|
|||||||
| Notices |
 |
|
|
LinkBack (44) | Thread Tools | Display Modes |
May 24, 2005, 06:09 PM
|
 #1 (permalink)
|
|
DriverHeaven Junior Member
Join Date: Mar 2003
Location: Mass
Posts: 22
 |
I cannot change desktop background
Recently my laptop became infected with Aurora / Nail.exe. During this infection it would download and install a wide variety of adware/spyware and various dialers and apps. Also during infection my background changed to a red box in the center stating that Windows had dedected spyware and I should clean my pc. I'm not sure exactly what it said, but i was something like that. I finally got rid of the infection using Kaspersky personal AV Demo. I have since run Adaware, Spybot S&D and Microsoft anti spyware to clean up any remains. Also I ran CleanUP!
Problem is, now I cannot change my background. It is stuck solid blue, no red box. When I try to change it through display properties>desktop the buttons are all grayed out. If I select an image on line and set as background it still does nothing. Now when I first log in, before the the icons appear I can see my background. As soon as the icons appear my background changes to blue. I have tried searching various forums but have not found any tips that help. Can anyone help me get my backgrounds back? Also, now when windows first loads, after logging in I get a message... svhost file is not found. I dont know if that is related to my background problem. Compaq Presario 700 (900 MHZ AMD, 256 MB RAM) WinXP Home SP2 I am current with all updates.
__________________
XP3000+ Soyo Kt400 Dragon Ultra Black 2 x 80gig maxtor RAID 0 1gig Corsair ddr333 2-2-2-6-1t BFG 6800 Ultra OC 19in Sony trinitron A440 |
|
|
|
May 25, 2005, 01:43 AM
|
#2 (permalink) |
|
Member
Join Date: Mar 2003
Posts: 5,916
|
 a few questions first... you said "the buttons are all grayed out", now, in this pic what button that grayed out? does the Browse.. is also grayed out? if not, then try to use it to browse for a new B/G image, and then use Save As under the Themes tab to create/save a new xxxx.theme file and see. also, click on the tab "Themes"... what is the name of theme that you are now using? now, if the Theme name is for example "Luna", search your local drives for a file called "Luna.theme", normally, this file will be in :\WINDOWS\Resources\... or :\WINDOWS\Resources\Themes or in your Documents folder if you used Save As to save the theme file and have not moved it to any where yet. once you find the Luna.theme file open it with your text editor and copy the contain info of the file and post here. later. also, open up Registry Editor and go to these two following registry keys... "HKLM\SOFTWARE\M icrosoft\Windows\CurrentVersion\policies\ActiveDes ktop" and "HKCU\Software\Mi crosoft\Windows\CurrentVersion \Policies\ActiveDesktop" and see if the registry value name "NoChangingWallpaper" is there. if so, make sure that the dword value is set to 0 (zero). or, backup and delete this registry value from your registry and reboot your PC. some viruses may create this registry value or change the value data to 1.
__________________
E8400 @ 610 FSB Q9300 @ 500 FSB 4x1GB DDR2-1333 (PC2-10666) ------------------------------------------------- Don't worry overly much about whether a specific KB article exists for your version of Windows. Standard practice is to grab whatever's available and apply the principles. (I grabbed from the web. Written by someone, somewhere on the web) Last edited by Ctrl-Alt-Del; May 25, 2005 at 11:22 AM. |
|
|
|
|
May 26, 2005, 08:31 PM
|
#3 (permalink) |
|
DriverHeaven Junior Member
Join Date: Mar 2003
Location: Mass
Posts: 22
|
 That is my display properties, I cannot even scroll the backgrounds. I can change the color but it will not stick. as far themes go, I cannot change it from "modified theme". It does not list Luna. But I found Luna in C:Windows>Resources>Themes Below is Luna opened with notepad ; Copyright © Microsoft Corp. 1995-2001 [Theme] DisplayName=@themeui.dll,-2017 ; My Computer [CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon] DefaultValue=%WinDir%explorer.exe,0 ; My Documents [CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\DefaultIcon] DefaultValue=%WinDir%SYSTEM32\mydocs.dll,0 ; My Network Places [CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\DefaultIcon] DefaultValue=%WinDir%SYSTEM32\shell32.dll,17 ; Recycle Bin [CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon] full=%WinDir%SYSTEM32\shell32.dll,32 empty=%WinDir%SYSTEM32\shell32.dll,31 [Control Panel\Cursors] Arrow= Help= AppStarting= Wait= NWPen= No= SizeNS= SizeWE= Crosshair= IBeam= SizeNWSE= SizeNESW= SizeAll= UpArrow= DefaultValue=Windows default DefaultValue.MUI=@themeui.dll,-2043 [Control Panel\Desktop] Wallpaper=%WinDir%web\wallpaper\Bliss.bmp Wallpaper.MUI=@themeui.dll,-2036 TileWallpaper=0 WallpaperStyle=2 Pattern= ScreenSaveActive=1 Only the HKLM key has "nochangingwallpaper" Dword = 0 HKLM\SOFTWARE\M icrosoft\Windows\CurrentVersion\policies\ActiveDes ktop" and "HKCU\Software\Mi crosoft\Windows\CurrentVersion \Policies\ActiveDesktop" If you need any more info from me just ask.
__________________
XP3000+ Soyo Kt400 Dragon Ultra Black 2 x 80gig maxtor RAID 0 1gig Corsair ddr333 2-2-2-6-1t BFG 6800 Ultra OC 19in Sony trinitron A440 |
|
|
|
|
May 26, 2005, 08:45 PM
|
#4 (permalink) |
|
DriverHeaven Junior Member
Join Date: Mar 2003
Location: Mass
Posts: 22
|
 Also, I get this everytime I log on to windows. It appears right before my icons load. Any idea what that is from, or if it is my problem? Thanks.
__________________
XP3000+ Soyo Kt400 Dragon Ultra Black 2 x 80gig maxtor RAID 0 1gig Corsair ddr333 2-2-2-6-1t BFG 6800 Ultra OC 19in Sony trinitron A440 |
|
|
|
|
May 26, 2005, 11:34 PM
|
#6 (permalink) | |
|
Member
Join Date: Mar 2003
Posts: 5,916
|
Quote:
your virus or spyware scanner may not properly remove it... Johnny C., to stop the "Could not load or run..." dialog from popping up at everytime you start Windows you need to remove the regisrtry value "svhost.exe" from your Run registry keys... to do this open your Registry Editor and go to these below registry keys... HKCU\Software\Microsoft\Windows\CurrentVersion\Run (and RunOnce if present) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (and RunOnce if present) look in the right pane for value name svhost.exe or for value data "X:\WINDOWS\system32\Svhost.exe" and delete this value form your registry. and then, search your local drive for a file named "svhost.exe" (not svchost.exe) and remove it and reboot the PC. as for the problem about the wallpaper... i'm sure that this can also be fixed, it's just take time since there are/can be many registries associated with the problem... and i need to look at your registry for more info before i can give you the right solution, but i can't, you cannot sent it to me because it'll be a big file and i will not be able to recieve it since, i'm on a very slow net connection. i'll get on one of a newsgroups and PM you some links in a few mins. in the mean time, i like to see the contain info of the xxxx.theme file that you're using now (not the Luna ones), and i like you to D/L this .reg file --- http://www.kellys-korner-xp.com/regs...aperenable.reg once you have the file import/merge it into your registry and reboot the PC and see if this helps, if it does not then pls wait for my PM.
__________________
E8400 @ 610 FSB Q9300 @ 500 FSB 4x1GB DDR2-1333 (PC2-10666) ------------------------------------------------- Don't worry overly much about whether a specific KB article exists for your version of Windows. Standard practice is to grab whatever's available and apply the principles. (I grabbed from the web. Written by someone, somewhere on the web) |
|
|
|
|
|
May 27, 2005, 12:02 AM
|
#7 (permalink) |
|
Member
Join Date: Mar 2003
Posts: 5,916
|
my surprise. there are a lot of cases that people will not be able to change their wallpaper or desktop background after some viruses or virus-like attacked.
anyway, i just posted some links on your private message, read them and check them out. one of those fixing registry is the solution for your case. and please, feel free to post any question you may have in this thread. after read a few of cases and if i understand correctly this is a small registry problem, some small and not so important parts of your registry are missing, or, some value that exists in your registry are not supposed to be there. this causes the problem that you've already found in/about the desktop background only. this's unlike some other registry problems, sometimes just a small or one missing registry key can do a lot of damages to Windows. but anyway, do a complete virus/trojan/spyware scan again. as i said, check the links that i give you for a solution first. you could think about repair Windows install later. and if you want to do a repair install i'd suggest you to backup your files and go for a re-format and a clean Windows install instend. i hope it won't come to this. 
