Unremovable Wallpaper from AntiVirus System Pro

Please copy and paste the following in to Notepad:

Then click File > Save as
Save as wallpaperFIX.reg to your Desktop.
Choose Save as type: All Files.
Click Save.

Exit Notepad, then double-click on wallpaperFIX.reg to run the script.

After you have confirmed the prompts, please restart your computer.

Let me know if your wallpaper will cooperate now.

When I rebooted my computer, I now have two annoying things pop up;

This one appears ar the very beggining after logging in;


And this one starts to load itself automatically after a minute or two and will not disappear unless I use the Ctrl + Alt + Delete Command (If I click Cancel a few times, it will only temporarily go away, and a minute later, it will automatically restart to load again);


Also, while my desktop was loading, before the virus, I usually see my wallpaper appear along with my icons, but ever since the virus, I only see the wallpaper and then the icons appear after 2 minutes (I timed it while waiting). The very same thing happened right now and since it's not like my usual, it's worrying me because it's the exact same behavior as the

Thank you for your patience and perseverance with me. I'm sorry for causing you so many inconveniences.

Don't worry.

Please go to VirusTotal. Copy and paste the following file path in to the box.

C:\windows\explorer.exe

Then click submit.

Please post the results (URL) to your next reply.

I need for that file to be re-analyzed.

It was already analyzed, but a new analysis must be done.

I'm sorry, is this the right one now?

http://www.virustotal.com/analisis/1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455-1263010277

Ok. Good.

Please copy and paste the following in to Notepad:

Then click File > Save as
Save as wallFIX.reg to your Desktop.
Choose Save as type: All Files.
Click Save.

Exit Notepad, then double-click on wallFIX.reg to run the script.

After you have confirmed the prompts, please restart your computer.

Let me know if your wallpaper will cooperate now.

My wallpaper is doing very well now. Thank you very much!

But at the startup of my computer, I still have the 'Found New Hardware Wizard' as well as the other download CD.

As for all the suggested downloads you have asked me to download up to now, can I uninstall them? If so, how?

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
==

Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Sun 20/12/2009 10:36:58 PM your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x8284FDA0, 0x8284FF14, 0x8060567E)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\WINDOWS\Minidump\Mini122009-02.dmp
file path: C:\WINDOWS\system32\csrss.exe
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: Client Server Runtime Process
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sun 20/12/2009 10:32:14 PM your computer crashed
This was likely caused by the following module: kxloapog.sys
Bugcheck code: 0x10000050 (0xFAE9500B, 0x0, 0xEBF68F60, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini122009-01.dmp



On Tue 10/03/2009 02:29:17 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1F09000, 0x2, 0x0, 0xEE83FD00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030909-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sun 08/03/2009 04:47:35 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1F10000, 0x2, 0x0, 0xEED62D00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030809-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sat 07/03/2009 04:48:47 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1EF8000, 0x2, 0x0, 0xEE809D00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030709-03.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sat 07/03/2009 04:44:20 PM your computer crashed
This was likely caused by the following module: mpfp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xEE508295, 0xED7ED174, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini030709-02.dmp
file path: C:\WINDOWS\system32\drivers\mpfp.sys
product: McAfee Personal Firewall Plus
company: McAfee, Inc.
description: McAfee Personal Firewall Plus Driver



On Sat 07/03/2009 04:35:54 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1F2C000, 0x2, 0x0, 0xEE402D00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030709-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Fri 06/03/2009 10:50:22 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1ECD000, 0x2, 0x0, 0xEE82ED00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030609-02.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Fri 06/03/2009 10:39:47 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x100000D1 (0xE1EB6000, 0x2, 0x0, 0xEF26ED00)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini030609-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Wed 28/06/2006 04:59:13 PM your computer crashed
This was likely caused by the following module: dump_wmimmc.
Bugcheck code: 0x100000CE (0xEDDDFD2F, 0x0, 0xEDDDFD2F, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini062806-03.dmp



On Wed 28/06/2006 04:35:47 PM your computer crashed
This was likely caused by the following module: dump_wmimmc.
Bugcheck code: 0x100000CE (0xEEC5FD2F, 0x0, 0xEEC5FD2F, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini062806-02.dmp



On Wed 28/06/2006 04:22:31 PM your computer crashed
This was likely caused by the following module: dump_wmimmc.
Bugcheck code: 0x100000CE (0xEE678D2F, 0x0, 0xEE678D2F, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini062806-01.dmp



On Sun 25/12/2005 02:41:33 PM your computer crashed
This was likely caused by the following module: ssrtln.sys
Bugcheck code: 0x100000D1 (0xF8136D9C, 0x2, 0x1, 0xF88B282F)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini122505-01.dmp
file path: C:\WINDOWS\system32\drivers\ssrtln.sys
company: Sonic Solutions
description: Shared Driver Component




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

13 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. nȯne it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

I was just doing a scan on MBAM and the results were interesting;

Malwarebytes' Anti-Malware 1.44
Database version: 3527
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

09/01/2010 01:20:29 PM
mbam-log-2010-01-09 (13-20-29).txt

Scan type: Full Scan (A:\|D:\|E:\|)
Objects scanned: 134139
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.


---

So that was the infection that covered my wallpaper? I should have scanned my A:\|D:\|E:\| Drives earlier. =/

Must have been. We took care of it anyway, because we locked the keys, so you have control over the wallpaper only. At least you have wallpaper back.

Now let's find out what that driver is that keeps crashing a system file on your computer. Also, the culprit in those Found New Hardware popups.
==

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

http://www.getsysteminfo.com/read.php?file=aeed390c48836c9b5afd42d7a2ece910

Thank you very much for helping me. =)

The new hardware popup cannot be determined, because it is hard to tell what needs to be installed. In the GSI log, all I can see is an Unknown Device.

Your Windows Installer is not functioning properly. Do you know the version number of Windows Installer on your computer? It can be found in Add or Remove Programs (Control Panel).

I'm sorry, but I'm having trouble finding out the number of my Windows Installer, what name is it under in the 'Add or Remove Programs' because I can't find it on the long list.

No biggie.

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee SecurityCenter
``````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Lastly, see this page for more info about malware and prevention.

Thank you so very much for all the help and support you have given me.
=)

When I read the article you suggested to me, I saw many free antiviruses that interested me.

Which antivirus would you suggest to me because my McAfee program is nearing it's expiration and I would like to consider all the posibilites. Should I wait for the expiration to come to a full end before I download these antiviruses?
Because I heard that having too many of them just causes them to clash with eachother.

Is there also a limit to the number of firewalls one can have on the computer?

Also, my father recently bought 'Webroot Internet Security Essentials 2010' is this program a antivirus with a firewall? It only came with the box and it's CD, and I browsed to check it's ratings, and they seem fine, but I would like to know your opinion if the Antiviruses and Firewall you suggest in the link are more effective than this program.

Webroot should be fine.

Only one firewall is necessary and will work.

I'm sorry to bother you again, but both 'Found New Hardware Wizard' and the 'Status' windows still appear at startup of my computer.

Is there any way to permenantly remove it?

As I said a little bit ago, it is not possible to find the root of the issue there, because I cannot tell from here the unknown device. If I knew the unknown device, it would be easier to configure it.

Ok, thank you very much for trying so hard to help me with all these problems. =)