944,134 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > deaktop background stuck with Blue color!!
Ad:
Permalink
Feb 1st, 2007
0

deaktop background stuck with Blue color!!

Expand Post »
I think i am hit by a virus/spyware. I got a windows security alert balloon. when i restarted my computer, it disappeared but my desktop background is stuck with a blue color and when i try to change it, the option seems to be locked or diabled. I tried to delete all spyware using AVG anti-spyware. Though it shows Deleted, the problem still exists. Your help to resolve this problem will be appreciated.

I am posting a copy of the log file:

Logfile of HijackThis v1.99.1
Scan saved at 6:59:13 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\SYSTEM32\SVCHOST.EXE
D:\WINDOWS\system32\ACS.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
D:\WINDOWS\system32\DVDRAMSV.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\EzButton\EzButton.EXE
D:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
D:\Program Files\TOSHIBA\Power Management\CePMTray.exe
D:\Program Files\ltmoh\Ltmoh.exe
D:\WINDOWS\AGRSMMSG.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
D:\WINDOWS\system32\RAMASST.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\Saju Abraham K\Local Settings\Temp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EzButton] D:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] D:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] D:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [LtMoh] D:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = D:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - D:\WINDOWS\system32\ACS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - D:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - D:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
jack_claud is offline Offline
6 posts
since Feb 2007
Permalink
Feb 1st, 2007
0

Re: deaktop background stuck with Blue color!!

Click to Expand / Collapse  Quote originally posted by jack_claud ...
I think i am hit by a virus/spyware. I got a windows security alert balloon. when i restarted my computer, it disappeared but my desktop background is stuck with a blue color and when i try to change it, the option seems to be locked or diabled. I tried to delete all spyware using AVG anti-spyware. Though it shows Deleted, the problem still exists. Your help to resolve this problem will be appreciated.
-- Can you give us a fresh AVG Scanlog?

Please relocate HijackThis to a safer location. Most Forum volunteers expect to find it at C:\Program Files\HijackThis or C:\HijackThis.

THEN:
-- Please download Peekaboo.bat to your Desktop.
-- DoubleClick peekaboo.bat and give it a couple seconds to run.
A log should pop up in Notepad. Please attach that (peek.txt) for me using the "manage attachments" button when you post back (scroll down).

BTW - You should be advised that anytime somebody in any forum gives you an unknown program to run (even a simple batch like this one), it is strictly a "Use At Your Own Risk" proposition!

Anyhoo, it is up to you if you want to trust me


Cheers
PP
Moderator
Reputation Points: 169
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,576 posts
since Dec 2006
Permalink
Feb 1st, 2007
0

Re: deaktop background stuck with Blue color!!

I have attached the AVG Scan log and the peekaboo log. I hav also place the HijackThis log file in the path C:\Hijack This\hijackthis.txt.. pls have a luk at these.. thnxx

I tried to atttach these files but for some reason its gving an error on the page!! So, i am posting the two files here:

Peekaboo log:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]
"WallpaperFileTime"=hex:b4,55,a7,70,3d,46,c7,01
"WallpaperLocalFileTime"=hex:b4,4d,d1,87,13,46,c7,01
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]
"NoChangingWallpaper"=dword:00000000
"NoComponents"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoHTMLWallPaper"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"Wallpaper"=""
"DisableRegistryTools"=dword:00000000
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General]
"BackupWallpaper"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,\
00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,\
63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,5c,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,61,00,6c,00,\
6c,00,70,00,61,00,70,00,65,00,72,00,31,00,2e,00,62,00,6d,00,70,00,00,00
"WallpaperFileTime"=hex:b4,55,a7,70,3d,46,c7,01
"WallpaperLocalFileTime"=hex:b4,4d,d1,87,13,46,c7,01
"TileWallpaper"="0"
"WallpaperStyle"="2"
"Wallpaper"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,00,\
61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,5c,00,4d,00,69,\
00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,61,00,6c,00,6c,00,\
70,00,61,00,70,00,65,00,72,00,31,00,2e,00,62,00,6d,00,70,00,00,00
"ComponentsPositioned"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas]
"NoOfOldWorkAreas"=dword:00000001
"OldWorkAreaRects"=hex:00,00,00,00,00,00,00,00,00,05,00,00,02,03,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General]
"Wallpaper"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,57,00,65,00,62,00,5c,00,53,00,61,00,66,00,65,00,4d,00,6f,\
00,64,00,65,00,2e,00,68,00,74,00,74,00,00,00
"VisitGallery"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Scheme]
"Edit"=""
"Display"=""




