Desk top Wallpaper frozen

  • Thread starter Thread starter Charlie3110
  • Start date Start date
C

Charlie3110

My desk top was high jacked by some unknown malware and I took your
instructions to rid myself of it using the Smitfraudfix and it worked well
and got rid of the malware but try as I may I cannot get the choice of wall
paper back. I have tried the Auto fix from Kelly's corner and that doesn't
work I have tried the maual regedit following your instructions and that
doesn't work. I am missing something simple. I can change the colour of the
desk top but cannot change to bliss even though I can see the options. I
would appreciate any further help? Thanks Charlie
 
pcbutts1 said:
Try my desktop reset tool. Download it here
Click to expand...

On the same site as filthy pornographic materials created by butts.

Do you really want to support his filth by visiting his site?

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)
 
thanks for that Leythos I have stayed well away from his site as it was
probably something like that which hijacked my desktop in the first
place............but if he really has a tool that works and is not trying to
hijack me again then i am so desperate to sort it that I am tempted to have a
look. Any one else who has been on this site and used the tool? Love to hear
from you.
Charlie
 
pcbutts1 said:
Check my
feedback and see what others have said about it
Click to expand...

Why not post the links to the filth on your website that you've created
and posted so many times in the Usenet groups.

They can be found in the signature part of a message at this link:
http://forums.speedguide.net/archive/index.php/t-223485.html

That's all your creation, actually you pirated it from others and then
changed it, but you've claimed ownership of it, and it's hosted on your
website - the same site you direct people to for you suspect tools.

As for your feedback - anyone can create a blog and fake posts to
inflate their ego and fool others. Your problem is that you exposed your
true self in your own usenet posts and the filth you have on your
website. You are your own worst enemy.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)
 
Hi to Leythos and to PCButts. I am not in the habit of taking people's word
for anything without forming an opinion for myself as well so I checked out
PCButts site and it looks OK. I don't know what the problem between you two
is and I don't want to know but without a lot of effort I found out that
PCButts is a woman and so the vitriol that Leythos has for her is strange as
he constantly refers to her as a him! I am going to try the fix offered by
PCButts and if it works then I will add to the positive feedback that she has
got from other grateful users.
Charlie
 
Charlie3110 said:
Hi to Leythos and to PCButts. I am not in the habit of taking people's word
for anything without forming an opinion for myself as well so I checked out
PCButts site and it looks OK. I don't know what the problem between you two
is and I don't want to know but without a lot of effort I found out that
PCButts is a woman and so the vitriol that Leythos has for her is strange as
he constantly refers to her as a him! I am going to try the fix offered by
PCButts and if it works then I will add to the positive feedback that she has
got from other grateful users.
Charlie
Click to expand...

The first thing to know is Butts is a man and NOT a woman. It is a lie.
It is also a lie on the propaganda blog that Butts is a MVP.

Your research was faulty as you ONLY looked at Butts' site and didn't
look elsewhere.

So he says he is a MS MVP, see what the MVP community has to say.
http://msmvps.com/blogs/spywaresucks/archive/2006/11/10/272921.aspx
http://msmvps.com/blogs/spywaresuck...lieve-PCBUTTS1-has-finally-lost-the-plot.aspx


Read what others are saying about Butts.

http://www.securiour.com/2006/pcbutts1-returns…/

http://www.viruslist.com/en/weblog?weblogid=197597102
http://www.viruslist.com/en/weblog?discuss=197597102

http://www.bleepingcomputer.com/securityblog/2006/09/07/pcbutts1what-a-royal-pain-in-the-buttm/

http://www.atribune.org/Blog/?p=16

http://www.temerc.com/forums/viewtopic.php?p=3422572
 
You're an idiot. You don't know me. I am female, you are just pissed because
I look nothing like you expected. You want proof ask Lulu or what ever name
she is posting under. She is the only one who has seen me in person when she
tried to sue me. Why do you phucking care anyway?


