Please help, everything disappeared on my desktop.

  1. 13-05-2005  #1
    Lilo
    Lilo is offline Newbie

    Please help, everything disappeared on my desktop.

    It happened when I tried to change the wallpaper background. It didn't happen right away, only when I re-started the computer this happened. I have the log from hijack this. Thanks so much for helping.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:18:28 PM, on 5/12/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
    C:\Program Files\Crazy Browser\Crazy Browser.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Documents and Settings\Owner.livingroom\My Documents\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\OWNER~1.LIV\LOCALS~1\Temp\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\OWNER~1.LIV\LOCALS~1\Temp\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
    O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll
    O2 - BHO: (no name) - {F01F2036-B608-4C9D-B62A-42D35D643A57} - C:\WINDOWS\System32\hloh.dll (file missing)
    O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe " -boot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AutoPlay] C:\HP\BIN\AUTOPLAY.EXE
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",Verif yStatus
    O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
    O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
    O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
    O4 - HKLM\..\Run: [kdmnob] C:\WINDOWS\kdmnob.exe
    O4 - HKLM\..\Run: [p75g38P] modhoncom15.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
    O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
    O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitektl32.exe
    O4 - HKLM\..\Run: [G3] C:\WINDOWS\System32\GSMedia3.exe
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
    O4 - HKLM\..\Run: [mnqahx] c:\windows\system32\mnqahx.exe -start
    O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{184C0D90-DDF7-479B-8929-984A6B14BE2B}\SVCHOST.EXE
    O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\OWNER~1.LIV\LOCALS~1\Temp\se.dll,DllIn stall
    O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{184C0D90-DDF7-479B-8929-984A6B14BE2B}\SECURITY.EXE
    O4 - HKLM\..\Run: [nmlbmk] c:\windows\system32\grqtkhy.exe
    O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",Verif yStatus /ro
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [YwumRUjqh] mmull32.exe
    O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [rofr] C:\PROGRA~1\COMMON~1\rofr\rofrm.exe
    O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe
    O4 - HKCU\..\Run: [SMSSU] C:\WINDOWS\System32\SMSSU.EXE
    O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Mu.../bridge-c8.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binarie...et32_EN_XP.cab
    O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binarie...1041_EN_XP.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/mp3.ocx
    O18 - Filter: text/html - {33963D06-E324-442F-9EC0-AEC5735581C2} - C:\WINDOWS\System32\hloh.dll
    O18 - Filter: text/plain - {33963D06-E324-442F-9EC0-AEC5735581C2} - C:\WINDOWS\System32\hloh.dll
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
  2. 13-05-2005  #2
    HJThis
    HJThis is offline Senior Member
    Hello,Lilo

    Ok we have some work to do here you have some bad stuff
    here so take it one step at a time we will be fine

    first let's get this one

    Download CW-Shredder at the link below:
    http://www.isecurity.org.uk/downloads/cwshredder.exe

    Download SpSeHjfix here:
    http://www.derbilk.de/SpSeHjfix112.zip
    Save it to the desktop and then right click a blank part of desktop & select new folder, call it spfix. Unzip the file into that folder

    Disconnect from the net and Close ALL OPEN PROGRAMS.
    Run 'SpSeHjfix'. and click on "Start Disinfection".
    When it's finished it will reboot your machine to finish the cleaning process.
    The tool creates a log of the fix which will appear in the folder.

    If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

    Now run the CWShredder - Hit The FIX button!

    Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.


    once you do the above before you post the new logfile.

    Go for free online Virus scans here:

    http://housecall.trendmicro.com/hou.../start_corp.asp
    http://www.pandasoftware.com/activescan/

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

    HGD
  3. 15-05-2005  #3
    Lilo
    Lilo is offline Newbie
    Hi HJthis,

    Thanks so much for your help. I'm going to do this first thing tomorrow morning.

    I have the virus cleaner Stop-sign eacceleration on my computer and I pay them $15/mo and it looks like I'm just wasting my money. I will try to do the instructions you gave me and I will update tomorrow. Thanks again and have a nice weekend!

    Lilo
  4. 15-05-2005  #4
    HJThis
    HJThis is offline Senior Member
    Hey,Lilo

    There you are hehe no problem why oh why use that
    when you can use AVG & other good free Virus scanners
    out here. & you should also go with a good free Firewall
    like say ZoneAlarm.

    here are some links for you have a look see
    what you think would work for you.

    http://www.grisoft.com/doc/1

    http://www.avast.com/eng/down_home.html

    http://www.free-av.com/

    http://www.zonelabs.com/store/conten...skulist2_trial

    http://smb.sygate.com/products/spf_standard.htm

    as always i add i don't care if it's free or you go out
    & pay $1000 for a prog it's only as good as it's last update
    so please keep all your progs up to date all the time.

    HGD
  5. 25-05-2005  #5
    Lilo
    Lilo is offline Newbie
    HJTHIS,

    I'm back. I tried to fix the first problem but I can't get far as the computer keeps freezing, then finally it shows just a blue screen. Now I can't go anywhere, all I see is the blue screen. What should I do now? I cannot go to the things that I downloaded because I cannot find them since my desktop and the start button is missing. But now everything is worst because I only see the blue screen. I cannot go to the net anymore, I'm using a friends laptop. Hope to hear back from you. Thanks!
  6. 25-05-2005  #6
    jephree
    jephree is offline ¨*·.¸ «.·°·..·°·.» ¸.·*¨
    Can you get into Safe Mode?

    Restart the computer & start tapping the F8 key after the computer logo screen or BIOS POST.

    If you can get the option page to come up this way choose boot into Safe Mode.
  7. 25-05-2005  #7
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hi,Lilo

    Sorry to hear of these problems. you are having do as
    said by jephree, if all gos well right after you are clean
    i would say bye bye to Stop-sign & go with the one
    i posted for you.

    HGD
+ Reply to Thread
« DNSerror and HijackThis log attached! | mouse problems »