DesktopHasBeenHijacked!

Hello! I started my computer yesterday and the following message was on my screen:


WARNING!
YOU'RE IN DANGER!



ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.

Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life!


SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!

Removal instructions


I ran Webroot's Spyware scanner and it found an adware called Desktop Hijacker, but seems unable to remove it as the message above remains on the screen even though the spyware is listed as removed. I followed all of the instructions on your page about "Do not post until you have read this: How to: SPyware, Trojan, and Virus Removal" and the spyware still remains. I ran hijack this, but the information displayed was truly amazing, and I am at a loss to account for all of it. I realize that you are probably very busy, but any help you could lend me would be most, most appreciated. I could include the Hijack This log if it would be helpful.

Thank-you in advance for any assistance you could provide,

RP101

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Hello! I have followed all of the steps in "READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal" and run HijackThis 1.99.1. I am attaching the hijack this log file as an attachment as requested. I used the auto-analysis at Help2Go and it indicated that the problem might be at the line

C:\WINDOWS\system32\spoolsv.exe

However, after I check that line and then click "fix checked" if I do another scan the line is still there.

Any help you could provide would be most appreciated.


Sincerely with Thanks,


rp101

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O16 - DPF: {A922D52D-26B1-4672-B0AF-9673AB46F937} (InstallShield Setup Player 2K2) - http://www.installshield.com/redirect/ntlinktrack.exe?http://saturn.installshiel d.com/is/10.5sp1/premier/eval/oci/setup.exe

O18 - Protocol: bw+0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {290D8556-3C80-4EFB-AE00-13E4C32299B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Logitech <-- Delete this folder!

C:\WINDOWS\System32\spoolsrv32.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Hello! I followed all of your instructions and the computer seems to be running faster, but the message is still on my desktop. I am attaching the new "HijackThis" log as per your instructions. Please let me know where you think we should go from here.

Thanks as always,

rp101

 

Hello Again! I re-removed the last set of protocols and this time they stayed removed. Attached is the most recent HijackThis log.

Thanks again for your help,

rp101

 

Your HJT log is now clean!

Now, lets procede with removing this baddie!


Download Pocket KillBox

Now, Copy and Paste C:\WINDOWS\WEB\desktop.html into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.


During Reboot, Boot into Safe Mode



Click Start > Run > type regedit

Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Look for a DWORD value called "NoViewContextMenu"

When located right click and delete it!


Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Look for a DWORD value called "NoViewContextMenu"

When located right click and delete it!


Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

Look for a DWORD value called "NoChangingWallPaper"

When located right click and delete it!



Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Only Should have "NoDriveTypeAutoRun"

Remove This Value "NoActiveDesktop"
Remove This Value "ForceActiveDesktopOn"

Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

There should on be the (default) string here

Remove This Value NoComponents
Remove This Value NoAddingComponents
Remove This Value NoDeletingComponents
Remove This Value NoEditingComponents
Remove This Value NoHTMLWallpaper


After doing the LAST step, reboot into Normal Mode and see if problems remains!

 

Hello! I followed your instructions to the best of my ability. I removed the c:\windows\web\desktop.html with killbox and then edited the registry. There was no Explorer folder of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\.

For the next step, the DWORD value "NoViewContextMenu" was not present under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.

Also, there was no folder under policies of HKEY_CURRENT_USER called ActiveDesktop so I could not erase the DWORD value "NoChangingWallPaper" or do these steps:

Remove This Value NoComponents
Remove This Value NoAddingComponents
Remove This Value NoDeletingComponents
Remove This Value NoEditingComponents
Remove This Value NoHTMLWallpaper

When I restarted Windows XP in normal mode, the spyware message is gone, but now the screen flashes slowly from white to tan, back and forth. There is now a backgrounds tab under the display option of the control panel, but I cannot select any backgrounds. I feel like we are really close to finally solving this mess. I am including the latest version of the HijackThis log in case it is helpful.


Thanks as always for your help,

rp101

 

Click Start > Run > type in regedit

Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

You should only have the (default) string. Anything else right click and delete!

 

Hello! As I mentioned above, when I use the registry editor I see the following:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\

Under the Policies folder there are two subfolders, Explorer and System. These are the only folders under Policies, there is no folder called ActiveDesktop. I guess that the lack of a folder called ActiveDesktop may be part of the problem. Let me know what you think I should do.

Thanks as always for your help,

rp101

 

Well, I was taking things one at a time but since Chaslang has posted that we will go from threre. Follow that and let me know what if any problems remain. Be sure you reboot after doing that merge.