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
 
Oh Dear all I wanted to do was to restore my PC desk top to standard. I
didn't know that it would bring upon all this vitriol. Sorry
Charlie
 
I have the removal tools and desktop restting tool whoever wrote the script.
Unfortunately all it did was make my screen resolution very low so it looks
as though I am in safe mode. Any ideas please.
Thanks
Charlie
 
I have got the look of the Desk top back to normal as it had changed the
Theme of the desktop. I have changed it back to XP and it looks as it should
but i am still unable to change the Wallpaper to Bliss even though I have run
Kelly's resetter and now the PCButts resetter. Very sad, I used to love
looking at the grandchildren as my Wallpaper. Any further ideas I would be
extremely grateful?
Thanks
Charlie
 
Any further ideas I would be
extremely grateful?
Click to expand...

Normally when things get totally screwed up on a PC you can do a repair-
reinstall and recover your system, it's a last ditch method but it
normally works and it puts back all the important files.

google for "windows xp repair reinstall" and follow the directions
carefully.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)
 
Hi Leythos Thanks for that and your other help. It seems a drastic step to
do a repair reinstall but if needs must. I think I will just live with the
blank desk top for a while as it is not as though I spend a lot of time
looking at it!
Charlie
 
Hi PC
Thanks for your continued interest, would really like to crack this but as
a silver surfer I sometimes realise that there are some things that I will
not be able to sort out. I have run your tools to eradicate any malware and I
have even run the desktop tool in isolation even though you have told me that
they are now combined. When I try to change the wall paper I right click on
the desktop and then choose properties. I choose the Desktop tab and where I
use to be able to change the wallpaper to Bliss or one that I have uploaded,
even though I can see the selections they are not highlighted and I cannot
click on them. I can change the colour of the back ground however. Something
else that I have noticed is that when I ran your tools the screen definition
had changed and I restored that by changing the theme from My Current Theme
to which it had defaulted to Windows XP. I note however that my laptop has a
Windows XP (modified) as it's theme but this is not an option now on my Desk
Top? Any further help would get my eternal gratitude.
Charlie
 
Go back to my website and run my diagnostic tool called "What's Live Running
Now" it will generate a log file when it finishes scanning. Email me a copy
of hat log file. You could have GPO that is preventing you from making the
changes, that log file will tell me if you do.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
 
pcbutts1 said:
Go back to my website
Click to expand...

Filled with porn and filth.... Don't trust sites like that.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)
 
Hi PC and thanks for your continued interest in helping me out. I will try to
past the log file here but will also try to sen it to you email address.
Thanks again, Charlie

"running now.vbs", revision 70, http://www.pcbutts1.com/downloads/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet" ["Yahoo!
Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"eyeBeam SIP Client" = ""C:\Program Files\BT Broadband Talk
Softphone\BTSoftphone.exe"" [null data]
"LDM" = "C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech Inc."]
"swg" = "C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe"
/background" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef
/Migration32" [MS]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"Ulead AutoDetector v2" = "C:\Program Files\Common Files\Ulead
Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."]
"YBrowser" = "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" ["Yahoo! Inc."]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe""
["Hewlett-Packard Company"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot" ["RealNetworks, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software
Gmbh"]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"btbb_wcm_McciTrayApp" = "C:\Program Files\btbb_wcm\McciTrayApp.exe"
["Motive Communications, Inc."]
"Run StartupMonitor" = "StartupMonitor.exe" [null data]
"HP Software Update" = "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe" ["Hewlett-Packard"]
"LogitechCommunicationsManager" = ""C:\Program Files\Common
Files\LogiShrd\LComMgr\Communications_Helper.exe"" ["Logitech Inc."]
"LogitechQuickCamRibbon" = ""C:\Program
Files\Logitech\QuickCam\Quickcam.exe" /hide" ["Logitech Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems
Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) =
"C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) =
"C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Symantec Intrusion
Prevention"
-> {HKLM...CLSID} = "Symantec Intrusion Prevention"
\InProcServer32\(Default) =
"C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll" ["Symantec Corporation"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program
files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live Toolbar\msntb.dll" [MS]
{CC79522A-9E3B-4bc9-9218-D95EC5DA5349}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DeskalertsBHO"
\InProcServer32\(Default) = "C:\Program
Files\DeskAlerts\deskbar.dll" ["Deskalerts"]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SidebarAutoLaunch Class"
\InProcServer32\(Default) = "C:\Program
Files\Yahoo!\browser\YSidebarIEBHO.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) =
"C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne
Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program
Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) =
"C:\Apps\RecordNow\shlext.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) =
"C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop
Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) =
"C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom
Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) =
"C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon
Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft
Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common
Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common
Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony
Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile
Communications AB"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"
-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live\Mail\mailcomm.dll" [MS]
"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery
Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery
Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery
Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program
Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) =
"C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"stera" [file not
found]|"lsdelete" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common
Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) =
"NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common
Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) =
"{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) =
"C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) =
"C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) =
"{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) =
"C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"_NoDriveTypeAutoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{Don't save settings at exit}

