spywad

CindyLouWhooo · 08-22-2007, 02:09 PM

> CindyLouWhooo <faux@none_gone.com> wrote in
> news:mn.b17d7d781d846784.70004@nonegone.com:
>
>>> CindyLouWhooo <faux@notreal_gone.com> wrote in
>>> news:mn.94e27d78c0eb66e7.70218@notrealgone.com:
>>>
>>>> thanks for being here. I am beaten down and near brainless.
>>>>
>>>> About four months ago, my desktop tab disappeared.
>>>> I have been going from forum to forum trying to find the answer in
>>>> registry settings.
>>>>
>>>> Weekly in safe mode I run:
>>>> my antivirus Avira
>>>> have added AVG
>>>>
>>>> Spybot
>>>> Bughunter
>>>> Smitfraud fix
>>>> Arovax
>>>> Lavasoft Adaware
>>>>
>>>> and two online trojan-antivir-keylogger,etc.scans.
>>>>
>>>> Arovax tells me spywad each week and points to user and machine:
>>>> Software-Microsoft-Windows-Curr.Version-Policies........I have done
>>>> a complete restore of said machine, without change. I have been to
>>>> KellysKorner, and a multitude of honorable forums trying to find the
>>>> answer.
>>>>
>>>> My house burned down and my church gave me this machine. I feel the
>>>> hurdles I have jumped in fine tuning have been great, except for
>>>> this.
>>>>
>>>> Can you point me in the direction of what settings I need to change
>>>> in user and machine policies to make my desktop tab come back? This
>>>> has been my life's quest the past few months, and boy am I really
>>>> tired.....
>>>>
>>>>
>>>>
>>>
>>> Hi There. I'm late in this. You said your desktop tab was missing
>>> right? Lets see what could be doing that... It's likely a policy key
>>>
>>> http://www.kellys-korner-xp.com/regs...isplaytabs.reg
>>>
>>> If you have trouble with the url, please copy/paste the lines between
>>> **** below
>>>
>>> *****
>>> Windows Registry Editor Version 5.00
>>>
>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\
>>> Exp lorer] "NoActiveDesktopChanges"=hex:00,00,00,00
>>> "NoActiveDesktop"=dword:00000000
>>> "NoSaveSettings"=dword:00000000
>>> "ClassicShell"=dword:00000000
>>> "NoThemesTab"=dword:00000000
>>>
>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\
>>> Sys tem] "NoDispAppearancePage"=dword:00000000
>>> "NoColorChoice"=dword:00000000
>>> "NoSizeChoice"=dword:00000000
>>> "NoDispBackgroundPage"=dword:00000000
>>> "NoDispScrSavPage"=dword:00000000
>>> "NoDispCPL"=dword:00000000
>>> "NoVisualStyleChoice"=dword:00000000
>>> "NoDispSettingsPage"=dword:00000000
>>> "NoDispScrSavPage"=dword:00000000
>>> "NoVisualStyleChoice"=dword:00000000
>>> "NoSizeChoice"=dword:00000000
>>> "SetVisualStyle"=-
>>>
>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\
>>> Act iveDesktop] "NoChangingWallPaper"=dword:00000000
>>>
>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\ThemeMana
>>> ger
>>> ] "ThemeActive"="1"
>>> "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65, 00,6d,00,52,00,6f,00
>>> ,6f ,00,\
>>> 74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72 ,00,63,00,65,00,73
>>> ,00 ,5c,\
>>> 00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00 ,75,00,6e,00,61,00
>>> ,5c ,00,\
>>> 6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74 ,00,79,00,6c,00,65
>>> ,00 ,73,\ 00,00,00
>>>
>>> ****
>>>
>>>
>>> This *should* fix your issue for you. copy/paste the contents to
>>> notepad and save it as "fixme.reg" then double click, regedit will
>>> ask if its okay to import, say yes. and post back your results.
>>
>>
>> nothing changed, thank you for trying.

