Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Desktop Empty And Sound Not Working, Running Really Slow

  • Please log in to reply
6 replies to this topic

#1 bojang1es


  • Members
  • 12 posts
  • Local time:07:35 AM

Posted 08 March 2008 - 11:31 PM

About two weeks ago something happened and now whenever my computer starts up everything on the desktop disappears, i cant access my icons or the start bar. My sound suddenly stopped working and everything began running really slow. Im not sure if this is a malware problem or a hardware problem, if someone could check out my hijack log and see if they can find anything I would greatly appreciate it, thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:19 PM, on 3/8/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Owner\My Documents\s?curity\l?ass.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [{54-46-6F-F0-DW}] C:\WINDOWS\system32\to2\damecom3305.exe DWram
O4 - HKLM\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [BMe71675c3] Rundll32.exe "C:\WINDOWS\System32\grsjhtlf.dll",s
O4 - HKLM\..\Run: [e425465f] rundll32.exe "C:\WINDOWS\System32\rcaqjwte.dll",b
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\MCROSO~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Uniuyd] "C:\Documents and Settings\Owner\My Documents\s?curity\l?ass.exe"
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\to2\damecom3305.exe
O4 - Global Startup: anjwsoinhj.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

End of file - 6771 bytes

BC AdBot (Login to Remove)



#2 Grinler


    Lawrence Abrams

  • Admin
  • 43,436 posts
  • Gender:Male
  • Location:USA
  • Local time:10:35 AM

Posted 27 March 2008 - 10:17 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 36,779 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:35 AM

Posted 04 April 2008 - 02:40 AM

Hello bojang1es,

I have merged your latest topic with this one. To avoid confusion and assistance delay, please keep responses to this thread.

Back to you Grinler.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 04 April 2008 - 12:18 PM.
Resplit 2nd log: Different computer ~ OB

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 bojang1es

  • Topic Starter

  • Members
  • 12 posts
  • Local time:07:35 AM

Posted 04 April 2008 - 03:20 AM

hey thanks, this topic is actually from my laptop that just completely died on me :thumbsup:. but the second topic is for my desktop which i really really want to get figured out. also, i had followed all of the steps posted and they didnt seem to have any noticeable affect.

Edited by Orange Blossom, 04 April 2008 - 12:19 PM.
Reworded slightly since 2nd log resplit. ~ OB

#5 Grinler


    Lawrence Abrams

  • Admin
  • 43,436 posts
  • Gender:Male
  • Location:USA
  • Local time:10:35 AM

Posted 04 April 2008 - 04:21 PM


Go to Start > Control Panel > Add/Remove Programs and look for any of these and uninstall them:
(May also be listed in the Programs menu of Windows (Start button > Programs)
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.

Download and run this uninstaller: (The uninstaller is safe to run)

Tutorial for the uninstaller if needed

Important Note: Some antivirus and antimalware scanners will flag the uninstaller from outerinfo.com as malicious. Similar to how a vaccine must contain parts of the virus to be effective, uninstallers will contain file names, registry locations, etc. that may set off notifications. This uninstaller has been tested by our experts and determined safe. However, it's always wise to use caution when using an uninstaller that originates from the same source as the malware.



Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:


When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#6 bojang1es

  • Topic Starter

  • Members
  • 12 posts
  • Local time:07:35 AM

Posted 05 April 2008 - 01:03 AM

hey thanks for the reply. was this for just the first comp? because i couldnt find any of those on my desktop and the laptop actually completely crashed, wont boot or anything.

#7 Grinler


    Lawrence Abrams

  • Admin
  • 43,436 posts
  • Gender:Male
  • Location:USA
  • Local time:10:35 AM

Posted 05 April 2008 - 04:33 PM

My instructions were for the log above.. Was that your laptop? Has it since been resinstalled or are you reinstalling windows onit?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users