__________________
E8400 @ 610 FSB Q9300 @ 500 FSB 4x1GB DDR2-1333 (PC2-10666) ------------------------------------------------- Don't worry overly much about whether a specific KB article exists for your version of Windows. Standard practice is to grab whatever's available and apply the principles. (I grabbed from the web. Written by someone, somewhere on the web) Last edited by Ctrl-Alt-Del; May 27, 2005 at 12:55 AM. |
|
|
|
|
May 29, 2005, 07:48 AM
|
#8 (permalink) |
|
DriverHeaven Junior Member
Join Date: Mar 2003
Location: Mass
Posts: 22
|
OK I tried the reg entry from Kelly's and that did not help.
Here is the theme that I am using. I cannot change away from this theme either. I tried to browse to luna and activate, but it reverts back to "modified theme", which looks the same as windows classic. ; Copyright © Microsoft Corp. 1995-2001 [Theme] ; My Computer [CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon] DefaultValue=C:\WINDOWS\Explorer.exe,0 ; My Documents [CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\DefaultIcon] DefaultValue=C:\WINDOWS\SYSTEM32\mydocs.dll,0 ; My Network Places [CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\DefaultIcon] DefaultValue=C:\WINDOWS\system32\SHELL32.dll,17 ; Recycle Bin [CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon] full=C:\WINDOWS\System32\shell32.dll,32 empty=C:\WINDOWS\System32\shell32.dll,31 [Control Panel\Colors] ActiveTitle=128 0 0 Background=0 0 0 Hilight=128 0 0 HilightText=255 255 255 TitleText=255 255 255 Window=255 255 255 WindowText=0 0 0 Scrollbar=192 192 192 InactiveTitle=128 128 128 Menu=192 192 192 WindowFrame=0 0 0 MenuText=0 0 0 ActiveBorder=192 192 192 InactiveBorder=192 192 192 AppWorkspace=255 255 255 ButtonFace=192 192 192 ButtonShadow=128 128 128 GrayText=128 128 128 ButtonText=0 0 0 InactiveTitleText=192 192 192 ButtonHilight=255 255 255 ButtonDkShadow=0 0 0 ButtonLight=192 192 192 InfoText=0 0 128 InfoWindow=255 255 255 GradientActiveTitle=0 16 168 GradientInactiveTitle=186 190 201 ButtonAlternateFace=192 192 192 HotTrackingColor=128 0 0 MenuHilight=128 0 0 MenuBar=192 192 192 [Control Panel\Cursors] Arrow= Help= AppStarting= Wait= NWPen= No= SizeNS= SizeWE= Crosshair= IBeam= SizeNWSE= SizeNESW= SizeAll= UpArrow= DefaultValue=Windows default Link= [Control Panel\Desktop] Wallpaper=C:\WINDOWS\desktop.html TileWallpaper=0 WallpaperStyle=0 Pattern= ScreenSaveActive=0 [Control Panel\Desktop\WindowMetrics] [Metrics] IconMetrics=76 0 0 0 75 0 0 0 75 0 0 0 1 0 0 0 245 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 77 105 99 114 111 115 111 102 116 32 83 97 110 115 32 83 101 114 105 102 0 0 0 0 0 0 0 0 0 0 0 0 NonclientMetrics=84 1 0 0 1 0 0 0 13 0 0 0 13 0 0 0 19 0 0 0 19 0 0 0 241 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 188 2 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 17 0 0 0 243 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 188 2 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 18 0 0 0 18 0 0 0 243 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 243 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 243 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 [boot] SCRNSAVE.EXE=%WinDir%system32\logon.scr [MasterThemeSelector] MTSM=DABJDKT ThemeColorBPP=4 [AppEvents\Schemes\Apps\.Default\.Default\.Current] DefaultValue=%WinDir%media\Windows XP Ding.wav [AppEvents\Schemes\Apps\.Default\AppGPFault\.Curren t] DefaultValue= [AppEvents\Schemes\Apps\.Default\Close\.Current] DefaultValue= [AppEvents\Schemes\Apps\.Default\DeviceConnect\.Cur rent] DefaultValue=%WinDir%media\Windows XP Hardware Insert.wav [AppEvents\Schemes\Apps\.Default\DeviceDisconnect\. Current] DefaultValue=%WinDir%media\Windows XP Hardware Remove.wav [AppEvents\Schemes\Apps\.Default\DeviceFail\.Curren t] DefaultValue=%WinDir%media\Windows XP Hardware Fail.wav [AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.C urrent] DefaultValue=%WinDir%media\Windows XP Battery Low.wav [AppEvents\Schemes\Apps\.Default\MailBeep\.Current] DefaultValue=%WinDir%media\Windows XP Notify.wav [AppEvents\Schemes\Apps\.Default\Maximize\.Current] DefaultValue= [AppEvents\Schemes\Apps\.Default\MenuCommand\.Curre nt] DefaultValue= [AppEvents\Schemes\Apps\.Default\MenuPopup\.Current] DefaultValue= [AppEvents\Schemes\Apps\.Default\Minimize\.Current] DefaultValue= [AppEvents\Schemes\Apps\.Default\Open\.Current] DefaultValue= [AppEvents\Schemes\Apps\.Default\PrintComplete\.Cur rent] DefaultValue= [AppEvents\Schemes\Apps\.Default\RestoreDown\.Curre nt] DefaultValue= [AppEvents\Schemes\Apps\.Default\RestoreUp\.Current] DefaultValue= [AppEvents\Schemes\Apps\.Default\RingIn\.Current] DefaultValue= [AppEvents\Schemes\Apps\.Default\Ringout\.Current] DefaultValue= [AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Cu rrent] DefaultValue=%WinDir%media\Windows XP Error.wav [AppEvents\Schemes\Apps\.Default\SystemExclamation\ .Current] DefaultValue=%WinDir%media\Windows XP Exclamation.wav [AppEvents\Schemes\Apps\.Default\SystemExit\.Curren t] DefaultValue=%WinDir%media\Windows XP Shutdown.wav [AppEvents\Schemes\Apps\.Default\SystemHand\.Curren t] DefaultValue=%WinDir%media\Windows XP Critical Stop.wav [AppEvents\Schemes\Apps\.Default\SystemNotification \.Current] DefaultValue=%WinDir%media\Windows XP Balloon.wav [AppEvents\Schemes\Apps\.Default\SystemQuestion\.Cu rrent] DefaultValue= [AppEvents\Schemes\Apps\.Default\SystemStart\.Curre nt] DefaultValue=%WinDir%media\Windows XP Startup.wav [AppEvents\Schemes\Apps\.Default\SystemStartMenu\.C urrent] DefaultValue= [AppEvents\Schemes\Apps\.Default\WindowsLogoff\.Cur rent] DefaultValue=%WinDir%media\Windows XP Logoff Sound.wav [AppEvents\Schemes\Apps\.Default\WindowsLogon\.Curr ent] DefaultValue=%WinDir%media\Windows XP Logon Sound.wav [AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.C urrent] DefaultValue=%WinDir%media\Windows XP Recycle.wav [AppEvents\Schemes\Apps\Explorer\Navigating\.Curren t] DefaultValue=%WinDir%media\Windows XP Start.wav ctrl-alt-del, I have started reading through the info from the PM you sent. Much of that I have already tried, and not helped yet. I also did thorough AV and spyware scans again, all clean. I will continue to read through what you sent me. Let me know if you need anything. Thank you.
__________________
XP3000+ Soyo Kt400 Dragon Ultra Black 2 x 80gig maxtor RAID 0 1gig Corsair ddr333 2-2-2-6-1t BFG 6800 Ultra OC 19in Sony trinitron A440 |
|
|
|
|
May 29, 2005, 08:20 AM
|
#9 (permalink) |
|
Member
Join Date: Mar 2003
Posts: 5,916
|
check again that the "Themes" service is set to Automatic or Manual and is Started,
then you should be able to see the theme named "Windows XP" (Luna theme) in themes tab of the Display Properties. No?
