Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Missing tabs on display properties

This is a discussion on Missing tabs on display properties within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I suspect that I have a malware program that has affected my computer. I no longer have the ability to


 
 
Thread Tools Search this Thread
Old 12-16-2008, 09:03 AM   #1
Guest
 
Join Date: Dec 2008
Posts: 1
OS:



I suspect that I have a malware program that has affected my computer. I no longer have the ability to change my desktop properties. The tab to change the desktop photo is no longer available. I removed (or thought I'd removed) av2009 from my computer. I suspect it is still there, or there is another malware program. I ran the GMRE rootkit scanner twice, each time it ended with a pop-up window that said there was a rootkit problem. I've saved it as Ark.txt per the instructions on this site and will include it. I also include the DDS.txt and Attach.txt.

DDS is as follows:


DDS (Version 1.1.0) - NTFSx86
Run by Household at 11:27:47.90 on Tue 12/16/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1414 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\Pensoft\KeyBtn.Exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Household\Local Settings\Temporary Internet Files\Content.IE5\ZML7RCTQ\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.att.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.pctools.com/en/spyware-doctor/purchase/?src=b13/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {FBF2401B-7447-4727-BE5D-C19B2075CA84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LXDCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDCtime.dll,[email protected]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
uPolicies-system: RunStartupScriptSync = 1 (0x1)
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Similar Pages
IE: Translate into English
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: MsMsgSrv - MsMsgSrv.DLL
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\househ~1\applic~1\mozilla\firefox\profiles\f8pthdkc.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\documents and settings\household\application data\mozilla\firefox\profiles\f8pthdkc.default\extensions\[email protected]\components\piclensstub.dll
FF - plugin: c:\documents and settings\household\application data\mozilla\firefox\profiles\f8pthdkc.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\kmxstart.sys [2008-6-24 93712]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\VET-FILT.sys [2008-3-25 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\VET-REC.sys [2008-3-25 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VETEFILE.sys [2008-3-25 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VETFDDNT.sys [2008-3-25 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\VETMONNT.sys [2008-3-25 32240]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\ISafe.exe [2008-3-25 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service []
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\VetMsg.exe [2008-3-25 255216]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2005-9-12 4864]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VETEBOOT.sys [2008-3-25 108368]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe" [2008-3-25 185584]
S3 WTService;WTService;c:\windows\system32\atwtusb.exe -s []

=============== Created Last 30 ================

2008-12-16 09:20 <DIR> --d----- c:\program files\Trend Micro
2008-12-16 08:54 <DIR> --d----- C:\VundoFix Backups
2008-12-15 21:30 <DIR> --d----- c:\program files\CleanUp!
2008-12-15 21:24 <DIR> --d----- c:\program files\CCleaner
2008-12-12 07:28 244 a---h--- C:\sqmnoopt04.sqm
2008-12-12 07:28 232 a---h--- C:\sqmdata04.sqm
2008-12-12 07:26 244 a---h--- C:\sqmnoopt03.sqm
2008-12-12 07:26 232 a---h--- C:\sqmdata03.sqm
2008-12-11 14:32 244 a---h--- C:\sqmnoopt02.sqm
2008-12-11 14:32 232 a---h--- C:\sqmdata02.sqm
2008-12-11 14:31 244 a---h--- C:\sqmnoopt01.sqm
2008-12-11 14:31 232 a---h--- C:\sqmdata01.sqm
2008-12-11 14:29 244 a---h--- C:\sqmnoopt00.sqm
2008-12-11 14:29 232 a---h--- C:\sqmdata00.sqm
2008-12-08 13:13 <DIR> --d----- c:\windows\pss
2008-12-08 13:04 0 a------- c:\windows\system32\.tmp
2008-12-07 19:02 2,707 a------- c:\windows\system32\TDSSlxwp.dll
2008-12-07 19:02 485 a------- c:\windows\system32\TDSSmtvd.dat
2008-11-26 13:55 <DIR> --d----- c:\documents and settings\household\Contacts
2008-11-26 11:13 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2008-11-26 10:00 <DIR> --dsh--- c:\documents and settings\household\PrivacIE
2008-11-26 07:15 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-25 22:44 81,920 a------- c:\windows\system32\ieencode.dll

==================== Find3M ====================

2008-12-16 08:49 1,660 a------- c:\windows\system32\tmp.reg
2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-06 19:14 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 11:28:44.70 ===============

The Attach.txt and Ark.txt are zipped and attached.
Attached Files
File Type: zip Attach.zip (4.0 KB, 13 views)
File Type: zip ark.zip (7.5 KB, 13 views)
brenda9417 is offline  
Sponsored Links
Advertisement
 
Old 12-19-2008, 08:06 AM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

You have a nasty rootkit onboard. Be sure you've backed up any valued data before proceeding, as we recommend in our pre-posting topic.
Quote:
1. As a general rule, to offset any unexpected mishaps, your personal data should be backed up regularly. If you do not already have a process in place that backs up your data, it is highly recommended you do this now. Click here for guidelines on what to back up and how to do it.
---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

https://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-23-2008, 09:44 AM   #3
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Still with me, brenda9417?

I generally unsubscribe from threads after 7 days of inactivity. If I don't receive a reply from you within 3 days of this post, this topic will be closed.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Sponsored Links
Advertisement
 
Old 01-02-2009, 10:24 PM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/f50/...lp-305963.html
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:06 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts