This solution WILL fix your problem, but don’t run away afterwards and forget about us.
HelpMeRick.com contains hundreds of tips (and video tips) that YOU can use as a reference for yourself and
especially as a reference to send links to your friends/family so you don’t have to write out or explain the steps yourself!
I ran into this problem earlier this week and found the solution. The customer could not change his desktop background to any of the stock photos in Windows or his own photos…something that any Windows user should be able to do. Turns out that the root cause of the problem is spyware. Even after removing the spyware a registry (skeleton of Windows) entry gets left behind disabling the users ability to change the background. Deleting this entry restores the ability for the user to again have a normal functioning desktop.
WARNING: THIS SOLUTION IS ONLY FOR COMPUTERS THAT HAVE THIS SPECIFIC PROBLEM. AND IT IS INTENDED TO ONLY BE CARRIED OUT BY AN EXPERIENCED TECHNICIAN OR COMPUTER USER WITH REGISTRY EXPERIENCE.
- Click Start
- Click Run
- Type: regedit
- Navigate to the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System”Wallpaper”=SZ:C:\WINDOWS\desktop.html (yours might be slightly different)
- Click one time on the entry
- Push Delete on the keyboard
- Click Yes
- Close the Registry editor
HOW TO MAKE YOUR ICON TEXT TRANSPARENT:
1. Open the Control Panel
2. Click System
3. Click the Advanced tab
4. Click Settings in the Performance section
5. Check the “Use drop shadows for icon labels on the desktop” check box
6. Click OK until you close the windows
Please consider donating any amount to our cause by clicking the donate link on the right. Thanks.
Hi there,
I was wondering if you figured out the icon thing? I’m having the same problem.
I’m having the same problem with the icons, as first person.
Any help would be appreciated.
Thanks
I tried this a few days ago and it didnt work, but just tonight I gogole’ed it and hey it worked by – right clicking ‘MY COMPUTER’ > advance > Settings > Drop Sadows …works
I recentlty removed a spyware infection from my computer. Up until now i couldn’t change my desktop background. Now i have deleted the appropriate registry as recommended, but the icons on the desktop still have a black background (same color as when i had the spyware). I have been unable to make them transparent again. Does anyone now the registry that needs to be added/deleted to resolve this problem??????
Thank you so much for the info about restoring the background on the windows desktop!!! The info was very clear and efficient my pc works perfectly now thanks to you!!!
you saved my pc’s life since I was about to throw it against the wall!!!
ive bin living with this problem now for a good few months after my computer suddenly decided it didnt want a background anymore :/ and i decided id google for a solution and im telling you i could jump for the moon right now 🙂 thank you sooo much!
Thank you so much for this excellent and non-scary advice!
i saw a pic on a side so i like it and i right click on it and i said set as my desktop but now as much as i try to change that picture i can’t change it plez help me.
Tried 5 different ways to correct this…thanks so much, yours was the best and only one that worked.
thank you thank you thanks : )
I had no idea how to fix it…thanks so much for your help!!!!
simle and straight forward solution . thanx
I had this proble for all of 5 minutes before i found this real fix and not a fix for active desktop……you are a life saver!!!!!!!
Thank you very much for the one solution that actually works and is simple, much appreciated !!
I know it sounds corney but when you can’t do a simply thing like change the picture on your background you feel as if your computer is a waste. You solved my problem, THANK YOU!!!
It took me away from my beloved wallpapers.
I have tried every thing I could think of to get my desktop wallpaper to work. It has been over a year since I have been able to do any thing with it. I should have just looked it up sooner. Thanks again.
SUPEEEEEEEEEEEEEEEEEER
I never did something with my actual computer system like professionals do, but somehow this was easy enough though. Thank you, i can have my screen back again!
You’re wonderful. After fighting with and FINALLY removing Pest Trap, I still had this problem. Your solution was brilliant and worked perfectly. Kudos!
THIS WORKED…I CAN’T BELIEVE IT, I HAD THAT CRAP BLUE BACKGROUND FOR TOO LONG!!! I REALLY APPRECIATE IT!
Wow thanks i had this problem for months now its fixed but i still dont have transparent icons and tried the above ideas any more would be appreciated,
this didint work out for me……….
im using windows vista………
rick plzzzzzz help me out i feel like destroying my laptop……………
As mentioned in the article, if it doesn’t work, you may need to reformat and reinstall everything because the infection might be too much. You could try using the ComboFix tool I have linked in another article. (search my site for combofix). Good luck.
Hi i have the same problem of not being able to change my wallpaper from solid colours since a malware infection. Im on Vista, did anyone manage to find a solution to the problem on this operating system, cheers guys
Try downloading and running the Combofix utility from my right hand column under the Security section.
sir. i have used combofix but it did not solve my problem.. by the way this is my log result…
ComboFix 13-09-10.03 – user 09/11/2013 15:06:18.1.2 – x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.351 [GMT -7:00]
Running from: c:\users\user\Downloads\Programs\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DefaultTab
c:\program files\DefaultTab\DefaultTab.crx
c:\program files\DefaultTab\DefaultTabSearch.exe
c:\program files\DefaultTab\uid
c:\program files\Delta\delta\1.8.22.0\bh\delta.dll
c:\program files\Delta\delta\1.8.22.0\deltaApp.dll
c:\program files\Delta\delta\1.8.22.0\deltaEng.dll
c:\program files\Delta\delta\1.8.22.0\deltasrv.exe
c:\program files\Delta\delta\1.8.22.0\deltaTlbr.dll
c:\program files\Delta\delta\1.8.24.6\bh\delta.dll
c:\program files\Delta\delta\1.8.24.6\deltaApp.dll
c:\program files\Delta\delta\1.8.24.6\deltaEng.dll
c:\program files\Delta\delta\1.8.24.6\deltasrv.exe
c:\program files\Delta\delta\1.8.24.6\deltaTlbr.dll
c:\programdata\DSearchLink
c:\programdata\DSearchLink\DSearchLink.exe
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\user\AppData\Local\ws_updater.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\user\AppData\Roaming\kpcgrhynko..vbs
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Legacy_NPF
——-\Legacy_RKHIT
——-\Service_DefaultTabSearch
——-\Service_NPF
——-\Service_RkHit
——-\Service_DefaultTabUpdate
——-\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-08-11 to 2013-09-11 )))))))))))))))))))))))))))))))
.
.
2013-09-11 20:19 . 2013-09-11 20:20 ——– d—–w- c:\users\user\AppData\Local\ElevatedDiagnostics
2013-09-11 19:19 . 2013-09-11 19:19 ——– d—–w- c:\users\user\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-09-10 23:15 . 2013-09-10 23:15 ——– d—–w- c:\users\user\AppData\Local\FilesFrog Update Checker
2013-09-10 22:23 . 2013-09-11 22:25 ——– d—–w- c:\users\user\AppData\Local\GC
2013-09-10 22:03 . 2013-09-10 22:05 ——– d—–w- c:\program files\Common Files\Little Registry Cleaner
2013-09-10 22:00 . 2013-09-10 22:01 ——– d—–w- c:\program files\Little Registry Cleaner
2013-09-10 21:59 . 2013-09-10 21:59 ——– d—–w- c:\users\user\AppData\Local\avgchrome
2013-09-10 21:45 . 2013-09-10 21:45 ——– d—–w- c:\programdata\Babylon
2013-09-10 21:45 . 2013-09-10 21:46 ——– d—–w- c:\users\user\AppData\Roaming\GoforFiles
2013-09-10 21:24 . 2013-09-10 21:24 ——– d—–w- c:\users\user\AppData\Roaming\SmartPCTools
2013-09-10 19:08 . 2013-09-10 19:08 ——– d—–w- c:\users\user\AppData\Roaming\DriverCure
2013-09-10 19:08 . 2013-09-10 19:08 ——– d—–w- c:\users\user\AppData\Roaming\SpeedyPC Software
2013-09-10 19:04 . 2013-09-10 19:55 ——– d—–w- c:\programdata\SpeedyPC Software
2013-09-10 18:08 . 2013-09-10 22:02 ——– d—–w- c:\programdata\SecTaskMan
2013-09-07 07:35 . 2013-09-07 07:35 ——– d—–w- c:\program files\iPumper
2013-09-07 07:35 . 2013-09-07 07:35 ——– d—–w- c:\users\user\AppData\Local\Conduit
2013-09-07 07:30 . 2013-09-07 07:30 ——– d—–w- c:\users\user\AppData\Local\CRE
2013-09-07 07:30 . 2013-09-07 07:36 ——– d—–w- c:\program files\Conduit
2013-09-07 07:25 . 2013-09-11 19:30 ——– d—–w- c:\users\user\AppData\Roaming\iPumper
2013-09-06 20:59 . 2013-08-18 06:16 167773 –sha-w- c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs
2013-09-06 10:10 . 2013-09-06 10:11 ——– d—–w- c:\programdata\Freemake
2013-09-06 10:10 . 2013-08-26 11:22 8013376 —-a-w- c:\program files\Internet Explorer\Microsoft.mshtml.dll
2013-08-29 07:53 . 2013-08-29 07:53 ——– d—–w- c:\users\user\AppData\Local\DTClient
2013-08-29 07:52 . 2013-08-29 07:52 24704 —-a-w- c:\windows\system32\drivers\dtscsibus.sys
2013-08-29 07:49 . 2013-08-29 07:49 ——– d—–w- c:\users\user\AppData\Roaming\DAEMON Tools Ult
2013-08-29 07:49 . 2013-08-29 07:49 ——– d—–w- c:\programdata\DAEMON Tools Ult
2013-08-27 20:51 . 2013-08-27 20:51 ——– d—–w- c:\programdata\Microsoft Visual Studio
2013-08-27 07:03 . 2013-08-27 07:03 78848 —-a-w- c:\windows\KMSEmulator.exe
2013-08-23 21:46 . 2013-08-23 21:46 ——– d—–w- C:\KSafeRecycle
2013-08-21 05:03 . 2013-08-21 05:03 ——– d—–w- c:\programdata\YTD Video Downloader
2013-08-20 21:44 . 2011-07-20 22:13 35328 —-a-w- c:\windows\system32\drivers\RimSerial.sys
2013-08-20 21:42 . 2013-08-20 21:42 ——– d—–w- c:\program files\Common Files\Research In Motion
2013-08-20 20:01 . 2013-08-20 20:01 ——– d—–w- c:\users\user\AppData\Roaming\PandoraRecovery
2013-08-20 20:01 . 2013-08-31 05:25 ——– d—–w- c:\program files\Pandora Recovery
2013-08-20 19:33 . 2013-09-11 22:20 ——– d—–w- c:\users\user\AppData\Roaming\DefaultTab
2013-08-20 19:32 . 2013-08-22 08:22 ——– d—–w- c:\program files\MyPC Backup
2013-08-20 16:37 . 2013-08-21 05:05 ——– d—–w- c:\programdata\NCH Software
2013-08-20 16:37 . 2013-08-20 16:38 ——– d—–w- c:\program files\NCH Software
2013-08-20 16:37 . 2013-08-21 05:05 ——– d—–w- c:\users\user\AppData\Roaming\NCH Software
2013-08-20 16:34 . 2013-08-20 16:35 ——– d—–w- c:\users\user\NCH Switch Sound File Converter Plus v4.35 LAXiTY
2013-08-20 04:56 . 2013-08-20 04:56 ——– d—–w- c:\programdata\IDM
2013-08-20 01:21 . 2013-08-20 01:21 ——– d—–w- c:\programdata\KSafe
2013-08-20 01:21 . 2013-08-29 07:45 ——– d—–w- c:\programdata\DAEMON Tools Pro
2013-08-17 02:11 . 2013-08-17 02:11 ——– d—–w- c:\users\user\AppData\Roaming\dvdcss
2013-08-16 08:27 . 2013-09-11 03:22 ——– d—–r- C:\MSOCache
2013-08-16 07:58 . 2013-08-16 08:02 ——– d—–w- C:\ScrubTmp
2013-08-16 07:52 . 2013-08-16 07:52 ——– d—–w- c:\program files\Microsoft Works
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-10 09:35 . 2013-07-02 21:10 692616 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-10 09:35 . 2013-07-02 21:10 71048 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-22 23:16 . 2013-07-04 07:41 2008960 —-a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-07-05 10:10 . 2013-07-05 10:10 86528 —-a-w- c:\windows\system32\iesysprep.dll
2013-07-05 10:10 . 2013-07-05 10:10 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-05 10:10 . 2013-07-05 10:10 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-05 10:10 . 2013-07-05 10:10 48640 —-a-w- c:\windows\system32\mshtmler.dll
2013-07-05 10:10 . 2013-07-05 10:10 161792 —-a-w- c:\windows\system32\msls31.dll
2013-07-05 10:10 . 2013-07-05 10:10 1129472 —-a-w- c:\windows\system32\wininet.dll
