Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Display Picture


  • Please log in to reply

#1
brachule

brachule

    Member

  • Member
  • PipPip
  • 16 posts
[FONT=Geneva]I was trying to put up a display picture for the background of my computer, but I cannot! There was no set as display picture option. Also when I went into the Control Panel -> Display -> Display Properties -> Now my only option is Screen Saver or Settings that's it! I know that I am not very smart when it comes with working with computers, but I do know that there is suposed to be more options then that.

I noticed it after I uninstalle Zone Alarm, AVG and Adware Personal SE and after I installed PC-cillin Internet Security 2005 by Trend Micro.

I use a Dell Inspiron 2600 with dsl [if that helps at all].

IS there any hope for me?

:tazz:
  • 0

Advertisements


#2
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
yes, there is

home or pro?
  • 0

#3
brachule

brachule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I think it would be Home, since the computer is at home and not used for business.


I dont know if this means anything but I also have a yellow triangle with ! in the middle of it.

Edited by brachule, 09 May 2005 - 08:00 PM.

  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
start > run
regedit
enter

navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

you will see two keys SYSTEM and EXPLORER....

Click on SYSTEM--anything appear on the right?

Click on EXPLORER-- anything appear on the right?
  • 0

#5
brachule

brachule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
in Registry Editor this is what I have

HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG

It all comes up with (Default) REG_SZ (value not set)
  • 0

#6
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts

navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

View Post



^
|
|
  • 0

#7
brachule

brachule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Under Policies it has

EXPLORER
(Default) REG_SZ (value not set)
NoActiveDesktopChanges REG_DWORD 0x00000001 (1)
NoDriveTypeAutoRun REG_DWORD 0x00000091 (145)

SYSTEM
(Default) REG_SZ (value not set)
NoDispAppearancePage REG_DWORD 0x00000001 (1)
NoDispBackgroundPage REG_DWORD 0x00000001 (1)
Wallpaper REG_SZ c:/wp.bmp
WallpaperStyle REG_DWORD 0x00000000 (0)
  • 0

#8
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts

SYSTEM
(Default) REG_SZ (value not set)

NoDispAppearancePage REG_DWORD 0x00000001 (1)
NoDispBackgroundPage REG_DWORD 0x00000001 (1)
Wallpaper REG_SZ c:/wp.bmp
WallpaperStyle REG_DWORD 0x00000000 (0)

View Post


right click and delete each of those, then reboot
  • 0

#9
brachule

brachule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you for your help I now have a tulip filled display screen, however it is now hidden behind a black screen with writing, this is what it says word for word, spelling exact

WARNING!
YOU'RE IN DANGER!



ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.

Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life!


SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!

Removal instructions

then links to topspywareremoval.com

What do I do?

The properties of that screen is this file://C:\WINDOWS\Web\desktop.html

Edited by brachule, 09 May 2005 - 09:08 PM.

  • 0

#10
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
wp.bmp

search for and delete the above
  • 0

Advertisements


#11
brachule

brachule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I searched the registry and on the computer for C:\wp.bmp and it say's nothing can be found???
  • 0

#12
mpfeif101

mpfeif101

    Member 1K

  • Retired Staff
  • 1,411 posts
Chances are you have a Trojan-Spy.HTML.Smitfraud.c variant.

Go to the Malware Forum and read the instructions there on how to post a HijackThis log.
  • 0

#13
brachule

brachule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:15:36 PM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\winhlp32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Documents and Settings\Will Kenyon\Local Settings\Temporary Internet Files\Content.IE5\W5AZ8DUV\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.c...dFileApplet.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

#14
brachule

brachule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I looked at the HijackThis post I posted and didnt see anything called Trojan-Spy.HTML.Smitfraud.c

Would it actually be under that name or something else?
Also I didnt see anything that looked like wp.bmp??
  • 0

#15
brachule

brachule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have HijackThis on my computer but I dont know where to find it, can anyone help me out...

Also if anyone knows why I cant find wp.bmp on my computer or has any suggestions on how to find it then just a straight up search I would really love to hear them.

I also now have another pop up window coming up saying

Windows

Warning! Windows has detected SPYWARE INSTALLED on your computer.

What is Spyware, Adware and Malware?
Spyware and Adware, also called 'Malware', are files made by publishers that allow them to snoop on your browsing activity, see what you purchase and send you 'pop-up' ads. They can slow down your PC, cause it to crash, record your credit card numbers and worse.
If you're like most Internet users, chances are you're probably infected with these files.
Simply surfing the Internet, reading email, downloading music or other files can
infect your PC without you knowing it.

* It is HIGHLY recommended to install protection from spyware
* Choose a good antispyware program and install it to protect your privacy

Click to search the recommended spyware removal tools

Edited by brachule, 10 May 2005 - 02:13 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP