got a problem with wallpaper disappearing

[muttzippy]

All right i am new to this but i got some idea what i am doing.
I was downloading a file on a P2P and it said it was a .zip but after i started the instal it went into DOS and loaded something. I looked at the file after it happened and it was a .zip.exe so i was tricked. i ran a virus scan and found nothing and spybot and ad aware found stuff but i dont know if it got it or not. I also went to PC pit stop and it said i got low disk and video performance which bothers me.

The prroblem is giving me a disappearing wallpaper when i use internet explorer to save as background. All that will show is the background color.

I used hijack this cuz i see you guys request that in other peoples posts so here it is

Logfile of HijackThis v1.97.3
Scan saved at 11:02:55 AM, on 2/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\iPod\bin\iPodManager.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeffrey Lombardo.LORDOFTHEFLIES.000\Desktop\New Folder\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS07
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822 - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-AB2D-8D32436313D - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4E - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2a - (no file)
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab - (no file)
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab2 - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE2 - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE22 - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE22F - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE22FB - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A51 - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A518 - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186 - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186A - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186AC - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD7 - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [SysProtect Desktop Shield] C:\Program Files\SysProtect Desktop Shield\SysProtect.exe
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MGA_CD_Install] E:\mgasetup.exe /No_Welcome /Lang:English
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [EOYG] C:\WINDOWS\EOYG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [6176394.exe] C:\WINDOWS\System32\6176394.exe
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...973.4563773148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

hope you can help me out

Mutt

[dammit]

Hi buddy....close IE and all open windows and have hijack fix the following

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822 - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-AB2D-8D32436313D - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4E - (no file)

O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2a - (no file)
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab - (no file)
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab2 - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE2 - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE22 - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE22F - (no file)
O2 - BHO: (no name) - {60E78CAC-E9A7-4302-B9EE-8582EDE22FB - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A51 - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A518 - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186 - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186A - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186AC - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD - (no file)
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD7 - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\whSurvey.exe

Reboot into safe mode and do a search for whSurvey.exe and whSurvey.exe

If found....delete.

Post back a new log.

[muttzippy]

Logfile of HijackThis v1.97.3
Scan saved at 12:30:28 PM, on 2/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\iPod\bin\iPodManager.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jeffrey Lombardo.LORDOFTHEFLIES.000\Desktop\Hijack This\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS07
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SysProtect Desktop Shield] C:\Program Files\SysProtect Desktop Shield\SysProtect.exe
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MGA_CD_Install] E:\mgasetup.exe /No_Welcome /Lang:English
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [EOYG] C:\WINDOWS\EOYG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [6176394.exe] C:\WINDOWS\System32\6176394.exe
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...973.4563773148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

ok i did all of it and there was that file in safe mode but you had the same file listed twice on your post was there another one i needed to look for?
And will this fix my slow drives or window wallpaper thing?

thanx by the way for replying so fast