Windows XP desktop background trouble

[mazza]

Dear all,

First may I congratulate for such a great forum, I used it many times, found it very useful and helpful and learned quite a bit from it too. I just joined now and am basically a new member.

I have my friend's PC with Windows XP. Yesterday he opened a website which downloaded a trojan and forced him to download an "anti-virus" which installed even more crap on his PC. The PC got very slow, crashed and when trying to restart, the desktop icons won't show up. Now the PC is booting up but the desktop background is gone and is all black. From the Display Properties you cannot change the background. I removed some strange programs like MyWebSearch for example, from the startup in MSCONFIG but still the problem persists. After a scan with AVG anti-virus few trojans were being found and all deleted. Ad-Aware did not find any spyware neither. I tried them on SAFE MODE and also HiJackThis on SAFE MODE.

Here is a log from HiJackThis maybe someone could find anything wrong and tell me what to fix please.
=========================================================


Looking forward to recieve some solutions, thanks.

 

[Tedster]

1. post in the correct forum (security forum) next time.
2. boot in safe mode.
3. run a real anti-virus and real anto-trojan (spybot search & destroy)
report results.
4. sorry I don't do HJT logs.... someone else might.... don't have the time.

 

[N3051M]

Please read here to get you started: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Next, don't forget to attach your logs as an attachment, or else your post may as well be ignored.

 

[zipperman]

I don't read Hijack Logs either.Just post the problem area or hardware.
From what you've described,with this mess of virus's,
Do a format and New XP install.It doesn't appear you have much data to lose.
I never ever get virus's.It boggles my mind to read these posts.
Learn to protect your system.Ask here for how most do it.

 

[mazza]

Thanks for all your replies. I'll start with using Spybot Search & Destroy first till someone can read my Hijack log and give me an idea. Here I am attaching the same log as an attachment as someone suggested, sorry about it and for posting in the wrong forum, but I am still new here.

I agree with formatting the computer, but the computer is not mine, it's of a friend of mine and he is currently using it for some important work related stuff and doesn't have time for a format. His computer is protected by AVG anti-virus and other anti-spyware software, but he's not really into computers so that's why he got infected because he didn't know what was happening. I am sure there is a way of cleaning the infection before formatting.

Anyway I'll keep on trying.

 

[momok]

Hi

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please follow the next few instructions.

You are running an outdated version of HijackThis. You have also not renamed the executable file.

Please obtain the latest version from the link in my signature, rename the file and do a new scan. Have HijackThis fix the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fatati:4480
O2 - BHO: - {3ADE24A4-9F89-46D7-84E3-83987E98EA79} - C:\WINDOWS\lbbho.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.com/media/6364d3/games/files/669/lregameloader6.cab
O20 - AppInit_DLLs: pushow20.dll

Then save a log and post it as an attachment to this thread, as well as ComboFix and AVG Antispyware logs. The utilities can be downloaded from the links in my signature.


Regards,
Your friendly Momok =)

This thread is for the use of mazza only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[zipperman]

If you clean the infections,you won't need to Format.
Didn't an AVG Vscan remove the virus's.
This is hard to understand where you are.
Try here,for another very complete Scan.
http://housecall.trendmicro.com/housecall/start_corp.asp

 

[mazza]

Dear momok,

The problem still persists, I installed the new HijackThis and deleted the entries you told me, and here is the new logfile.
I also ran AVG antispyware and cleaned some medium threat spyware. Should I run them on safe mode? Or should I also try Spybot?

Thanks

 

[howard_hopkinso]

Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Locate and delete the following bold files and/or directories(if there).

C:\windows\system32\pushow20.dll

Reboot into normal mode and rehide your protected OS files.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of mazza only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.