AVG Sacn_log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:47:18 PM 2/1/2007
+ Scan result:

D:\Temp\acc.exe/ADPROT.EXE -> Adware.AdBlaster : Ignored.
D:\Temp\acc.exe/Sngpw36.exe -> Adware.AdBlaster : Ignored.
D:\Temp\acc.exe/Sngsh33.dll -> Adware.AdBlaster : Ignored.
D:\Temp\acc.exe/ngpw36.exe -> Adware.AdBlaster : Ignored.
D:\Temp\acc.exe/ngsh33.dll -> Adware.AdBlaster : Ignored.
D:\System Volume Information\_restore{96A8E3CB-2DB8-49B3-B45A-D27D2307B3D6}\RP43\A0011862.dll -> Adware.Minibug : Ignored.
D:\System Volume Information\_restore{96A8E3CB-2DB8-49B3-B45A-D27D2307B3D6}\RP43\A0011861.exe -> Adware.SaveNow : Ignored.
D:\System Volume Information\_restore{96A8E3CB-2DB8-49B3-B45A-D27D2307B3D6}\RP43\A0011863.exe -> Backdoor.DSNX.05.a : Ignored.

::Report end
Reputation Points: 10
Solved Threads: 0
Newbie Poster
jack_claud is offline Offline
6 posts
since Feb 2007
Permalink
Feb 2nd, 2007
0

Re: deaktop background stuck with Blue color!!

You should have AVG CLEAN the items it finds. You have a couple things hiding in System Restore.....

-- Please download FixxIt.zip and Extract FixxIt.reg to your desktop.
DoubleClick on FixxIt.reg and allow it to merge into the registry.
REBOOT

You ought to be able to reset your Desktop now.

Cheers
PP
Moderator
Reputation Points: 169
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,576 posts
since Dec 2006
Permalink
Feb 2nd, 2007
0

Re: deaktop background stuck with Blue color!!

thnxx a lot.. my desktop background is back.. but now a new problem has occured.. it seeems, when i try to connect to my wireless network, its giving "Limited or no connectivity " error all the time.. wat do i do now?
Reputation Points: 10
Solved Threads: 0
Newbie Poster
jack_claud is offline Offline
6 posts
since Feb 2007
Permalink
Feb 2nd, 2007
0

Re: deaktop background stuck with Blue color!!

this happened immediately after i fixed the previous problem of the desktop background,.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
jack_claud is offline Offline
6 posts
since Feb 2007
Permalink
Feb 2nd, 2007
0

Re: deaktop background stuck with Blue color!!

Click to Expand / Collapse  Quote originally posted by jack_claud ...
this happened immediately after i fixed the previous problem of the desktop background,.
This would be completely unrelated to what we just did.

The registry keys we addressed have nothing to do with your wireless network.


You could try this:
Click Start > Run > type CMD > Enter
Type or Copy&Paste: ipconfig /flushdns > Press Enter
(Be sure to leave the space between the g and the / )

If that doesn't help, we can try a few other things....

PP
Moderator
Reputation Points: 169
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,576 posts
since Dec 2006
Permalink
Feb 2nd, 2007
0

Re: deaktop background stuck with Blue color!!

i rebooted my computer after a long time.. everything luks normal nw.. i didnt do anythin to fix the network isuue.. perhaps ur rite tht it has nothin to do with wat we js did..

anyway, thnx a lot for helpin me gettin rid of tht annoyin desktop stuff.. really appreciate.. :-))
Reputation Points: 10
Solved Threads: 0
Newbie Poster
jack_claud is offline Offline
6 posts
since Feb 2007
Permalink
Feb 2nd, 2007
0

Re: deaktop background stuck with Blue color!!

Click to Expand / Collapse  Quote originally posted by jack_claud ...
i rebooted my computer after a long time.. everything luks normal nw.. i didnt do anythin to fix the network isuue.. perhaps ur rite tht it has nothin to do with wat we js did..

anyway, thnx a lot for helpin me gettin rid of tht annoyin desktop stuff.. really appreciate.. :-))
Happy to help!

-- I think I initially misinterpreted your connection problem. Looking at it again, it looks like some troubleshooting of your wireless network might be in order.
It could be related to any number of things: Firewall settings, Winsock, Network Card, Router, and so on.....

Best Luck
PP
Moderator
Reputation Points: 169
Solved Threads: 106
Central Scrutinizer
PhilliePhan is offline Offline
1,576 posts
since Dec 2006

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Help ! Browswer hijacked, Zlod tojan & Symantec Error
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Cannot find 'http://nexoa.com/rankboost.php' Make sure the path or internet....





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC