I'm totally lost, help

[MetalX]

Hijackthis log of the most messed up PC I've ever seen.

Please, someone, analyze this

 

[Blind Dragon]

first off uninstall that version through add/remove programs then download the newest version. The older version doesn't show everything

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

 

[MetalX]

Well I managed to get most of the malware off, but the one thing that remains is blocking the desktop background from being changed. It doesn't appear in the task manager, as everything listed there is safe. (I googled them all.)

 

[Blind Dragon]

i can't tell you much without seeing a log, sounds like smitfraud but can't be sure

It could also just be that the infection changed a few settings in your registry. I recommend somehting for that too, but need more scans and can't request those until I see a correct Hijackthis log

If you attach the Hijackthis log I should be able to tell you

 

[MetalX]

Ok, I think I've removed most of it, like I said though, the desktop background is locked and won't change. Here's an updated HJT log.

 

[Blind Dragon]

first off uninstall that version through add/remove programs then download the newest version. The older version doesn't show everything

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

This still applies - go to add/remove programs and uninstall Hijackthis its not showing everyting

 

[MetalX]

Updated HJT and log.

 

[Blind Dragon]

Open notepad and copy and paste next bold in it:

regedit /e peek1.txt "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions"
type peek1.txt >> look.txt
del peek*.txt
start notepad look.txt


Save this as look.bat , choose to save as *all files and place it on your desktop.

It should look like this on your desktop:

Doubleclick look.bat
Notepad will open with some txt in it. Copy and paste the contents in your next reply.

 

[MetalX]

I did that exactly, and notepad opened when I ran look.bat, but there was no text in it. It's completely empty.

 

[Blind Dragon]

ok, let's get see what's up with your desktop then

Open notepad and copy and paste next bold in it:

regedit /e peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components"
type peek1.txt >> look.txt
type peek2.txt >> look.txt
del peek*.txt
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.

It should look like this on your desktop:

Doubleclick look.bat
Notepad will open with some txt in it. Copy and paste the contents in your next reply.

 

[MetalX]

Ok, here it is.


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"="0"
"NoEditingComponents"="0"
"NoChangingWallpaper"="0"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceActiveDesktopOn"="0"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

 

[Blind Dragon]

Try this

Making a .reg file
Open notepad and copy and paste the text in the quotebox below in it:

[b]REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=-
[/b]

Name the file as Fix.reg

Change the "Save As" type to "All Files" and save it on the desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Now try changing the desktop

 

[MetalX]

Ok, I did that, and it added to the registry, but it still won't allow desktop backgrounds to be changed.

 

[Blind Dragon]

Delete this file if present:
C:\WINDOWS\desktop.html

------------------------

Making a .reg file
Open notepad and copy and paste the text in the quotebox below in it:

[b]REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=-
"NoEditingComponents"=-
[/b]

Name the file as Fix.reg

Change the "Save As" type to "All Files" and save it on the desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.


Try changing the desktop. If it doesn't work try rebooting then try again