My desktop pic reverted back to the plain dark blue and I'm not able to change it. On the "Display Properties", I clicked the "Desktop" and the background is faded and it won't let me access anything on the list. Do I need to reinstall something?

*note* On the start up page there is the little Panda logo on the bottom righ corner.

i usually go to yahoo or google images, rightclick, and save as desktop background, thats easiest.

This might be related to the problem you're having with slow internet. The problem you describe is a symptom of the SpySheriff/Smitfraud group of infections; here's the specific fix for regaining full functionality of your desktop properties:

Download the smitfraud.reg file by right-clicking on this link (http://www.bleepingcomputer.com/files/reg/smitfraud.reg) and choosing "Save link as..." or "Save target as..." from the resulting pop-up menu. Save the file to your desktop.

- Double-click the smitfraud.reg file you saved, and when it asks if you want to merge with the registry, click YES.

- Reboot your computer; your display properties should be returned to normal.

- Post me a hijackthis logfile for review, because you're infected with something.

Let me know if this works for you. Meanwhile, I still think you're infected with something and should follow the tips I've given over in the other thread or something? I'm not sure. Sounds like you definitely are infected with something though.

Hi Shifty,

I tried to log on with the Laptop and now I can't get on the net. There is no dial tone and I've tried several ways to get it to dial out, its dial up.

This is the Hijack log that I pulle doff it the other nite.

I'm going to try down load smitfraud.reg file and save it on a memory stick and then download it on the loptop.

Damnit I don't know how I missed this one:

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3el.exe (file missing)

This is bad!

ok I have my screen back and I've tried to fix that line and it won't let me.

Figures.

When you say "won't let me fix" what do you mean?

Also, does it always show up with gibberish in the ()'s?

when I click "fix checked", the Hijack outline is still there, although its balnk it the center. I also tried to download "trend micro" and it only downloded to a certain point and stopped. I downloaded "the cleaner" and ran it, it came up empty. I did a windows update and came up with empty there also. I noticed my Microsoft Antispyware is nowhere to be found.

Yes, it always shows up with the same gibberish.

I can connect with the computer now.

Ok, well this sucks. The normal way I would use to kill a service won't work if that thing is showing gibberish.

Do me a favor - click on start menu and choose run. type regedit and click OK. when the registry editor opens, press CTRL+F to open the find window. Search for this string: d3el.exe. If it can find it, can you take a screen capture of what you're looking at and show me?

ok, search can up empty and how do you do a screen shot again.

I tried hitting print screen and I must be missing something else.

press print screen the go into paintbrush and go to edit.. paste

search came up empty? that doesn't make any sense, when the search came to the end, did it ask you if you wanted to start from the beginning again? If so, can you tell it yes?

HJT pulls the information you see above from the registry. If it's saying there is a registry key with a service that is that EXE file, it's gotta be in there?

ok I found it

its on 1 line and it reads

ab (Default) REG_SZ C:\WINDOWS\SYSTEM\d3el.exe


I may not reply until later tonight, I'm just getting ready to head out the door for a 7 hr drive.

thanks, Bernie

okay, so what you have should look something like this - you will be in the folder HKEY LOCAL MACHINE under SYSTEM, then CURRENT CONTROL SET, then SERVICES. Make sure you are in the "current control set" folder and not ControlSet001 or ControlSet0003 or someting.

You should see that you are in a folder like ".example" in the picture below and inside that folder is a "key" which has the information you searched for. We want to specifically delete the folder that contains that key. This needs to be done exactly right, so do exactly as I say. Misunderstanding what I'm telling you can ruin your install of XP.

When you "find" that key (the "AB" thingy in the right-hand pane), highlight it. You should notice one of the folders in the left-hand pane is "open" looking like you see in the picture below just like ".example" is. Right-click it and an option menu will come up. Choose "DELETE" for that folder and that folder only.

After you are done, do a search in there to make sure that "EXE" file doesn't exist anywhere else.

Just so you understand what we're doing, you are in the Windows Registry. This is where Windows stores all of the settings and tweaks for Windows and makes it run. When you start up your computer, Windows starts a bunch of crap, which are called "Services". These services are normally things like ... the Windows Firewall, Remote Desktop, Antivirus, things like that. Each Service that is started at boot is written into the Registry in the branch you are looking at. Each "folder" under the "services" branch of the registry starts a single service.

Some Spyware will write a folder in the services branch itself which forces Windows to run itself when your computer boots up. It seems that is what has happened here...and it is either forcefully hiding the file it's running or something else batty is going on. You are going into the Registry, deleting the folder entry it put into the "services" portion of the registry. After you make this deletion, you will reboot and the next time you Run HijackThis, you should NOT see that service listed anymore. If you do, please show me a copy of the logfile and we will go from there, ok?

http://satellitehead.com/uploads/regedit.jpg

hey shift, thanks for your help. As you can see the item is no longer.

:metal:

Cool - now back to the original question:

Is your desktop background still being stupid? If so, let's get back to working on that. I had given a registry file for you to download earlier that is supposed to fix the problem, but ...

I downloaded that patch and it worked to perfection. My background is fine and everything is working good. My computer seems a bit sluggish, that could be because I'm use to my home computor, which is a lot faster. My fan on the laptop seems to be turning on frequently, I'm thinking about taking it apart to clean the dust out of it. Other that that, thanks for your help.

Sounds like you've got the right idea. fan will turn on due to heat. heat is caused by excessive load on the computer or dust buildup or poor circulation.

if it's excessively slow, try pressing CTRL+ALT+DEL and go into Task Manager. "show all processes" and see if something is using all of the system resources.

I wish there was something I could tell you to scan with, but ... I dunno. Might want to give Housecall a shot, maybe also the Microsoft Malicious Software scan tool.