Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

My Desktop Background's Changed Into A Virus Warning Banner

Discuss My Desktop Background's Changed Into A Virus Warning Banner in the Antivirus Protection forum on Dev Shed.
My Desktop Background's Changed Into A Virus Warning Banner Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Closed Thread
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old April 30th, 2005, 07:34 PM
geek33 geek33 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2005
Location: Wash, DC
Posts: 17 geek33 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 h 13 m 27 sec
Reputation Power: 0
My Desktop Background's Changed Into A Virus Warning Banner
Hi,
My comp was infected with tons of viruses before, then after I did some cleaning and maintenance, all of the viruses and spywares have seemed to be gone, except for the banner that's been replacing my desktop background. And this thing does not seem to go off.
Please help me getting rid of this annoying banner, much thanks before!


Here is my freshest log:

Logfile of HijackThis v1.99.1
Scan saved at 8:14:37 PM, on 4/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINNT\Explorer.EXE
C:\WINNT\inf\acftp.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\Sony Vaio\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Sony Vaio\Application Data\Mozilla\Profiles\default\y9v9z397.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Sony Vaio\Application Data\Mozilla\Profiles\default\y9v9z397.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\SONYVA~1\LOCALS~1\Temp\ptfca.dat
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunOnce: [*acftp] C:\WINNT\inf\acftp.exe rerun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: My BroadBaNd.lnk = ?
O4 - Global Startup: Perstray.lnk = ?
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi.dll
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: acftp - C:\DOCUME~1\SONYVA~1\LOCALS~1\Temp\ptfca.dat
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
Reply With Quote
  #2  
Old May 2nd, 2005, 10:31 AM
Dngrsone's Avatar
Dngrsone Dngrsone is offline
Infernal Technomancer
Dev Shed Novice (500 - 999 posts)
  
Join Date: Apr 2005
Location: Centrally located far from everywhere
Posts: 950 Dngrsone User rank is Second Lieutenant (5000 - 10000 Reputation Level)Dngrsone User rank is Second Lieutenant (5000 - 10000 Reputation Level)Dngrsone User rank is Second Lieutenant (5000 - 10000 Reputation Level)Dngrsone User rank is Second Lieutenant (5000 - 10000 Reputation Level)Dngrsone User rank is Second Lieutenant (5000 - 10000 Reputation Level)Dngrsone User rank is Second Lieutenant (5000 - 10000 Reputation Level)Dngrsone User rank is Second Lieutenant (5000 - 10000 Reputation Level)  Folding Points: 326464 Folding Title: Super Ultimate Folder - Level 1Folding Points: 326464 Folding Title: Super Ultimate Folder - Level 1Folding Points: 326464 Folding Title: Super Ultimate Folder - Level 1Folding Points: 326464 Folding Title: Super Ultimate Folder - Level 1Folding Points: 326464 Folding Title: Super Ultimate Folder - Level 1Folding Points: 326464 Folding Title: Super Ultimate Folder - Level 1
Time spent in forums: 1 Week 16 h 34 m 19 sec
Reputation Power: 92
Send a message via ICQ to Dngrsone Send a message via Yahoo to Dngrsone
Is your desktop live, as in Active Desktop set on?

Have you tried to change the wallpaper to something different and it changes back?
Reply With Quote
  #3  
Old May 6th, 2005, 11:28 PM
geek33 geek33 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2005
Location: Wash, DC
Posts: 17 geek33 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 h 13 m 27 sec
Reputation Power: 0
Helloo??
Helloo? is there anybody that can help me with that prob here??
Reply With Quote
  #4  
Old May 9th, 2005, 05:56 PM
geek33 geek33 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2005
Location: Wash, DC
Posts: 17 geek33 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 h 13 m 27 sec
Reputation Power: 0
Yes, my desktop is set on to be "active desktop". And I've also tried many times to change the background image, themes, etc. But what appears there is still the same crap.




