89220788f5bc72e0f38<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetStartupInfoA, GetProcAddress, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, LoadLibraryA, InitializeCriticalSection, GetCPInfo, GetACP, GetOEMCP, Sleep, VirtualAlloc, HeapReAlloc, RtlUnwind, HeapSize, MultiByteToWideChar, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW<br><br>( 0 exports ) <br>
Prevx info: &lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B0AAA5FB002CCBBB5EC701DEC88AEE00C1F188D3' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=B0AAA5FB002CCBBB5EC701DEC88AEE00C1F188D3&lt;/a&gt;



Logfile of C:\Program Files\EsetOnlineScanner\log.txt
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3787 (20090121)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=372c2d119706064882b015633d0598aa
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-22 07:46:24
# local_time=2009-01-22 01:46:24 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=702944
# found=6
# scan_time=6669
C:\Bardiel.hta Win32/Darby.P worm 5CAF6CDEE50BA47ADA82CDAB2E0443EC
C:\Documents and Settings\Leonel.ALVARO-DESKTOP.000\Incomplete\T-39456-Nickelback - Someone That You're With.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan F66657CD52F4B2A31B462F181209F701
C:\Documents and Settings\Owner\My Documents\My Music\Limewire songs\il dulce suono vitas.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 95C9D6B8F4B1E9A8CAAC73785C78B532
C:\Documents and Settings\Owner\My Documents\My Music\Limewire songs\star vitas.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 95C9D6B8F4B1E9A8CAAC73785C78B532
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe Win32/AutoRun.KS worm 49A0B72713B9FBB618B3F9402B41B7D8
C:\WINDOWS\microsoftweb.htm Win32/Darby.O worm 76B06914EAF8957AEF55FE411E6A2DDE



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:19 PM, on 1/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://b.casalemedia.com/V2/67072/13079 ... firstrun=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [windows service firewall] C:\RECYCLER\S-1-5-21-3069825451-5547038539-308115259-3352\isl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1980807015
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 7210 bytes


Lastly, the computer now includes a message saying that Windows explorer has encountered a problem and needs to close We are sorry for the inconvenience. It has the option of sending an error report. Windows Explorer closes the Personalized Settings comes up and Windows Explorer restarts.
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am

Re: "personalized settings" problem

Unread postby Rodav » January 22nd, 2009, 7:50 pm

I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine.
The infection is delivered by ise32.exe
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
  • The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  • The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have a IRCBot, the worst kind.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
  • Please read this for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: "personalized settings" problem

Unread postby ~dj~ » January 23rd, 2009, 1:43 am

Wow
I have already started uninstalling programs, and will back up documents tomorrow. Maybe on Saturday It will be ready to reformat. Question Can I just right click the C drive in My Computer and select Format? If so what are the next steps?
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am

Re: "personalized settings" problem

Unread postby Rodav » January 23rd, 2009, 10:33 am

Here is a tutorial on how to reformat and reinstall: http://spyware-free.us/tutorials/reformat/

If you would like further instruction, you can ask at a general XP tech forum like: http://www.bleepingcomputer.com/forums/forum56.html who would be able to guide you through it.

Whatever documents and data you save before you reformat, you should scan them before putting them back onto your computer in case there is any infection on them. Here is some programs and other tips that can help future reinfection.


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Two good antivirus programs free for non-commercial home use are Avast and Antivir
    Two good paid for antivirus programs are NOD32 and Kaspersky
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection level. It may also impair the performance of your PC.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install a Hosts File
    I recommend MVPS Hosts File
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
  • Install Malwarebytes & update and scan with it regularly
    Malwarebytes is a free for personal use on demand scanner which is developed by active members of the Malware Removal community. It detects and removes many modern infections. The paid version offers realtime protection.
  • The last and most important thing I can tell you is UPDATE, UPDATE, UPDATE.
    If you don't update your security programs (Antivirus, Antispyware, even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

Miekiemoes an expert in malware removal has a fantastic article on how to prevent Malware for further tips, it's well worth a read. http://users.telenet.be/bluepatchy/miek ... ntion.html
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: "personalized settings" problem

Unread postby ~dj~ » January 23rd, 2009, 6:59 pm

Here is a tutorial on how to reformat and reinstall: http://spyware-free.us/tutorials/reformat/

The guide states:
Do not use this guide if you are not reinstalling windows XP. Only use this guide if you are reformatting using the XP cd (not using a 'recovery partition' that some computer manufacturers use)

My computer is a Compaq Presario S6000V. It did not come with Xp cds and only has a partition which at the most makes a backup of everything on your computer and repairs windows Xp
Should I still follow the instructions?
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am

Re: "personalized settings" problem

Unread postby Rodav » January 23rd, 2009, 9:05 pm

The recovery partition on your computer should allow for a destructive reinstall of the OS (it may call it Full System Recovery or similar). You should probably reference the instruction manuals for details on this or use HP customer care. http://h10025.www1.hp.com/ewfrf/wc/site ... c=en&cc=us
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: "personalized settings" problem

Unread postby ~dj~ » January 24th, 2009, 9:18 pm

i got it reformatted using the destructive version. The only problem is that since I am using a wireless PCI card on this desktop, I got it installed and everything but I don't receive an IP address. I put repair, but it tells me it cannot renew the IP address. How can I fix it? Everything else you told me has worked perfectly to plan.
~dj~
Regular Member
 
Posts: 21
Joined: January 5th, 2009, 1:58 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 62 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware