Warning htm page on the desktop

hello. i was searching through the net for a cure to this madness and i stubled on this forum. Ive read the precious messages and i downloaded hijack. heres my log file. i already tried unchecking all of my startup but still desktop.htm still comes out. hope you could help. thanks.


Logfile of HijackThis v1.99.1
Scan saved at 11:18:56 AM, on 3/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mshta.exe
C:\DOCUME~1\Raul\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: (no name) - {04EAE11C-8090-4C6B-BC74-822179162031} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {05219F84-59C8-4316-8E4A-AABAC9E144CA} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B527193-FE16-4AB6-97DC-9D53C8A7B7F1} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {0CBE874A-F478-4A8F-B5B8-E3B589AB63A6} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {0E7578A2-9A05-4942-BCF1-C7D1079AD6AE} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {15C4AA44-1FF5-46F1-ADDD-29C440DAD47F} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {1E1E7A52-8AA0-45E0-A21D-A54726CA384B} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {1F0755B7-5151-4C30-AAFE-7D67F24DECA5} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {21737E6F-BB0A-4073-BE9A-23B3E9A08021} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {2F2CC671-9BD5-4DDC-9004-8339B70E37CC} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {31FF23B4-80BB-4621-8992-BD5D3A64704B} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {322A9E6D-2271-4AE0-AB7D-3752218BBB7C} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {37854CFC-5592-406B-92AF-7C7B770FB92C} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {3BAE07E0-CB5A-49FF-90AD-409DB93C8DB7} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {3E0229F0-20C9-4482-B487-D9A9732A4CC4} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {41F07737-3DA6-418F-B498-3C5C9B53CA5B} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {43F4DBD3-F29A-454C-A347-267BA4117137} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {4D0E353D-87A2-4D94-8E1B-587DB4714FE2} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {51EB6670-BE18-4703-8A09-FF8E6FDC5A72} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {54EB7124-DDEC-41F5-948D-736142EB1918} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {553CB4A6-CC9F-4528-BC2F-C354E00DFE3D} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {5D25904F-8AE3-4D14-8D66-54848DA0BC9A} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {625BBA55-272C-465A-B3EF-C4848F6AB0C3} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {6577712F-309A-40B0-8FC0-21A3468A3747} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {66D8BF89-30A2-418C-94C5-F77C7F885B91} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {6B7AF94C-081B-4964-9974-3344DC4E8CB6} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {72A7F5B3-2A7D-4816-A46F-012D75656768} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {72E6977C-B677-4140-A4EF-9F8695BB99F8} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {73D093C5-D2D6-40F5-9055-F95AF761F8FD} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {77A005F3-5CDE-4231-9C2B-0D509EFBA647} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {7F1E1CD3-EB82-4ED0-8ED8-00BFA79209E7} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {8548423A-692F-4F79-AC01-385CBFD51831} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {879911CA-F5BA-4B03-ADEE-8C63307B0F17} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {8AAC94BE-ED3C-4B43-A928-8875B42A8304} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {92E58C67-334A-45A1-A54F-79BDD414C93F} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {95AFECA3-811F-44C6-9B8D-020CC27127C8} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {95D674B2-C509-468E-A419-EE4C76BA9F18} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {98AC4764-E62A-48F1-B21A-50C483F9806A} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {9BEE25FA-3559-4BE0-B82F-7D3B85A2E274} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {9CBE4528-F167-476D-96BD-E7CA0CB3AF4F} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {A9E0151A-ADE7-4D92-A077-A674B4CD3FA0} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {B04F7E9F-7FDA-423F-B142-78695D70DA6E} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {B1592DA9-0B96-4EB9-9A2B-EF283D2FB88C} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {B7442FC0-CFDA-4942-878C-6F63FD2095AF} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {BD345B5F-641C-4476-A5A5-458F3D5AE1F9} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {BD7DD115-381E-4C70-91B2-3A28A5B06459} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: WinSurferHelper - {C52CBAEC-D969-4635-9F50-426CC15CE463} - C:\WINDOWS\System32\4233d8bc.dll
O2 - BHO: (no name) - {CA202D2E-D95A-4E8B-8BFB-A43E50738DE8} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {D2A3738C-8E8C-41F5-9238-6A9FDD52B0BF} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {DFD802C2-BF5E-465B-97D4-CA6F0ED4DB87} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {E31D1989-C5FF-48EF-9339-FC26FD1A0565} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {E8865A9A-E472-4B1C-BBB7-D1C7C0FBBCA1} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {EE0CF8D5-D018-4056-8D6C-331A8FC58A52} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {F2B456EC-4AFD-4066-A995-F1EECBDDAEFF} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O2 - BHO: (no name) - {FDE10C6B-3966-4D0A-9B68-C575F7F7DB05} - C:\Program Files\tu64fgu0\tu64fgu0.dll
O3 - Toolbar: (no name) - {3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

Hi redlites,

The thread you replied to has been split. In the future, please create your own new thread to post a HijackThis log in.

Tom

sorry bout that tom.. hope you could help me out. will be waiting.

Hey, no problem. Sorry it has taken me this long to respond.

You have a newly discovered infection. I would like you to perform an online virus scan and a couple of trojan scans to start with.

I would like you to perform an onlne virus scan at Trend Micro

http://housecall.trendmicro.com/

Select all of your drives for scanning. Please check "Auto clean" before scanning.

If you can, copy and paste the report logs from the scan into your next post.

Next...

I'd like you to do a couple of trojan scans. Install and perform a full system scan with each of these trial programs:

Please download Trojan Hunter

http://www.misec.net/trojanhunter/

Perform a full system scan. Please write down any files found and include this information in your next post. Delete any files that come up as a positive identification.

Next...

Please download DiamondCS TDS-3

http://tds.diamondcs.com.au/

Install the program, but do not scan with it yet!

Update the Radius definitions file. Right click this link and select "Save as". Save it to the directory where you installed TDS3 and let it replace the old Radius file.

http://www.diamondcs.com.au/tds/radius.td3

Start TDS3 > at the top of the program click System Testing > Full system scan > after scanning right-click the report, save as scandump.txt > submit the scandump.txt file into your next post.

Finally, right click the items in the list that come up a a Positive Identification and select delete.

Along with the information from the scans above, please post a fresh HijackThis log.

Tom

Hi, You may like this site: http://www.processlibrary.com. You can look up different executables to see if they are risky or not, and you can also look up DLLs.

Hope this helps!

(Get the different executables to look up from your HiJack This log)