Quote:
Originally Posted by Dngrsone
Is your desktop live, as in Active Desktop set on?

Have you tried to change the wallpaper to something different and it changes back?
Reply With Quote
  #5  
Old May 21st, 2005, 03:44 AM
geek33 geek33 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2005
Location: Wash, DC
Posts: 17 geek33 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 h 13 m 27 sec
Reputation Power: 0
Quote:
Originally Posted by Dngrsone
Hit the Print Screen Button, open Paint and paste... you'll get an image of what was on your screen when you hit the print screen button.

Geek33, try turning off active desktop. Then boot into safe mode and try removing those files from there.


yes, I've done that. But after the reboot those files are still there no matter what.
Reply With Quote
  #6  
Old May 21st, 2005, 03:49 AM
geek33 geek33 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2005
Location: Wash, DC
Posts: 17 geek33 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 h 13 m 27 sec
Reputation Power: 0
Here's my latest log, hopefully there's any of you who can help me solving this problem.
PS: I've even tried killing these 2 files (acftp, ptfca), with both killbox and process explorer, but again, these files are still in my computer.

Logfile of HijackThis v1.99.1
Scan saved at 4:45:04 AM, on 5/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINNT\Explorer.EXE
C:\WINNT\inf\acftp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sony Vaio\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Sony Vaio\Application Data\Mozilla\Profiles\default\y9v9z397.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Sony Vaio\Application Data\Mozilla\Profiles\default\y9v9z397.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\SONYVA~1\LOCALS~1\Temp\ptfca.dat
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [*acftp] C:\WINNT\inf\acftp.exe rerun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: My BroadBaNd.lnk = ?
O4 - Global Startup: Perstray.lnk = ?
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi.dll
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: acftp - C:\DOCUME~1\SONYVA~1\LOCALS~1\Temp\ptfca.dat
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
Reply With Quote
  #7  
Old May 21st, 2005, 12:58 PM
oneMSBi's Avatar
oneMSBi oneMSBi is offline
CAUTION: Loderator Moose
Dev Shed Loyal (3000 - 3499 posts)
  
Join Date: Nov 2004
Location: some starry place (india)
Posts: 3,431 oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 4 Weeks 1 Day 21 h 34 m 19 sec
Reputation Power: 156
hi geek33, i have split that thread into a new one that will focus on your problem only. that way we can customise a solution for your problem. please be patient while the experts here go over your log and suggests a solution for your malware problem..
cheers
__________________
Nigel
..Seeking code free nirvana...
Nigel Fernandes Blog
Never argue with fools. They will bring you down to their level and beat you with experience.

Manchester United Forever
Reply With Quote
  #8  
Old May 21st, 2005, 01:06 PM
geek33 geek33 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2005
Location: Wash, DC
Posts: 17 geek33 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 h 13 m 27 sec
Reputation Power: 0
Quote:
Originally Posted by oneMSBi
hi geek33, i have split that thread into a new one that will focus on your problem only. that way we can customise a solution for your problem. please be patient while the experts here go over your log and suggests a solution for your malware problem..
cheers


Okie, thanks dude!
Reply With Quote
  #9  
Old May 21st, 2005, 03:42 PM
oneMSBi's Avatar
oneMSBi oneMSBi is offline
CAUTION: Loderator Moose
Dev Shed Loyal (3000 - 3499 posts)
  
Join Date: Nov 2004
Location: some starry place (india)
Posts: 3,431 oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level)oneMSBi User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 4 Weeks 1 Day 21 h 34 m 19 sec
Reputation Power: 156
sorry about this geek33, but Tom has chosen to help you out in this following thread

http://forums.devshed.com/t250913/s.html

i was unaware you already had a thread to yourself. i am closing this one, since tom has already posted instructions for you to execute in that thread.
my appologies for all the inconvience.
regards
Nigel
Reply With Quote
Closed Thread

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > My Desktop Background's Changed Into A Virus Warning Banner

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support |