>>
>>
>>
>
> Ouch. Okay, so is it the desktop tab missing when you right click and hit
> properties, or are we going in the wrong direction?

yes that is the tab and much thanks

Dustin Cook · 08-22-2007, 04:30 PM

CindyLouWhooo <faux@none_gone.com> wrote in
news:mn.b2d97d781a705479.70004@nonegone.com:

>> CindyLouWhooo <faux@none_gone.com> wrote in
>> news:mn.b17d7d781d846784.70004@nonegone.com:
>>
>>>> CindyLouWhooo <faux@notreal_gone.com> wrote in
>>>> news:mn.94e27d78c0eb66e7.70218@notrealgone.com:
>>>>
>>>>> thanks for being here. I am beaten down and near brainless.
>>>>>
>>>>> About four months ago, my desktop tab disappeared.
>>>>> I have been going from forum to forum trying to find the answer in
>>>>> registry settings.
>>>>>
>>>>> Weekly in safe mode I run:
>>>>> my antivirus Avira
>>>>> have added AVG
>>>>>
>>>>> Spybot
>>>>> Bughunter
>>>>> Smitfraud fix
>>>>> Arovax
>>>>> Lavasoft Adaware
>>>>>
>>>>> and two online trojan-antivir-keylogger,etc.scans.
>>>>>
>>>>> Arovax tells me spywad each week and points to user and machine:
>>>>> Software-Microsoft-Windows-Curr.Version-Policies........I have
>>>>> done a complete restore of said machine, without change. I have
>>>>> been to KellysKorner, and a multitude of honorable forums trying
>>>>> to find the answer.
>>>>>
>>>>> My house burned down and my church gave me this machine. I feel
>>>>> the hurdles I have jumped in fine tuning have been great, except
>>>>> for this.
>>>>>
>>>>> Can you point me in the direction of what settings I need to
>>>>> change in user and machine policies to make my desktop tab come
>>>>> back? This has been my life's quest the past few months, and boy
>>>>> am I really tired.....
>>>>>
>>>>>
>>>>>
>>>>
>>>> Hi There. I'm late in this. You said your desktop tab was missing
>>>> right? Lets see what could be doing that... It's likely a policy
>>>> key
>>>>
>>>> http://www.kellys-korner-xp.com/regs...isplaytabs.reg
>>>>
>>>> If you have trouble with the url, please copy/paste the lines
>>>> between **** below
>>>>
>>>> *****
>>>> Windows Registry Editor Version 5.00
>>>>
>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policie
>>>> s\ Exp lorer] "NoActiveDesktopChanges"=hex:00,00,00,00
>>>> "NoActiveDesktop"=dword:00000000
>>>> "NoSaveSettings"=dword:00000000
>>>> "ClassicShell"=dword:00000000
>>>> "NoThemesTab"=dword:00000000
>>>>
>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policie
>>>> s\ Sys tem] "NoDispAppearancePage"=dword:00000000
>>>> "NoColorChoice"=dword:00000000
>>>> "NoSizeChoice"=dword:00000000
>>>> "NoDispBackgroundPage"=dword:00000000
>>>> "NoDispScrSavPage"=dword:00000000
>>>> "NoDispCPL"=dword:00000000
>>>> "NoVisualStyleChoice"=dword:00000000
>>>> "NoDispSettingsPage"=dword:00000000
>>>> "NoDispScrSavPage"=dword:00000000
>>>> "NoVisualStyleChoice"=dword:00000000
>>>> "NoSizeChoice"=dword:00000000
>>>> "SetVisualStyle"=-
>>>>
>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policie
>>>> s\ Act iveDesktop] "NoChangingWallPaper"=dword:00000000
>>>>
>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\ThemeMa
>>>> na ger
>>>> ] "ThemeActive"="1"
>>>> "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65, 00,6d,00,52,00,6f,
>>>> 00 ,6f ,00,\
>>>> 74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72 ,00,63,00,65,00,
>>>> 73 ,00 ,5c,\
>>>> 00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00 ,75,00,6e,00,61,
>>>> 00 ,5c ,00,\
>>>> 6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74 ,00,79,00,6c,00,
>>>> 65 ,00 ,73,\ 00,00,00
>>>>
>>>> ****
>>>>
>>>>
>>>> This *should* fix your issue for you. copy/paste the contents to
>>>> notepad and save it as "fixme.reg" then double click, regedit will
>>>> ask if its okay to import, say yes. and post back your results.
>>>
>>>
>>> nothing changed, thank you for trying.