__________________
E8400 @ 610 FSB Q9300 @ 500 FSB 4x1GB DDR2-1333 (PC2-10666) ------------------------------------------------- Don't worry overly much about whether a specific KB article exists for your version of Windows. Standard practice is to grab whatever's available and apply the principles. (I grabbed from the web. Written by someone, somewhere on the web) |
|
|
|
|
May 29, 2005, 08:56 AM
|
#10 (permalink) |
|
DriverHeaven Junior Member
Join Date: Mar 2003
Location: Mass
Posts: 22
|
Themes service is set to automatic and running. I can see "Windows XP" theme, but if I select and apply, nothing changes. Still classic.
__________________
XP3000+ Soyo Kt400 Dragon Ultra Black 2 x 80gig maxtor RAID 0 1gig Corsair ddr333 2-2-2-6-1t BFG 6800 Ultra OC 19in Sony trinitron A440 |
|
|
|
|
May 29, 2005, 09:02 AM
|
#11 (permalink) |
|
Member
Join Date: Mar 2003
Posts: 5,916
|
so, at this point there is no other problem with Windows but this desktop B/G problem ?
i'll look around in other newsgroups and let you know when i find anything. ------- Make a registry edit (backup each registry key before deleting each value) Delete the value named "NoChangingWallPaper" from these two registry keys HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop and/or HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop Delete any default wallpaper value set in this key (if it does already exist) HKCU\Software\Policies\Microsoft\Windows\System HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System Delete these two values named "Wallpaper" and "WallpaperStyle" (if it does exist) HKEY_USERS\.DEFAULT\Control Panel\Desktop Modify the value data of the value named "Wallpaper" from whatever value you're now having to "(None)" (if it does exist) i'll continue to add more info when i can find more...
__________________
E8400 @ 610 FSB Q9300 @ 500 FSB 4x1GB DDR2-1333 (PC2-10666) ------------------------------------------------- Don't worry overly much about whether a specific KB article exists for your version of Windows. Standard practice is to grab whatever's available and apply the principles. (I grabbed from the web. Written by someone, somewhere on the web) Last edited by Ctrl-Alt-Del; May 29, 2005 at 11:30 AM. |
|
|
|
|
Jun 2, 2005, 10:56 AM
|
#12 (permalink) | ||
|
Member
Join Date: Mar 2003
Posts: 5,916
|
Quote:
it may not be same virus but check all the keys and values... if they do exists, let me know which ones because some of them will need to be removed (mostly). but some of them will need to be replaced with/using atleast Windows default values. Quote:
__________________
E8400 @ 610 FSB Q9300 @ 500 FSB 4x1GB DDR2-1333 (PC2-10666) ------------------------------------------------- Don't worry overly much about whether a specific KB article exists for your version of Windows. Standard practice is to grab whatever's available and apply the principles. (I grabbed from the web. Written by someone, somewhere on the web) |
||
|
|
|
|
Jun 26, 2005, 02:23 AM
|
#13 (permalink) |
|
DriverHeaven Newbie
Join Date: Jun 2005
Posts: 1
|
Hi I am new to this forum and I believe I found the answer to your question since I had the same problem. A key in your registry is probably pointing to a deleted file refered to as desktop.html
If you go into your regedit and follow this path: HKEY_CURRENT USER/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/POLICIES/SYSTEM In there you may see a key that points to the C:\Windows\Web\desktop.html If you see that key DELETE IT. Your virus software probably found this hijack desktop viruz and deleted the infected file already. This took me 2 days to figure out and it was this forum that helped me figure it out. THANKS and I hope this helps! Last edited by Beg4Mercy; Aug 4, 2005 at 01:40 AM. |
|
|
|
|
Jul 3, 2005, 09:40 AM
|
#14 (permalink) | |
|
DriverHeaven Newbie
Join Date: Jul 2005
Posts: 1
|
Free at last
Excellent this worked I use regcool and search desktop.html and deleted all keys ( after backing up) and presto I'm FREEEEEEEEEEEEEE. Spy sheriff is the culprit for me. That company should be tarred and feathered for that POS hijack!!!!
thanks Beg4!!! Bunk Quote:
|
|
|
|
|
|
Jul 3, 2005, 10:39 AM
|
#15 (permalink) |
|
DriverHeaven Extreme Member
|
Always use spybot, ad-aware and spyware blaster!
But I to be safe format and reinstall becouse after the system is seriouly compramised you will never be able to 100% reverse the damage done. Alot of them adjust security settings replace windows os files etc...
__________________
|
|
|
|
