1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help me with blue bkgd

Discussion in 'Virus & Other Malware Removal' started by BlueN8, Dec 21, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. BlueN8

    BlueN8 Thread Starter

    Joined:
    Dec 21, 2005
    Messages:
    10
    I got the viruses called paytime.exe, tool4.exe, and spysheriff. I triedd to delete but i cant. i finnaly got the messages of infections to stop but i cant change my background:mad: . it s just stuck at this blue color. the olny time i see my bkgd is when i first log on. but it soon goes away. heres my hijackthis log. please help me!!! thx!

    P.S. i use windows XP

    Logfile of HijackThis v1.99.1
    Scan saved at 4:29:11 PM, on 12/21/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\NoAdware4\NoAdware4.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - C:\WINDOWS\System32\gnapncki.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  2. Sponsor

  3. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    • Please save or print these instructions before beginning
    • Download and install Ewido Security Suite
    • During the installation, uncheck the following under Additional Options:

      Install background guard
      Install scan via context menu
    • Run Ewido and click OK when prompted to update the program
    • On the left side of the screen, click update>>Start
    • When the update is finished, exit Ewido
    • Run Ewido Security Suite
    • Click scanner>>Complete System Scan
    • Click OK when prompted to clean the problems found
    • When the scan is finished, click Save Report and save a copy of this log to your Desktop
    • Exit Ewido
    • Go to Start>>Control Panel>>Internet Options>>Programs
    • Click Reset Web Settings>>Apply>>OK
    • Go to Start>>Control Panel>>Display>>Desktop
    • Click Customize Desktop>>Web
    • If you see an entry called Security info or something similar, select it and click Delete>>OK>>Apply>>OK
    • Restart your computer
    • Post the contents of the Ewido Security Suite report that you saved to your Desktop earlier
    • Run HijackThis and click Do a system scan and save a log file
    • Your HijackThis log will open in Notepad. Post the contents of the log here
     
  4. BlueN8

    BlueN8 Thread Starter

    Joined:
    Dec 21, 2005
    Messages:
    10
    It is still not fixed but here are my 3 logs.

    Ewido
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:11:07 PM, 12/21/2005
    + Report-Checksum: D5CC4048

    + Scan result:

    HKU\S-1-5-21-3453529466-417593342-1728694278-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\0\0\9\0\0\3 -> Spyware.KeenValue : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Local Settings\Temp\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Local Settings\Temp\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Local Settings\Temp\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Local Settings\Temp\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Local Settings\Temp\Cookies\dawnna'[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Local Settings\Temp\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Local Settings\Temp\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Local Settings\Temp\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Dawnna's\Local Settings\Temp\Cookies\dawnna'[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\4602.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
    C:\RECYCLER\S-1-5-21-3453529466-417593342-1728694278-1003\Dc14.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
    C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup


    ::Report End

    Kaspersky
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, December 21, 2005 23:45:52
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 22/12/2005
    Kaspersky Anti-Virus database records: 158397
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 104462
    Number of viruses found: 7
    Number of infected objects: 10
    Number of suspicious objects: 0
    Duration of the scan process: 7858 sec

    Infected Object Name - Virus Name
    C:\Documents and Settings\Owner\Local Settings\Temp\list141.exe Infected: Trojan-Downloader.Win32.Centim.an
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QTN4LCRM\mirror_plugin[1].exe Infected: Trojan-Downloader.Win32.INService.gen
    C:\Program Files\Daily Weather Forecast\weather.exe Infected: Trojan-Downloader.Win32.Centim.an
    C:\RECYCLER\S-1-5-21-3453529466-417593342-1728694278-1003\Dc9.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
    C:\RECYCLER\S-1-5-21-3453529466-417593342-1728694278-1003\Dc9.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
    C:\RECYCLER\S-1-5-21-3453529466-417593342-1728694278-1003\Dc9.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
    C:\RECYCLER\S-1-5-21-3453529466-417593342-1728694278-1003\Dc9.zip Infected: Trojan.Java.ClassLoader.d
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP339\A0038666.exe Infected: Trojan-Downloader.Win32.INService.gen
    C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP348\A0039148.exe Infected: not-virus:Hoax.Win32.Renos.ad
    C:\WINDOWS\secure32.html Infected: not-virus:Hoax.Win32.Renos.y

    Scan process completed.

    Hijackthis
    Logfile of HijackThis v1.99.1
    Scan saved at 11:49:01 PM, on 12/21/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - C:\WINDOWS\System32\gnapncki.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  5. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Please save or print these instructions before beginning.
    • Run CleanUp! and go to Options>>Custom CleanUp!
    • Put a checkmark next to each of the following items:

      Empty Recycle Bins
      Delete Cookies
      Delete Prefetch files
      Scan local drives for temporary files
      Cleanup! All Users
    • Click OK>>CleanUp!
    • Exit CleanUp!
    • Run smitfraud.reg and click Yes if asked to merge the file with your registry
    • Locate and delete the following folders:

      C:\Program Files\Daily Weather Forecast\
    • Locate and delete the following files

      C:\WINDOWS\secure32.html
    • Restart your computer
    You should now be able to change your Desktop.
     
  6. BlueN8

    BlueN8 Thread Starter

    Joined:
    Dec 21, 2005
    Messages:
    10
    THANK YOU SOOOOOOOOOOOOOOO MUCH!!!!:D Its working great and all is well. Brendan i would like to say youare about 99999999999999 times better at help than microsoft.
     
  7. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    You're welcome :)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/426987