>>>
>>>
>>>
>>
>> Ouch. Okay, so is it the desktop tab missing when you right click and
>> hit properties, or are we going in the wrong direction?
>
> yes that is the tab and much thanks

>
>
>

Alright. That helps.

Here's what I would like to do next, to be sure
it's a policy issue and not something else. I'd like for you to goto
control panel, users, and add another account, set it up as an
administrator. Logoff the account your using, and login to this newly
created one. Right click, hit properties, and tell me if a display tab is
available.

If its a per user policy key it may not be inherited on the new account.
If it's a group policy key, it will be.

I'd also like for you to run Dial a fix, I provided the url previously,
and allow it do do it's thing. Scan for policies, and remove any/all
found ones.

Please report back your results.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

CindyLouWhooo · 08-22-2007, 05:01 PM

> CindyLouWhooo <faux@none_gone.com> wrote in
> news:mn.b2d97d781a705479.70004@nonegone.com:
>
>>> CindyLouWhooo <faux@none_gone.com> wrote in
>>> news:mn.b17d7d781d846784.70004@nonegone.com:
>>>
>>>>> CindyLouWhooo <faux@notreal_gone.com> wrote in
>>>>> news:mn.94e27d78c0eb66e7.70218@notrealgone.com:
>>>>>
>>>>>> thanks for being here. I am beaten down and near brainless.
>>>>>>
>>>>>> About four months ago, my desktop tab disappeared.
>>>>>> I have been going from forum to forum trying to find the answer in
>>>>>> registry settings.
>>>>>>
>>>>>> Weekly in safe mode I run:
>>>>>> my antivirus Avira
>>>>>> have added AVG
>>>>>>
>>>>>> Spybot
>>>>>> Bughunter
>>>>>> Smitfraud fix
>>>>>> Arovax
>>>>>> Lavasoft Adaware
>>>>>>
>>>>>> and two online trojan-antivir-keylogger,etc.scans.
>>>>>>
>>>>>> Arovax tells me spywad each week and points to user and machine:
>>>>>> Software-Microsoft-Windows-Curr.Version-Policies........I have
>>>>>> done a complete restore of said machine, without change. I have
>>>>>> been to KellysKorner, and a multitude of honorable forums trying
>>>>>> to find the answer.
>>>>>>
>>>>>> My house burned down and my church gave me this machine. I feel
>>>>>> the hurdles I have jumped in fine tuning have been great, except
>>>>>> for this.
>>>>>>
>>>>>> Can you point me in the direction of what settings I need to
>>>>>> change in user and machine policies to make my desktop tab come
>>>>>> back? This has been my life's quest the past few months, and boy
>>>>>> am I really tired.....
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> Hi There. I'm late in this. You said your desktop tab was missing
>>>>> right? Lets see what could be doing that... It's likely a policy
>>>>> key
>>>>>
>>>>> http://www.kellys-korner-xp.com/regs...isplaytabs.reg
>>>>>
>>>>> If you have trouble with the url, please copy/paste the lines
>>>>> between **** below
>>>>>
>>>>> *****
>>>>> Windows Registry Editor Version 5.00
>>>>>
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policie
>>>>> s\ Exp lorer] "NoActiveDesktopChanges"=hex:00,00,00,00
>>>>> "NoActiveDesktop"=dword:00000000
>>>>> "NoSaveSettings"=dword:00000000
>>>>> "ClassicShell"=dword:00000000
>>>>> "NoThemesTab"=dword:00000000
>>>>>
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policie
>>>>> s\ Sys tem] "NoDispAppearancePage"=dword:00000000
>>>>> "NoColorChoice"=dword:00000000
>>>>> "NoSizeChoice"=dword:00000000
>>>>> "NoDispBackgroundPage"=dword:00000000
>>>>> "NoDispScrSavPage"=dword:00000000
>>>>> "NoDispCPL"=dword:00000000
>>>>> "NoVisualStyleChoice"=dword:00000000
>>>>> "NoDispSettingsPage"=dword:00000000
>>>>> "NoDispScrSavPage"=dword:00000000
>>>>> "NoVisualStyleChoice"=dword:00000000
>>>>> "NoSizeChoice"=dword:00000000
>>>>> "SetVisualStyle"=-
>>>>>
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policie
>>>>> s\ Act iveDesktop] "NoChangingWallPaper"=dword:00000000
>>>>>
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\ThemeMa
>>>>> na ger
>>>>> ] "ThemeActive"="1"
>>>>> "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65, 00,6d,00,52,00,6f,
>>>>> 00 ,6f ,00,\
>>>>> 74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72 ,00,63,00,65,00,
>>>>> 73 ,00 ,5c,\
>>>>> 00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00 ,75,00,6e,00,61,
>>>>> 00 ,5c ,00,\
>>>>> 6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74 ,00,79,00,6c,00,
>>>>> 65 ,00 ,73,\ 00,00,00
>>>>>
>>>>> ****
>>>>>
>>>>>
>>>>> This *should* fix your issue for you. copy/paste the contents to
>>>>> notepad and save it as "fixme.reg" then double click, regedit will
>>>>> ask if its okay to import, say yes. and post back your results.
>>>>
>>>>
>>>> nothing changed, thank you for trying.

