james7707
asked on
Desktop background is white
I recently tried to remove a virus/spyware that was directing me to the site ucleaner and opening multiple windows, it also set background for me on my desktop to white.
Getting current message when rebooting:
Cannot find:///C:/Windows/Privacy
Running XP Pro single user.
Attach is the Hijack file for your reference.
hijackthisCurrent.log
Getting current message when rebooting:
Cannot find:///C:/Windows/Privacy
Running XP Pro single user.
Attach is the Hijack file for your reference.
hijackthisCurrent.log
Besides vundo and others , there is also an RBot entry showing in your log file --> O4 - HKLM\..\Run: [DelayLoad] C:\Temp\msprint.exe
So, running an SDFix before combofix might be a good idea.
Download SDFix and save it to your desktop.(either one below)
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
* Open the extracted folder and double click "RunThis.bat" to start the script.
* Type "Y" to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and attach the contents of the results file "Report.txt" back
So, running an SDFix before combofix might be a good idea.
Download SDFix and save it to your desktop.(either one below)
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
* Open the extracted folder and double click "RunThis.bat" to start the script.
* Type "Y" to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and attach the contents of the results file "Report.txt" back
ASKER
Appears to be back to normal. Desktop is back however I believe text heading under icons is larger than normal but not sure. Ran virus detecter, Avast and AVG Spyware no issues.
Here is most current logs you requested. For some reason RE: Hijackthis not able to find most current
version since only show 23 lines rather than 24 as you stated above.
hijackthis.log52908.txt
ComboFixlog.txt
report.txt
Here is most current logs you requested. For some reason RE: Hijackthis not able to find most current
version since only show 23 lines rather than 24 as you stated above.
hijackthis.log52908.txt
ComboFixlog.txt
report.txt
Thanks for the logs.
Do you recognize all the programs listed in Combofix? I haven't checked them yet, expecially those screensaver files(.scr) i.e.BlueAngel, crusade.scr you know them?
C:\WINDOWS\system32\Tools <-- did you created this folder?
Have you uninstalled some programs like below? just curious.
Messenger
Eyeball
The link below is HijackThis v2.0.2
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
023 entry will only show if you've configured your desktop component or if a hijacker hijacks it. In your case this entry below would've shown, and fixing that entry would've fixed the error "Cannot find:///C:/Windows/Privacy
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy
Do you recognize all the programs listed in Combofix? I haven't checked them yet, expecially those screensaver files(.scr) i.e.BlueAngel, crusade.scr you know them?
C:\WINDOWS\system32\Tools <-- did you created this folder?
Have you uninstalled some programs like below? just curious.
Messenger
Eyeball
The link below is HijackThis v2.0.2
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
023 entry will only show if you've configured your desktop component or if a hijacker hijacks it. In your case this entry below would've shown, and fixing that entry would've fixed the error "Cannot find:///C:/Windows/Privacy
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy
ASKER
Do you recognize all the programs listed in Combofix? I haven't checked them yet, expecially those screensaver files(.scr) i.e.BlueAngel - Y
crusade.scr you know them - Don't recognize this one.
C:\WINDOWS\system32\Tools <-- did you created this folder - No
Have you uninstalled some programs like below? just curious.
Messenger - Y
Eyeball - Y
The link below is HijackThis v2.0.2
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
023 entry will only show if you've configured your desktop component or if a hijacker hijacks it. In your case this entry below would've shown, and fixing that entry would've fixed the error "Cannot find:///C:/Windows/Privacy
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy
This error message has been eliminated!
Only other issue is some of the text on right column of ExpertsExchange is overlapping and shown in large TEXT....wasn't like this before..other website pages are fine so not why this website would be different?
Will try refreshing and google to see if this works.
Thanks for your time!
BTW here is latest HIjack file using current version you noted.
hijackthis.log52908R.txt
crusade.scr you know them - Don't recognize this one.
C:\WINDOWS\system32\Tools <-- did you created this folder - No
Have you uninstalled some programs like below? just curious.
Messenger - Y
Eyeball - Y
The link below is HijackThis v2.0.2
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
023 entry will only show if you've configured your desktop component or if a hijacker hijacks it. In your case this entry below would've shown, and fixing that entry would've fixed the error "Cannot find:///C:/Windows/Privacy
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy
This error message has been eliminated!
Only other issue is some of the text on right column of ExpertsExchange is overlapping and shown in large TEXT....wasn't like this before..other website pages are fine so not why this website would be different?
Will try refreshing and google to see if this works.
Thanks for your time!
BTW here is latest HIjack file using current version you noted.
hijackthis.log52908R.txt
With the EE overlapping large text; I can create the same problem when I switched to Premium skin if I adjust the text size.
In IE > View > Text size
try adjusting it to medium, smaller or small.
In IE > View > Text size
try adjusting it to medium, smaller or small.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks RPGGameGirl for your help!
No problem.
Thanks!
Thanks!
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy
For the white desktop, you can do this instead:
Click "Start", "Settings", and then click "Control Panel". Open the "Display" applet.
Click on "Desktop", "Customise Display..." and "Web".
In the box under "Web pages", select all the checkboxes and click "Delete".
Also run Combofix as other bad files are showing in the log also.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.