2013-07-05 10:10 . 2013-07-05 10:10 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
2013-07-05 10:10 . 2013-07-05 10:10 74752 —-a-w- c:\windows\system32\iesetup.dll
2013-07-05 10:10 . 2013-07-05 10:10 63488 —-a-w- c:\windows\system32\tdc.ocx
2013-07-05 10:10 . 2013-07-05 10:10 420864 —-a-w- c:\windows\system32\vbscript.dll
2013-07-05 10:10 . 2013-07-05 10:10 367104 —-a-w- c:\windows\system32\html.iec
2013-07-05 10:10 . 2013-07-05 10:10 23552 —-a-w- c:\windows\system32\licmgr10.dll
2013-07-05 10:10 . 2013-07-05 10:10 152064 —-a-w- c:\windows\system32\wextract.exe
2013-07-05 10:10 . 2013-07-05 10:10 150528 —-a-w- c:\windows\system32\iexpress.exe
2013-07-05 10:10 . 2013-07-05 10:10 1427968 —-a-w- c:\windows\system32\inetcpl.cpl
2013-07-05 10:10 . 2013-07-05 10:10 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2013-07-05 10:10 . 2013-07-05 10:10 35840 —-a-w- c:\windows\system32\imgutil.dll
2013-07-05 10:10 . 2013-07-05 10:10 1800704 —-a-w- c:\windows\system32\jscript9.dll
2013-07-05 10:10 . 2013-07-05 10:10 142848 —-a-w- c:\windows\system32\ieUnatt.exe
2013-07-05 10:10 . 2013-07-05 10:10 11776 —-a-w- c:\windows\system32\mshta.exe
2013-07-05 10:10 . 2013-07-05 10:10 101888 —-a-w- c:\windows\system32\admparse.dll
2013-07-05 10:08 . 2013-07-05 10:08 442880 —-a-w- c:\windows\system32\XpsPrint.dll
2013-07-05 10:08 . 2013-07-05 10:08 3181568 —-a-w- c:\windows\system32\mf.dll
2013-07-05 10:08 . 2013-07-05 10:08 283648 —-a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-05 10:08 . 2013-07-05 10:08 1619456 —-a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-05 10:08 . 2013-07-05 10:08 1495040 —-a-w- c:\windows\system32\ExplorerFrame.dll
2013-07-05 10:08 . 2013-07-05 10:08 135168 —-a-w- c:\windows\system32\XpsRasterService.dll
2013-07-05 10:08 . 2013-07-05 10:08 196608 —-a-w- c:\windows\system32\mfreadwrite.dll
2013-07-04 06:14 . 2013-07-04 06:14 242240 —-a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-04 03:48 . 2013-07-04 03:49 85248 —-a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-07-04 03:48 . 2013-07-04 03:49 72576 —-a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-07-04 03:48 . 2013-07-04 03:49 51456 —-a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-07-04 03:48 . 2013-07-04 03:49 26496 —-a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-07-04 03:48 . 2013-07-04 03:49 168960 —-a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-07-04 03:48 . 2013-07-04 03:49 1112288 —-a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-07-04 03:48 . 2013-07-04 03:49 1112288 —-a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-07-04 03:48 . 2013-07-04 03:49 860928 —-a-w- c:\windows\system32\drivers\mod7700.sys
2013-07-04 03:48 . 2013-07-04 03:49 27136 —-a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-07-04 03:48 . 2013-07-04 03:49 208896 —-a-w- c:\windows\system32\drivers\ewusbnet.sys
2013-07-04 03:48 . 2013-07-04 03:49 11136 —-a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-07-04 03:48 . 2013-07-04 03:49 106880 —-a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-07-04 03:48 . 2013-07-04 03:48 102784 —-a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-06-27 09:57 . 2013-07-19 12:06 104928 —-a-w- c:\windows\system32\drivers\idmwfp.sys
2013-06-17 09:10 . 2013-07-05 07:44 7068072 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B4024AF-2F4D-44C3-868E-5110BB83DCBE}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{9a757e3e-b120-4cce-adb0-781b2a8eac03}”= “c:\program files\iPumper\prxtbiPum.dll” [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{9a757e3e-b120-4cce-adb0-781b2a8eac03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9a757e3e-b120-4cce-adb0-781b2a8eac03}]