>>>>
>>>>
>>>>
>>>
>>> Ouch. Okay, so is it the desktop tab missing when you right click and
>>> hit properties, or are we going in the wrong direction?
>>
>> yes that is the tab and much thanks

>>
>>
>>
>
> Alright. That helps.

Here's what I would like to do next, to be sure
> it's a policy issue and not something else. I'd like for you to goto
> control panel, users, and add another account, set it up as an
> administrator. Logoff the account your using, and login to this newly
> created one. Right click, hit properties, and tell me if a display tab is
> available.
>
>
> If its a per user policy key it may not be inherited on the new account.
> If it's a group policy key, it will be.
>
> I'd also like for you to run Dial a fix, I provided the url previously,
> and allow it do do it's thing. Scan for policies, and remove any/all
> found ones.
>
> Please report back your results.

thanks again Dustin, I appreciate have someone working with me towrds a
resolve.

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)"
indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email
to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 6.0.2900.2180
MPC: 76477-OEM
CPU: Intel(R) Celeron(R) CPU 2.93GHz (~2933MHz)
BIOS: 10/5/2004
Memory (approx): 1526MB
Uptime: 3 hour(s)
Current directory:
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.500\Dial-a-fix-v0.60.0.24
---

8/22/2007 2:58:28 PM -- Dial-a-fix : [v0.60.0.24] -- started
2:58:28 PM | Policy scan started
2:58:28 PM | The following restrictive policies were found:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntversion\Policies\Explorer\NoSetActiveDesktop

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entversion\Policies\Explorer\NoRecentDocsMenu
--- Emptying temp folders ---
2:59:34 PM | Deleting C:\Documents and Settings\Owner\Local
Settings\Temp...
2:59:35 PM | C:\Documents and Settings\Owner\Local Settings\Temp could
not be completely emptied, please reboot and try again
2:59:35 PM | Deleting C:\WINDOWS\temp...
2:59:35 PM | C:\WINDOWS\temp could not be completely emptied, please
reboot and try again
2:59:35 PM | Deleting C:\DOCUME~1\Owner\LOCALS~1\Temp...
2:59:36 PM | C:\DOCUME~1\Owner\LOCALS~1\Temp could not be completely
emptied, please reboot and try again
--- MSI ---
2:59:44 PM | Registered: C:\WINDOWS\system32\msi.dll

***no desktop tab on new admin user either.

Dustin Cook · 08-22-2007, 05:50 PM

CindyLouWhooo <faux@none_gone.com> wrote in
news:mn.b3857d7857043e31.70004@nonegone.com:

> thanks again Dustin, I appreciate have someone working with me towrds
> a resolve.

I'm not sure what help I'll be at this rate, but I have a few more ideas.

