Favorites are replaced with System 32 files.

Hello I'm new! I have serious problem with my favorites menu it no longer has my websites, it has system 32 files in it. I've downloaded some spyware software found spyware on my machine, I have done virus scans on freewebsites and I found trojans. Can anybody tell me how do I solve this problem?

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
Do not post a Hijack This Log until you have completed every step in this READ ME!

After doing ALL of the above if you still have a problem:

• Download HijackThis 1.99.1

• Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

• Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.

• Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

• Run HijackThis and save your log file.

• Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).

• Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Thank you for your reply, I have uploaded the attachment.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Viewpoint


Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.



Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see it, try to END it:

ViewMgr.exe

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [dkdqr] C:\WINDOWS\dkdqr.exe
O4 - HKLM\..\Run: [xwv] C:\WINDOWS\xwv.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com

O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

O23 - Service: Accesso pannello remoto (apanr) - Unknown owner - C:\WINDOWS\downlo~1\hbj3u\rkblb8t.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Viewpoint ←–– Delete this whole folder if it exist!

C:\Program Files\MyWay ←–– Delete this whole folder if it exist!

C:\WINDOWS\dkdqr.exe

C:\WINDOWS\xwv.exe


NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Thanks for the speedy reply, I followed your latest instructions. The files are still in my favorites, and notice some of them are C:/windows files. I've uploaded my latest log.

Thank You

 

I also notice that when I add favorties now they go in the c:/windows.

 

Have Hijack This fix the below entry:

O23 - Service: Accesso pannello remoto (apanr) - Unknown owner - C:\WINDOWS\downlo~1\hbj3u\rkblb8t.exe (file missing)

NEXT:
Click Start > Run > type in services.msc

Locate Accesso pannello remoto (apanr), once located right click and select properties.

Next to Startup type set it to Disabled

Click Apply and OK.

NEXT:
Go into the directory:

C:\Documents and Settings\YOUR USERNAME\Favorites

Delete anything you did not put there! Also, make a note a tell me the exact file names you remove.

 

I perform every thing that you stated.

Before I posted here I was consulting mcafee support via email and they suggested that I delete my favorites, so I clicked on the star shaped folder itself and deleted it. I know I messed up, from what your telling me to do from their, I hope that your still able to help me from this point.

 

Was you able to locate and disable the service?

Navigate to the following folder:

C:\Documents and Settings\YOUR USERNAME

Right Click > New > Folder > Name it Favorties

 

I think I disabled the original favorites file because I deleted. I created a new favorites folder, but the when I add favorites, they don't go in that folder, they go into C:/windows.

 

Is it possible for me to go back in a point in time before my favorites were this way. This is very unsual and strange to me.

 

You can check System Restore to see if you have a date you can go back to.

 

You have any suggestions about the Favorites issue?

 

To Change the Location:

Start/Run/Regedit

HKEY CURRENT USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. In the right pane, right click Favorites/Modify/Change path. To verify: On the Favorites menu, click Organize Favorites.

I did the affromentioned and I got system 32 and c:windows files out of my favorites menu, however, the menu is empy and I am not able to add new favorites. I motified the new location to C:/documents and settings/my name/favorites. I think were almost their people.

 

I think I finally fixed it. When I ran REGEDIT I put in C:documents and settings/myname/favorites, then I left the /favorites out, because it I was not able to add any favorites. Now I am able to add favorites, they would appear on the menu and when i go to C:documents and settings/myname/, so I created a new favorites folder and put them in their. Was I suppose to be able to add the /favorites in REGEDIT?

 

Ok I finally fixed it, I added \Favorites (must have been a typing error when I did it the last time) and it worked this time, and the menu looks like old times. I really want to thank bjgarrick and chaslang for helping with this problem, you guys save me some money by having to phone a software support team. As long as I got a cpu, you have a member here for life, you guys really know what your talking about, and a again Thank You.


I feel so relieved now.