"ClassicShell" = (REG_DWORD) hex:0x00000000
{Enable Classic Shell / Turn on Classic Shell}

"NoThemesTab" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoBandCustomize" = (REG_DWORD) hex:0x00000000
{Disable customizing browser toolbars}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableTaskMgr" = (REG_DWORD) hex:0x00000000
{Remove Task Manager}

"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoColorChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSizeChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000
{Hide Desktop tab}

"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispCPL" = (REG_DWORD) hex:0x00000000
{Remove Display in Control Panel}

"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoPopupManagement" = (REG_SZ) 0
{Turn off pop-up management}

HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoAddingComponents" = (REG_SZ) 0
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Program Files\winvi\dsktp\desktop.html"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssflwbox.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software
Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"Check Updates for Windows Live Toolbar" -> launches: "C:\Program
Files\Windows Live Toolbar\MSNTBUP.EXE" [MS]
"Norton AntiVirus - Run Full System Scan - Jiggy" -> launches: "C:\Program
Files\Norton AntiVirus\Navw32.exe /TASK:"D:\Documents and Settings\All
Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca""
["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program
files\google\googletoolbar1.dll" ["Google Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live Toolbar\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live Toolbar\msntb.dll" [MS]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program
files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}\(Default) = (no title provided)
-> {HKLM...CLSID} = "BT Yahoo! Sidebar"
\InProcServer32\(Default) = "C:\Program
Files\Yahoo!\browser\ysidebarIE.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) =
"C:\WINDOWS\system32\Shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default)
= "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program
Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
"ButtonText" = "Blog This"
"MenuText" = "&Blog This in Windows Live Writer"
"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"
-> {HKLM...CLSID} = "BlogThisToolbarButton Class"
\InProcServer32\(Default) = "C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll" [MS]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
"ButtonText" = "BT Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) =
"C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]

{6F477182-DE4F-4326-ACE3-3110A676771B}\
"ButtonText" = "PlanetLuck.com"
"MenuText" = "PlanetLuck.com"
"CLSIDExtension" = "{6F477182-DE4F-4326-ACE3-3110A676771B}"
-> {HKLM...CLSID} = "IECmdExecute Class"
\InProcServer32\(Default) = "C:\Program Files\Planetluck
Casino\bin\IEExtension_PL.dll" [empty string]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) =
"C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"MenuText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe"" ["Lavasoft"]
AOL Connectivity Service, AOL ACS,
"C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple,
Inc."]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program
Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"" ["Symantec Corporation"]
Generic Service for HID Keyboard Input Collections, GenericHidService,
"c:\APPS\HIDSERVICE\HIDSERVICE.exe" [null data]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe""
["Apple Inc."]
LiveUpdate Notice, LiveUpdate Notice, ""C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
LVCOMSer, LVCOMSer, ""C:\Program Files\Common
Files\LogiShrd\LVCOMSER\LVComSer.exe"" ["Logitech Inc."]
Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""C:\Program
Files\Windows Live\Messenger\usnsvc.exe"" [MS]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Process Monitor, LVPrcSrv, ""C:\Program Files\Common
Files\LogiShrd\LVMVFM\LVPrcSrv.exe"" ["Logitech Inc."]
SmartLinkService, SLService, "slserv.exe" [" "]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common
Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


---------- (launch time: 2008-02-25 08:56:57)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 122 seconds, including 18 seconds for message
boxes)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Desk top theme 3
Loss of Desk Top 1
Removing Internet Explorer wallpaper 2
white screen wallpaper 3
desk top problem 2 4
desk top icons 2
PDF file 2
desk top icon spacing 4

Back
Top