> --- System info ---
> OS: Microsoft Windows XP Service Pack 2
> IE version: 6.0.2900.2180
> MPC: 76477-OEM
> CPU: Intel(R) Celeron(R) CPU 2.93GHz (~2933MHz)
> BIOS: 10/5/2004
> Memory (approx): 1526MB
> Uptime: 3 hour(s)
> Current directory:
> C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.500\Dial-a-fix-v0.60.0.24
> ---
>
> 8/22/2007 2:58:28 PM -- Dial-a-fix : [v0.60.0.24] -- started
> 2:58:28 PM | Policy scan started
> 2:58:28 PM | The following restrictive policies were found:
>
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntversion\Policies\Ex
> plorer\NoSetActiveDesktop
>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entversion\Policies\E
> xplorer\NoRecentDocsMenu --- Emptying temp folders ---

This isn't exactly, good. Okay then...

Any chance you could export those keys to a text file and send them via
email to me? I bet you have alot of policy keys present.. Hopefully,
every single one is set to 0.

> ***no desktop tab on new admin user either.

Interesting. Okay, did you find a file called DESK.CPL in the c:\WINDOWS
\SYSTEM32 folder?

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

CindyLouWhooo · 08-22-2007, 06:26 PM

> CindyLouWhooo <faux@none_gone.com> wrote in
> news:mn.b3857d7857043e31.70004@nonegone.com:
>
>> thanks again Dustin, I appreciate have someone working with me towrds
>> a resolve.

>
> I'm not sure what help I'll be at this rate, but I have a few more ideas.
>

>
>> --- System info ---
>> OS: Microsoft Windows XP Service Pack 2
>> IE version: 6.0.2900.2180
>> MPC: 76477-OEM
>> CPU: Intel(R) Celeron(R) CPU 2.93GHz (~2933MHz)
>> BIOS: 10/5/2004
>> Memory (approx): 1526MB
>> Uptime: 3 hour(s)
>> Current directory:
>> C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.500\Dial-a-fix-v0.60.0.24
>> ---
>>
>> 8/22/2007 2:58:28 PM -- Dial-a-fix : [v0.60.0.24] -- started
>> 2:58:28 PM | Policy scan started
>> 2:58:28 PM | The following restrictive policies were found:
>>
>> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntversion\Policies\Ex
>> plorer\NoSetActiveDesktop
>>
>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entversion\Policies\E
>> xplorer\NoRecentDocsMenu --- Emptying temp folders ---
>
> This isn't exactly, good. Okay then...
>
> Any chance you could export those keys to a text file and send them via
> email to me? I bet you have alot of policy keys present.. Hopefully,
> every single one is set to 0.

>
>> ***no desktop tab on new admin user either.
>
> Interesting. Okay, did you find a file called DESK.CPL in the c:\WINDOWS
> \SYSTEM32 folder?

yes I have desk.cp_

will email to you tonight

Dustin Cook · 08-22-2007, 07:46 PM

CindyLouWhooo <faux@none_gone.com> wrote in
news:mn.b3da7d78383d5350.70004@nonegone.com:

>> CindyLouWhooo <faux@none_gone.com> wrote in
>> news:mn.b3857d7857043e31.70004@nonegone.com:
>>
>>> thanks again Dustin, I appreciate have someone working with me
>>> towrds a resolve.

>>
>> I'm not sure what help I'll be at this rate, but I have a few more
>> ideas.
>>

>>
>>> --- System info ---
>>> OS: Microsoft Windows XP Service Pack 2
>>> IE version: 6.0.2900.2180
>>> MPC: 76477-OEM
>>> CPU: Intel(R) Celeron(R) CPU 2.93GHz (~2933MHz)
>>> BIOS: 10/5/2004
>>> Memory (approx): 1526MB
>>> Uptime: 3 hour(s)
>>> Current directory:
>>> C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.500\Dial-a-fix-v0.60.0.24
>>> ---
>>>
>>> 8/22/2007 2:58:28 PM -- Dial-a-fix : [v0.60.0.24] -- started
>>> 2:58:28 PM | Policy scan started
>>> 2:58:28 PM | The following restrictive policies were found:
>>>
>>> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntversion\Policies\
>>> Ex plorer\NoSetActiveDesktop
>>>
>>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entversion\Policies
>>> \E xplorer\NoRecentDocsMenu --- Emptying temp folders ---
>>
>> This isn't exactly, good. Okay then...
>>
>> Any chance you could export those keys to a text file and send them
>> via email to me? I bet you have alot of policy keys present..
>> Hopefully, every single one is set to 0.