2013-07-17 08:53 226592 —-a-w- c:\program files\iPumper\prxtbiPum.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-25 18:47 297808 —-a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{9a757e3e-b120-4cce-adb0-781b2a8eac03}”= “c:\program files\iPumper\prxtbiPum.dll” [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{9a757e3e-b120-4cce-adb0-781b2a8eac03}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@=”{CDC95B92-E27C-4745-A8C5-64A52A78855D}”
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 —-a-w- d:\program files\IDM\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools Pro Agent”=”c:\program files\DAEMON Tools Pro\DTAgent.exe” [2012-04-26 3111744]
“DAEMON Tools Ultra Agent”=”d:\program files\DAEMON Tools Ultra\DTAgent.exe” [2013-06-25 3128352]
“kpcgrhynko”=”wscript.exe” [2009-07-14 141824]
“ConduitFloatingPlugin_bhnddlaigdpagceekbpkajlgbnjbabig”=”c:\program files\Conduit\CT3282330\plugins\TBVerifier.dll” [1617-11-28 287008]
“IDMan”=”d:\program files\IDM\Internet Download Manager\IDMan.exe” [2013-08-20 3612240]
“SDP”=”c:\users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe” [2013-01-31 201808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“KSafeTray”=”c:\program files\Kingsoft\PCDoctor\KSafeTray.exe” [2012-04-11 742816]
“AdobeAAMUpdater-1.0″=”c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe” [2012-04-04 446392]
“SwitchBoard”=”c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe” [2010-02-19 517096]
“AdobeCS6ServiceManager”=”c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” [2012-03-09 1073312]
“BCSSync”=”c:\program files\Microsoft Office\Office14\BCSSync.exe” [2010-01-22 91520]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
kpcgrhynko..vbs [2013-8-17 167773]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
R3 Disc Soft Bus Service;Disc Soft Bus Service;d:\program files\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-06-25 632352]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-07-04 102784]
R3 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\Globe Tattoo Broadband\UpdateDog\ouc.exe [2013-07-04 218624]
R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 218136]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-26 94208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-07-05 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-07-04 242240]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-02-12 36040]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 104928]
S2 KSafeSvc;KSafe service;c:\program files\Kingsoft\PCDoctor\KSafeSvc.exe [2012-04-10 290720]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-07-10 1106968]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys [2013-08-29 24704]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2013-07-04 208896]
S3 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-08-26 101888]
S3 FreemakeVideoCapture;FreemakeVideoCapture;d:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-08-26 9216]
S3 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2013-02-13 389928]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-07-04 72576]
S3 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
S3 MySQLserver;MySQLserver;d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt –defaults-file=d:\program files\MySQL\MySQL Server 5.0\my.ini MySQLserver [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\Movdap\WBDesktop.Updater.exe [2013-08-12 51992]
.
