Solved: Help with Virus aftermath> cant customize settings

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Kyattchan

Thread Starter
Joined
Sep 29, 2008
Messages
2
Hello.

Now lets see how to explain this. Im going insane and I never been this close to actually considering formating the damn computer. grrr! :mad: Oh and please dont mind the grammar even the keyboard settings are all wacky.. :(

I got a virus cant remember the name but it was that one that puts virus alert next to the clock (in AVG appeared as Win32/Heur). Anyway at the time I had AVG and Spybot active so most of the virus files were deleted immediatly and after doing another scan I finally thought I had rid myself off it.. but when I rebooted things went crazy.

After rebooting I couldnt access my admin account, in the screen to click the name there wasnt anything, like if the account name had been deleted. Using safe mode I created another account and when I rebooted again the desktop looked kind of okay, even if there wasnt any wallpaper and the folders and shortcuts i used to had there werent there.. but i tried to open some of the programs in the start menu and they worked so I was all happy again.

Now my real problem> the settings i try to customize dont stick. In the start menu there arent any recent programs not mozilla or outlook. I thought it was a setting I had to restore so I did all the clicking in properties and customize then show internet and email program. but when i click ok to save it and then apply in the main window. It doesnt save. After that i noticed I couldnt also customize the desktop with icons like my computer or my docs. The same with the keyboard settings I cant change it from US language to my main one which is portuguese. When I click apply doesnt work and when i go back its all the same.


Heres the HijackThis Log. Hope someone can help me. :eek:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:22, on 29-09-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programas\CDBurnerXP\NMSAccessU.exe
C:\Programas\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programas\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IDMan] C:\Programas\Internet Download Manager\IDMan.exe /onboot (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-18 Startup: Atalho para winamp.lnk = C:\Programas\Winamp\winamp.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: CKBC Calendar.lnk = C:\Program Files\CKBC Calendar\CKBC Calendar Folder\ckbc_calendar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Atalho para winamp.lnk = C:\Programas\Winamp\winamp.exe (User 'Default user')
O4 - .DEFAULT Startup: CKBC Calendar.lnk = C:\Program Files\CKBC Calendar\CKBC Calendar Folder\ckbc_calendar.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC3A2AFB-BD65-42C4-8A8C-F4CDF03D4EE4}: NameServer = 212.55.154.174 212.55.154.190
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceSB4 - Axaware - C:\Programas\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7230 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi Welcome to TSG!!

Did you format or do you still need help?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top