ComboFix Black Background

Post Reply New Topic

Hey!
My brother somehow managed to pick up a virus that practically no one on planet earth has ever caught. maneger.exe was its name. It kept opening ad.fly links directing to google every once in a while. So I ran ComboFix because I didnt have time (I also felt too tired to have to stay up) to do a malwarebytes scan which probably wouldn't have done the trick and would have taken way more time. So I ran ComboFix and it did the trick nicely and swatted maneger.exe like a bug. Issue is now, I cant set any wallpapers or anything. I have tried running ComboFox with /u and that did the trick and I could set the wallpapers. But then when I rebooted, it was back to black again.(Excuse the pun ) At this point I have no idea what to do. I have tried deleting the wallpaper file and checking the Ease Of Use settings and also the permissions still to no avail.
Any ideas on whats going on here?
Thanks!

Every time I run it, after the first restart the desktop wallpaper shows up, but then when I restart a second time the wallpaper disappears....
:s

I have uninstalled it too and still nothing

Well, you uninstalled ComboFix, it seems. But is the CF log still there? I would love to see the contents.

Also, is it a genuine Windows? The black desktop issue might be related to the WGA thingy. Is there a message at the bottom right or something?

Il send the logs from ComboFix a bit later on when I have access to the machine.
I can change the color of the background so its not in genuine and theres no text in the corner.

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-02-15 1597864]
"Spotify"="c:\users\Gaming\AppData\Roaming\Spotify\Spotify.exe" [2013-01-08 7880664]
"Spotify Web Helper"="c:\users\Gaming\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-01-08 1199576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Gaming\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys [2012-08-13 25704]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [2009-10-06 14136]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK1705;SaiK1705;c:\windows\system32\DRIVERS\SaiK1705.sys [x]
S3 SaiU1705;SaiU1705;c:\windows\system32\DRIVERS\SaiU1705.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
eventsystem
iprip
netman
wzcsvc
ip6fwhlp
WmdmPmSN
UxTuneUp
Appinfo
BDESVC
Browser
EapHost
hkmsvc
IKEEXT
MMCSS
ProfSvc
seclogon
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 17:01 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-02 21:39]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 05:56]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 05:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-10-15 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-10-15 158208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoW3 ... type=ds&q={searchTerms}
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2139293066-3876787542-362734092-1000\Software\SecuROM\License information*]
"datasecu"=hex:a9,4e,5e,e0,8e,c3,96,e8,e6,d5,2e,30,6b,c8,e8,25,86,d0,96,39,41,
76,d6,68,f1,87,a1,10,2f,ef,19,95,c2,e8,e0,23,74,9e,d5,13,5b,3e,07,4b,a9,cc,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-02-17 23:59:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-17 23:59
ComboFix2.txt 2013-02-17 23:22
ComboFix3.txt 2013-02-17 22:38
.
Pre-Run: 605,820,985,344 bytes free
Post-Run: 605,739,646,976 bytes free
.
- - End Of File - - 4CF15FC941C1BA7FE270AC825A7AF37E
I have run it 3 times so this is the latest one. It doesnt have maneger.exe in it because thjat was done on the first run of ComboFix.

Top of the log is missing.

Anyway, assuming it isn't a persistent malware issue, have you tried the following?

Control Panel (Classic view) > Ease of Access Center > Make the computer easier
to see link. On the Make things on the screen easier to see portion (bottom),
make sure the Remove background images (where available) is not checked.

If it fixes the problem, credit to poster in another forum:
http://www.vistaheads.com/forums/micros ... black.html

If not, let me know and we'll see what else to do.

Nah its not that. Already tried
Also, the sound along with thumbnails arent working either.

