Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to change background


  • This topic is locked This topic is locked

#1
Snefens

Snefens

    New Member

  • Member
  • Pip
  • 5 posts
This morning I started up the computer. I got a error message from my firewall, which then failed to start. A few seconds later my anti-virus program went off about a file and my background changed to a image saying I had to run this and that program to get rid of a virus.

Obviously a hoax I went off-line and started to clean out my system, finding several programs and other nasty programs that had installed. I also found the image file that had been used to simulate a warning message by setting as my desktop background.

Now after having cleaned it all up, everything is back to normal and I'm pretty sure I got it all. Only, it must have changed some setting or I have been a bit to thorough with deleting files, cause when right clicking on the desktop and selecting properties, the tab that used to be at the top allowing to change background is missing. There are only the "Screen saver" and "Settings" tab. I tried reinstalling my video-drivers but no go. Desktop background is simply a black screen.

I've followed the various instructions on this site about cleaning my system, and my logfile is attached. Hoping there is some simple solution.

Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 23:52:41, on 14-04-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
d:\AVPersonal\AVGUARD.EXE
d:\AVPersonal\AVWUPSRV.EXE
D:\OUTPOS~1.0\outpost.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Snefens\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virtualpilots.fi/LLv34/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Outpost Firewall] "D:\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKLM\..\Run: [AVGCtrl] d:\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: SpySubtract.lnk = D:\SpySubstract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\OUTPOS~1.0\trash.exe (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\OUTPOS~1.0\trash.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100205412303
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.dans...B/e-Safekey.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - d:\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - d:\AVPersonal\AVWUPSRV.EXE
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - D:\OUTPOS~1.0\outpost.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

  • 0

Advertisements


#2
Snefens

Snefens

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Noone have any idea on this?
  • 0

#3
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I do!

Welcome Snefens to Geeks to Go!

Sorry about the delay, the forums are very busy.

Download the following file and unzip it to your desktop. Then doubleclick it and grant permission to merge the registry entries.

restoretool

Let me know how it is now?
  • 0

#4
Snefens

Snefens

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Added it and rebooted, but unfortunately the tab is still missing.
  • 0

#5
Snefens

Snefens

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
At least I found I can right click images on the net and select "Set as background". Then I just need to be able to choose how it should stretch the background (if it doesn't fit).
  • 0

#6
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please download this file.
Unzip it to your desktop and doucleclick the file. Grant permission to add to the Registry.

Any luck now?
  • 0

#7
Snefens

Snefens

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No change :tazz:
  • 0

#8
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Download and Save Spywadfix to your computer from this link:
http://www.thespykil...s/spywadfix.exe.

It will automatically extract to c:\spywad where it needs to be to run and will automatically open the remove spywad.vbs script for you ready to paste in a line.

As you cleaned out the primary infection yourself, close this script.

Each of the Users on the System needs to be signed in to clean up their desktop and regain the right click.

Another vbs has been included to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the C:\Spywad folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

You will need to do this step for every user account

To reset your wallpaper, open Display Properties > Desktop Tab. Choose a Wallpaper and apply. Close Display Properties. To see the change, click on the desktop and press F5.


EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original post and still need assistance, please send me a PM.

Edited by g2i2r4, 06 May 2005 - 11:43 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP