[Fboy]

Thank You! But i have just 2 tab in the desktop properties

Edited by Fboy, 23 April 2005 - 07:23 AM.

[Advertisements]

Download This to your desk top,, Closed the download box, find desktoptab on your desk top, Double click on it, when asked are you sure you want to add the information, choose yes and reboot,

Post back how you make out,

[don77]

Download This to your desk top,, Closed the download box, find desktoptab on your desk top, Double click on it, when asked are you sure you want to add the information, choose yes and reboot,

Post back how you make out,

[Fboy]

thanks now its okey... but i can change my wallpaper

[don77]

but i can change my wallpaper

Can or can't ?
If you can't post back a fresh Silent runners log please..

[Fboy]

sorry.. i cant change...

"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Arquivos de programas\Messenger\msmsgs.exe" /background" [MS]
"ESFTP" = "C:\Arquivos de programas\ESFTP.COM\ESFTP\esftp.exe /STARTUP" [file not found]
"MessengerPlus3" = ""C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"msnmsgr" = ""C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Smapp" = "C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
"QuickTime Task" = ""C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"DownloadAccelerator" = "C:\ARQUIV~1\DAP\DAP.EXE /STARTUP" ["Speedbit Ltd."]
"NeroCheck" = "C:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"]
"TkBellExe" = ""C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"MessengerPlus3" = ""C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office10\msohev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\SmartFTP\smarthook.dll" ["SmartFTP"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\wp.bmp"


Startup items in "Usuario" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
"Adobe Gamma Loader" -> shortcut to: "C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"hp psc 1000 series" -> shortcut to: "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
"hpoddt01.exe" -> shortcut to: "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"Microsoft Office" -> shortcut to: "C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"FRU Task #Hewlett-Packard#hp psc 1200 series#1106952726" -> launches: "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1106952726"" [empty string]
"WebReg 20050129205306" -> launches: "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe /TaskName 20050129205306 /N "HP psc 1200 Series" /M Q1662A /S BR43E4G0SW5H /AP 303 /F /T " ["Hewlett-Packard Co."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}"
-> {CLSID}\(Default) = "FlashGet Bar"
-> {CLSID}\InProcServer32\(Default) = "C:\ARQUIV~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\ARQUIV~1\FlashGet\flashget.exe" ["Amaze Soft"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Arquivos de programas\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
AVG7 Alert Manager Server, Avg7Alrt, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Machine Debug Manager, MDM, ""C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

Edited by Fboy, 24 April 2005 - 08:35 AM.

[don77]

OK,

*Download and install Registrar Lite version 2.00
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.

Restart your computer,

Let us know how you make out

[Fboy]

THANK YOU! now all is working! thanks!!!

[don77]

Great news!! Your very welcome, Glad we could help
Be sure and follow the suggestion in my earleir reply

Please use the following suggestion to help prevent reinfection