|
| ||
| windows xp desktop background problem I can't change my desktop background. when i try to select a group from the list after right clicking on the desktop and clicking 'properties' 'desktop' and in the background area it has 'none' at the top with a circle and line through it beside it. it won't let me change the background which is just a plane blue screen. I can use my desktop icons. my internet explorer is starting to act up and I frequently have to control alt. del. I donwnloaded the hijackthis thing and here is my log. Any asistance would be greatly appreciated as this is becoming a huge pain. Logfile of HijackThis v1.99.1 Scan saved at 11:12:03 PM, on 10/17/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\carpserv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Steve\Application Data\F?nts\m?config.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Steve\LOCALS~1\Temp\Rar$EX00.463\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: (no name) - {2263A239-4FD9-5458-81DF-64349471B3CE} - C:\WINDOWS\System32\qifoext.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2263A239-4FD9-5458-81DF-64349471B3CE} - C:\WINDOWS\System32\qifoext.dll O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\system32\durvil1.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {6b962594-0e69-4ac4-b6f8-eae962809df4} - C:\WINDOWS\system32\egaapi.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Szdla] C:\Documents and Settings\Steve\Application Data\F?nts\m?config.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Documents and Settings\Steve\My Documents\TYK\America Online 8.0\aoltray.exe O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} - http://www.terp17.com/ax/axo.cab O20 - AppInit_DLLs: O20 - Winlogon Notify: egaapi - C:\WINDOWS\SYSTEM32\egaapi.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
| ||
| Re: windows xp desktop background problem Yeah, i can see you could well be having problems.... Is there any reason that you are not running SP2? it's a big download, but it is ALL about security... More on security, download the latest update for SUN Java - it is to fix security holes also. From control panel >java, and click the update tab. You're making it tough for youself being this wide open. Okay, enough scolding.. :) .. on with the cleanup. Not a bad collection, but nothing to boast about, really....:) I put all my cleaners, scanners etc in the same partition as my program files... if u only have a C: drive then open a new folder for this stuff.. however, HT deserves a folder unto itself. Please do not run it from the temp folder as you have done - it may miss a lot of stuff. A point, if you don't do these all these steps some things may not get fixed... You may wish to save this to Notepad for the time being. -I would like you to download CCleaner from http://www.majorgeeks.com/download4191.html and put it in a new folder. -Go here and get Ewido 4 [free].:- http://free.grisoft.com/doc/2/lng/us/tpl/v5 Install it alongside your other regular applications in Program Files, because you should keep it for scanning once a week or so - put an icon on your desktop. So, Ewido:- start it; the main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Click on update tab and then Update Now. When it finishes click on scanner tab and then Settings:- How to act- click on recommended action and set Quarantine. For reports, set to generate after every scan and untick only if threats found. Finally down on the tray right click the Ewido icon and untick Start with windows, an then Exit it. Don't scan yet. Ok, you're done with the net. Shut it down. Disconnect..... whatever... Rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... but there is a job to do... Go into safe mode [Restart, key F8 immed after POST runs and select Safe Mode and Enter.... You'll get a dark desktop with icons etc...] Start Ewido, do the full system scan. Click "Apply all actions" to place any infected files into Quarantine, and only then click on "Save Report" to view all completed scans; click on the scan you just performed and select "Save report." Note: Close all open windows, programs, and DO NOT USE the computer while Ewido is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper Ewido's ability to clean properly and may result in reinfection. And now, still in Safe Mode and with NOTHING else open, run Hijack This, check the items i list below and Fix them. [if they still exist] By nothing else open, i mean open the explorer folder of HT, start it by dclicking the .exe, then CLOSE the explorer folder, close ALL apps including browsers [you should be off the net anyway], and finally start the scan. Checkmark the following for fixing [if they still exist] and FIX them. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: (no name) - {2263A239-4FD9-5458-81DF-64349471B3CE} - C:\WINDOWS\System32\qifoext.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {2263A239-4FD9-5458-81DF-64349471B3CE} - C:\WINDOWS\System32\qifoext.dll O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\system32\durvil1.dll O2 - BHO: (no name) - {6b962594-0e69-4ac4-b6f8-eae962809df4} - C:\WINDOWS\system32\egaapi.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Szdla] C:\Documents and Settings\Steve\Application Data\F?nts\m?config.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} - http://www.terp17.com/ax/axo.cab O20 - AppInit_DLLs: O20 - Winlogon Notify: egaapi - C:\WINDOWS\SYSTEM32\egaapi.dll Finally go into this windows folder and delete these three files if they still exist. You first will have to check "show hidden files and folders" via Tools > folder options > view... C:\WINDOWS\System32\qifoext.dll C:\WINDOWS\system32\durvil1.dll C:\WINDOWS\system32\egaapi.dll Done? then back to normal windows mode, run HT again and please post it. |
| ||
| Re: windows xp desktop background problem No, That's a vundo infection so a special tool is needed here. Checking with HJT won't solve the problem. download VundoFix.exe to your desktop.
|
| All times are GMT -4. The time now is 11:58 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC