Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Warning Your in Danger

  • This topic is locked This topic is locked
2 replies to this topic

#1 rocker


  • Members
  • 1 posts
  • Local time:08:16 AM

Posted 20 February 2005 - 11:19 PM


Well I'm close to zapping the computer with a o/s reload after trying to sort this persistent nusinace out. I've trawled through various previous posts but it just will not depart!

Below my Hijackthis log:

Logfile of HijackThis v1.98.0
Scan saved at 3:10:21 PM, on 21/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe

F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

Any offerings I will try in a last dice roll


BC AdBot (Login to Remove)



#2 penmore


    Malware Sniffer

  • Members
  • 757 posts
  • Location:West Coast of Scotland
  • Local time:02:16 PM

Posted 22 February 2005 - 05:36 AM

Hi rocker,

It is possible that you have another infection on your machine as well as the Desktop problem but I cannot be absolutely certain because you are using an old version of HijackThis. Please carry out the following steps and post a fresh log.
  • You are using an outdated version of hijackthis. Please download the newer version.
    Download HijackThis from: HijackThis Download Site Unzip the newer version and overwrite the old version in your hijackthis folder.

  • Try the following for your Desktop problem:
    Go to Start >>> Control Panel >>> Display >>> Desktop >>> Customize Desktop button >>> choose Web tab. You should then see an entry in the Web Pages box that is ticked next to C:\WINDOWS\Web\desktop.html. Untick this and click OK and close the open windows. That should remove the hijacked desktop.

  • Reboot your machine, run the new version of HijackThis and post a new log here using the Add Reply button at the bottom of this thread. Let me know how you went on with the Desktop fix and how your machine is running.

Edited by penmore, 22 February 2005 - 05:36 AM.

#3 penmore


    Malware Sniffer

  • Members
  • 757 posts
  • Location:West Coast of Scotland
  • Local time:02:16 PM

Posted 11 March 2005 - 03:31 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users