.
— Other Services/Drivers In Memory —
.
*NewlyCreated* – WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 07:50 1177552 —-a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the ‘Scheduled Tasks’ folder
.
2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
– c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-02 09:35]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
– c:\program files\Google\Update\GoogleUpdate.exe [2013-07-11 08:41]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
– c:\program files\Google\Update\GoogleUpdate.exe [2013-07-11 08:41]
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=1C9800FF3262600A&affID=119293&tsp=5001
IE: Download all links with IDM – d:\program files\IDM\Internet Download Manager\IEGetAll.htm
IE: Download with IDM – d:\program files\IDM\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel – c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote – c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{0B1D2A05-C6C8-46D6-9E27-C6CFE79AE904}: NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{48F1DA2C-8FC1-4ADB-A661-8E16E158ED02}: NameServer = 202.126.40.5 10.198.220.124
TCP: Interfaces\{778F4D14-D28B-4875-82BA-AEEC2D03B2CE}: NameServer = 202.126.40.5 10.198.220.124
TCP: Interfaces\{F753B9E4-C888-4C73-A8DB-3D704A4A83BD}: NameServer = 202.126.40.5 10.198.220.124
.
– – – – ORPHANS REMOVED – – – –
.
HKCU-Run-AdobeBridge – (no file)
AddRemove-DefaultTab – c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-Globe Broadband – c:\program files\Globe Broadband\uninst.exe
AddRemove-MySQL-to-MSSQL Demo_is1 – d:\demos\unins000.exe
AddRemove-uTorrent – d:\program filesu\torrent\uTorrent.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
“ImagePath”=”\”c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\” –defaults-file=\”c:\program files\MySQL\MySQL Server 5.0\my.ini\” MySQL”
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQLserver]
“ImagePath”=”\”d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\” –defaults-file=\”d:\program files\MySQL\MySQL Server 5.0\my.ini\” MySQLserver”
.
——————— LOCKED REGISTRY KEYS ———————
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Other Running Processes ————————
.
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\users\user\AppData\Local\GC\Runner.exe
c:\programdata\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\UI0Detect.exe
d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\programdata\Globe Tattoo Broadband\OnlineUpdate\LiveUpd.exe
.
**************************************************************************
.
Completion time: 2013-09-11 15:31:49 – machine was rebooted
ComboFix-quarantined-files.txt 2013-09-11 22:31
.
Pre-Run: 11,921,018,880 bytes free
Post-Run: 11,830,673,408 bytes free
.
– – End Of File – – 247DF3FB4F97A25766140D645FC95A5D
A36C5E4F47E84449FF07ED3517B43A31
—————————————
please help me fix my problem.. i really have to fix my pc. thank you sir..
sir please help me. i have used combofix but it did not solve my problem. please….
please.. somebody help me..
This site does not provide this type of help, sorry. Try the http://www.bleepingcomputer.com forums. They are great and are specifically for working with this type of problem. Good luck.
i am trying to fix my laptop. it is doing the same thing exactly and i just got it today. I am at the step:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
but once i get to policies i have no system option or any option for that matter. Any help?
i had the same problem but a friend recommended me a tool to change the wallpaper ’cause is much easier.. Bionix (bionixwallpaper.com) works on Windows XP, Vista, Win 7 and even on Win 8. and i’m not having problems anymore with the wallpaper changer from Windows
Comments are closed.