For some reason the last one I did only saved half the logs.
Heres the top from another scan if that helps :/
ComboFix 13-02-18.01 - Gaming 02/18/2013 12:48:42.4.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12212.9891 [GMT 0:00]
Running from: c:\users\Gaming\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dan\AppData\Roaming\dclogs
.
.
((((((((((((((((((((((((( Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
.
.
2013-02-18 12:52 . 2013-02-18 12:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-18 12:52 . 2013-02-18 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-17 22:56 . 2013-02-18 12:37 -------- d-----w- c:\users\Dan
2013-02-13 20:39 . 2013-02-13 20:39 -------- d-----w- c:\users\Gaming\AppData\Local\My Games
2013-02-10 20:03 . 2013-02-10 20:19 -------- d-----w- c:\users\Gaming\AppData\Roaming\Notepad++
2013-02-10 20:03 . 2013-02-10 20:03 -------- d-----w- c:\program files (x86)\Notepad++
2013-02-09 00:24 . 2013-02-09 00:24 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2013-02-09 00:07 . 2013-01-24 23:19 -------- d-----w- c:\users\Gaming\Windows_Loader_v2.2
2013-02-08 23:58 . 2013-02-08 23:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-02 01:32 . 2013-02-09 21:39 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-02 01:32 . 2013-02-09 21:39 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-02 01:32 . 2013-02-02 01:32 -------- d-----w- c:\windows\SysWow64\Macromed
2013-02-02 01:32 . 2013-02-02 01:32 -------- d-----w- c:\windows\system32\Macromed
2013-02-01 17:19 . 2013-02-01 17:19 -------- d-----w- c:\program files\WinRAR
2013-01-19 21:52 . 2013-02-16 23:23 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-19 16:53 . 2013-02-16 23:23 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-19 16:53 . 2013-02-15 20:04 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-19 16:53 . 2013-01-19 21:53 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-01-19 16:53 . 2013-01-19 16:51 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 11:51 . 2013-01-17 11:51 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-01-09 23:09 . 2009-08-18 12:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-01-09 23:09 . 2009-08-18 11:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-01-09 19:20 . 2013-01-09 19:13 61 ----a-w- c:\users\Gaming\Minecraft.bat
2013-01-09 19:15 . 2013-01-09 19:15 959976 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-09 19:15 . 2013-01-09 19:15 308200 ----a-w- c:\windows\system32\javaws.exe
2013-01-09 19:15 . 2013-01-09 19:15 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-09 19:15 . 2013-01-09 19:15 188392 ----a-w- c:\windows\system32\javaw.exe
2013-01-09 19:15 . 2013-01-09 19:15 188392 ----a-w- c:\windows\system32\java.exe
2013-01-09 19:15 . 2013-01-09 19:15 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-08 22:35 . 2013-01-08 22:36 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-08 22:35 . 2013-01-08 22:36 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-08 22:35 . 2013-01-08 22:36 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-29 10:34 . 2013-01-09 06:08 61368 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-29 10:34 . 2013-01-09 06:08 53176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-29 10:34 . 2013-01-09 06:08 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-12-29 10:34 . 2013-01-09 06:08 9389888 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:34 . 2013-01-09 06:08 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-29 10:34 . 2013-01-09 06:08 7565240 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:34 . 2013-01-09 06:08 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-29 10:34 . 2013-01-09 06:08 420280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2012-12-29 10:34 . 2013-01-09 06:08 364984 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2012-12-29 10:34 . 2013-01-09 06:08 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:34 . 2013-01-09 06:08 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2013-01-09 06:08 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-29 10:34 . 2013-01-09 06:08 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-29 10:34 . 2013-01-09 06:08 25256376 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:34 . 2013-01-09 06:08 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2013-01-09 06:08 246024 ----a-w- c:\windows\system32\nvinitx.dll
2012-12-29 10:34 . 2013-01-09 06:08 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-09 06:08 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-29 10:34 . 2013-01-09 06:08 201728 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-12-29 10:34 . 2013-01-09 06:08 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-09 06:08 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2013-01-09 06:08 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2013-01-09 06:08 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-29 10:34 . 2013-01-09 06:08 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2013-01-09 06:08 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2013-01-09 06:08 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2013-01-09 06:08 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2013-01-09 06:08 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2013-01-09 06:08 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 08:40 . 2013-01-09 06:08 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2013-01-09 06:08 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2013-01-09 06:08 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2013-01-09 06:08 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2013-01-09 06:08 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2013-01-09 06:08 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2013-01-09 06:08 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 02:54 . 2012-12-29 02:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-06 09:57 . 2012-12-06 09:57 68888 ----a-w- c:\windows\system32\CLEyeDevices.dll
.

Have you tried sfc /scannow?

Dear Gaming industry:
Stop using the crapiest platform known to man and switch to a proper open source solution: Linux. If you do this, most of us can switch and move on to a happier computing platform.
Its not crappy and it does its job without threat and if something goes wrong you can fix it. Please stop supporting such a beastly platform such as Windows.
Thanks
Signed,
Madbones.
Just wanted to get that off my chest xD.
Windows 7 Install DVD here I come!
Thanks guys, you tried your best, but I have been researching this issue all day and it looks like no one knows quite what it is .
Anyways, thanks!

Try Repair Install first.

I couldn't respond earlier because I needed to sleep. But do whatever you wish to do.

Dont worry xD it was probably unrepairable and would have been quicker to do a system format anyways.
Thanks for the support anyway