Can't change desktop wallpaper after malware removal

Welcome to Major Geeks!

Your logs are clean, but I do question what one file is. Can you get Properties/Version info on the below file so we know who owns it:

Code:

"C:\Windows\System32\"
loginocx.dll  Mar 31 2008       38670  "loginocx.dll"

You get Properties infor by right clicking on the file from Windows Explorer and then select the Version tab (if there is one) and then work your way thru the Item names.



You can try the below for your Desktop issue.


Fixing Locked Desktop

• Right click on your Desktop and select Properties.
• Then click the Desktop tab
• then click the Customize Desktop button.
• Now in the next window that comes up click the Web tab.
  • Make sure at the bottom that Lock desktop items is unchecked.
• Then in the Web pages: box delete all items but My Current Home Page and make sure it is unchecked too.
• Then click OK.
• Click Apply. And click OK.

 

Okay but why do you require a program like this. Most programs like this are typically detected by scanners as possibly unwanted software. You don't need to remove it if you are the one who installed, but you need be aware that it may be detected and that some tools may even try to automatically remove it.

Sorry about that! Yes I forgot you are running Vista and that those selections do not appear. You will need to post this in the Software Forum where more people familiar with Vista may have ideas. It could be a registry setting. Possibly something related to a system policy setting. I did see some in your logs that do not look to be standard but that does not mean they are bad. Our scans do not look at all registry keys and many keys are valid keys anyway even though the end user may not have changed them. Did you create the below policies?

 

What are you trying to attach?

 

Oh yeah!

Okay let's remove them since they are not normal defaults as far as I know. We could always put them back if required.

Actually based on typical defaults I see in Vista, you have all the others that are normally in this registry key. They only value that is currently not set to default is the below for UAC which we had you change while doing the READ & RUN ME.

"EnableLUA"=dword:00000000

This setting is normally dword:00000001 and we will change it back in my final instructions.

Let's remove those other policies.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now if you received a success message, do the below.

First Reboot your PC.

Now after reboot run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below log

• C:\MGlogs.zip

Did doing the above cause any noticeable changes.

 

Yes the REGEDIT4 is part of the patch.

Your PC lost the Windows File Association for .REG files. Let's fix it.

Now Copy the bold text below to notepad. Save it as RegFix.reg to your desktop. Be sure the "Save as" type is set to "all files". Then Click Start, Run, and enter regedit and click OK. This will open the Registry Editor.

In the Registry Editor click File and Import. Navigate to the RegFix.reg patch you saved on your Desktop and double click on it. Click OK at the prompt to add to the registry. Do you get a success message for this?

Then retry the fixME.reg patch and continue on with the rest of the instructions.

 

Okay those entries were successfully removed. Any change to your problem? I don't expect these to be related, but it would be good if fixing them fix your problem.

 

Okay then as I suggested in message # 5, it would be best to post this particular problem in the Software Forum where you can get help from more people using Vista. Some one there may be familiar with this issue.


Since your problems do not appear to be due to any remaining malware, it is time to do our final steps:

1. Uninstall SUPERAntispyware
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
3. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
8. If you are running Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome. Surf safely.