>>
>>> ***no desktop tab on new admin user either.
>>
>> Interesting. Okay, did you find a file called DESK.CPL in the
>> c:\WINDOWS \SYSTEM32 folder?
>
> yes I have desk.cp_

Was the underscore a typo? It's a very important distinction. I
specifically need to know if a file called DESK.CPL is present in the
C:\WINDOWS\SYSTEM32 folder. a File by the name of desk.cp_ implies it's
compressed and not the file I want, although we can always uncompress it
if needed.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

pcbutts1 · 08-24-2007, 06:43 PM

The desk.cpl is not your problem. That file is a regenerating file. If you
delete it 3 seconds later it comes back. If however you don't have that file
then something is stopping it from coming back. You may be still infected
with malware.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

"CindyLouWhooo" <faux@none_gone.com> wrote in message
news:mn.b3da7d78383d5350.70004@nonegone.com...
>> CindyLouWhooo <faux@none_gone.com> wrote in
>> news:mn.b3857d7857043e31.70004@nonegone.com:
>>> thanks again Dustin, I appreciate have someone working with me towrds
>>> a resolve.

>>
>> I'm not sure what help I'll be at this rate, but I have a few more ideas.
>>

>>
>>> --- System info ---
>>> OS: Microsoft Windows XP Service Pack 2
>>> IE version: 6.0.2900.2180
>>> MPC: 76477-OEM
>>> CPU: Intel(R) Celeron(R) CPU 2.93GHz (~2933MHz)
>>> BIOS: 10/5/2004
>>> Memory (approx): 1526MB
>>> Uptime: 3 hour(s)
>>> Current directory:
>>> C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.500\Dial-a-fix-v0.60.0.24
>>> ---
>>>
>>> 8/22/2007 2:58:28 PM -- Dial-a-fix : [v0.60.0.24] -- started
>>> 2:58:28 PM | Policy scan started
>>> 2:58:28 PM | The following restrictive policies were found:
>>>
>>> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntversion\Policies\Ex
>>> plorer\NoSetActiveDesktop
>>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entversion\Policies\E
>>> xplorer\NoRecentDocsMenu --- Emptying temp folders ---
>>
>> This isn't exactly, good. Okay then...
>>
>> Any chance you could export those keys to a text file and send them via
>> email to me? I bet you have alot of policy keys present.. Hopefully,
>> every single one is set to 0.

>>
>>> ***no desktop tab on new admin user either.
>>
>> Interesting. Okay, did you find a file called DESK.CPL in the c:\WINDOWS
>> \SYSTEM32 folder?
>
> yes I have desk.cp_
>
>
> will email to you tonight

>
>

Dustin Cook · 08-24-2007, 11:33 PM

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:fanqfo$1u1$1@blackhelicopter.databasix.com:

> The desk.cpl is not your problem. That file is a regenerating file. If
> you delete it 3 seconds later it comes back. If however you don't have
> that file then something is stopping it from coming back. You may be
> still infected with malware.

True, it is a protected system file. Assuming windows has a good copy to
replace it with, you mean. And I agree, that's not the issue. I'm starting
to suspect either a problem with IE, as we all know (you should, I'm giving
you the benefit of the doubt here since you did post some registry keys and
was able to explain their purpose) controls windows desktop interface,
and/or a group policy setting. The registry as far as I can tell, except
for one potentially bad setting, which I think? they have cleared up now,
is okay.

I intend to have them check for the global policy files, and then iefix, if
that all fails, a repair install of windows with sp2 is probably in order.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

Thread: spywad

Thread Tools

Display

Hybrid View

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Thread Information

Users Browsing this Thread

Posting Permissions

Thread: spywad

Thread Tools

Display

Hybrid View

Re: spywad ***PING*** Dustin

Re: spywad ***PING*** Dustin

Re: spywad ***PING*** Dustin

Re: spywad ***PING*** Dustin

Re: spywad ***PING*** Dustin

Re: spywad ***PING*** Dustin

Re: spywad ***PING*** Dustin

Re: spywad ***PING*** Dustin

Thread Information

Users Browsing this Thread

Posting Permissions

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin

Re: spywad PING Dustin