Windows Desktop Settings Corrupted : Windows Desktop Fixes : Windows Administration NZ

-->

31 08 2007

Desktop settings corruption

Had a laptop come in today that was infected with various spyware and viri.

One of the spyware items was one of those Active Desktop jobs that takes over your desktop and tells you that you have critical spyware bla bla bla.

I cleaned all the spyware off no worries and viruses with a little bit more stuffing round.

All seemed well except for when I rebooted I had no desktop picture and when I right clicked on the desktop and went to properties I couldn’t select a desktop picture (the options were simply greyed out).
Solution download/install/run:

http://www.thespykiller.co.uk/files/cleandesktop.exe

It is interesting to note what these scripts do, they basically reset all the settings pertaining to the current users desktop.


Wshshell.RegDelete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\" 
Wshshell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\" 
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell" 
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn" 
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu" 
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper" 
Wshshell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoViewContextMenu" 
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop" 
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Custom Desktop" 
Wshshell.RegDelete "HKCU\Control Panel\desktop\ConvertedWallpaper" 
Wshshell.RegDelete "HKCU\Control Panel\desktop\ConvertedWallpaper Last WriteTime" 
Wshshell.RegDelete "HKCU\Control Panel\desktop\OriginalWallpaper" 
Wshshell.RegDelete "HKCU\Control Panel\desktop\Wallpaper" 
Wshshell.RegDelete "HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\Wallpaper" 
Wshshell.RegDelete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Desktop\" 
'Writes: 
Wshshell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop", "%USERPROFILE%\Desktop" ,"REG_EXPAND_SZ" 
Wshshell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Desktop" ,"%ALLUSERSPROFILE%\Desktop", "REG_EXPAND_SZ" 
Wshshell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop" ,"%ALLUSERSPROFILE%\Desktop", "REG_EXPAND_SZ"    
Wshshell.RegWrite "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop" ,"%USERPROFILE%\Desktop", "REG_EXPAND_SZ" 
Wshshell.RegWrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop" ,"%USERPROFILE%\Desktop", "REG_EXPAND_SZ" 
Wshshell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Desktop\General\BackupWallpaper","%USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" , "REG_EXPAND_SZ" 
Wshshell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper","%USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" ,"REG_EXPAND_SZ" 
Wshshell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\VisitGallery" , 0, "REG_DWORD" 
Wshshell.RegWrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop" , Syst & "\config\systemprofile\Desktop" 
Wshshell.RegWrite "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop" , Syst & "\config\systemprofile\Desktop" 
Wshshell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\Wallpaper" ,Win & "\Web\Safemode.htt" 
Wshshell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop", UPD