Forum Home
Press F1
Thread ID: 81169	2007-07-19 02:25:00	Desktop back ground locked by htm page	KiwiLinc (6595)	Press F1

Post ID	Timestamp	Content	User
570169	2007-07-19 02:25:00	C:\WINDOWS\pchealth\helpctr\System\blurbs\index.ht m This PC is working fine. Cleaned out with Nod32, StopZilla, Spyware Sweeper. The icons on the desktop all work as they should. The background is all white. R/click\properties points to the "index.htm" file as above. Have tried deleting the file and rebooting but to no avail. The file was gone from the folder but still on the desktop. Restored the file. Have run a Windows Repair. Any ideas?	KiwiLinc (6595)
570170	2007-07-19 02:32:00	Sounds like you've got Smitfraud or something. Can you change the background to something else? Post a hjt log.	Speedy Gonzales (78)
570171	2007-07-19 02:43:00	No, it's like a white blank text page has smothered the desktop background. R/click\properties points to the "index.htm"	KiwiLinc (6595)
570172	2007-07-19 02:45:00	Post a Hijack This Jog - download link is in Speedy's sig.	wratterus (105)
570173	2007-07-19 02:49:00	OK, will do. Here is the only text on the page. Index Whether you know exactly what you're looking for, or want to browse for what you need, the Index provides you with a fast, easy way to locate topics and resources.	KiwiLinc (6595)
570174	2007-07-19 02:59:00	Note, just fired up IE and it went straight to ucleaner.com Reset home page to blank & it stayed there. (Did take quite a bit of s/ware etc out earlier) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:05:56 p.m., on 19/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe M:\System Tools\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - www.symantec.com O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - www.symantec.com O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - www.symantec.com O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - www.symantec.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing) O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O24 - Desktop Component 0: (no name) - mail.google.com O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\pchealth\helpctr\System\blurbs\index.ht m -- End of file - 6606 bytes	KiwiLinc (6595)
570175	2007-07-19 03:12:00	Log looks ok to me. But this entries can be ticked, and tick fix checked. Close browser/s. These arent nasty tho. O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O24 - Desktop Component 0: (no name) - mail.google.com See if ticking this entry removes it. O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\pchealth\helpctr\System\blurbs\index.ht m I would also uninstall all versions of Sun Java. Its now upto 6 Update 2.	Speedy Gonzales (78)
570176	2007-07-19 03:26:00	O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\pchealth\helpctr\System\blurbs\index.ht m Thats the one....Thank you very much Speedy:-)	KiwiLinc (6595)
570177	2007-07-19 03:30:00	No worries :) That is an XP file, but why it was on the background, I wouldnt have a clue.	Speedy Gonzales (78)
1