Everytime I open my browser instead of going to my homepage it goes to http://www.updatesearches.com. i have tried many of things and am unable to get it to go back to my homepage. any suggestions? Also, i have another problem. Anti-Virus gold has put an advertisement on my background. I can't do anything with it other then click it and have it take me to it's main page. I can't right click and access display properties, nor can i change the background through the control panel. Any suggestions.
http://www.updatesearches.com
- Thread starter k_dog14
- Start date
evilxp2800
banned
That Website is a Spyware Site dont go to it ...
Byteman
Malware Destroyer
k_dog,
3 things... first run some scans, second fix the desktop, third fix the mouse. (see instructions below). However you should make a backup of your registry before doing the 2nd & 3rd steps (see here how to do it).
1st:
A. Disable System Restore (right-click on "My Computer", Properties, System Restore, check Turn off System Restore).
B. Enable viewing of all files/folders (open "My Computer", Tools, Folder Options, View, click "View hidden folders and files" and uncheck "Hide extensions for known file types").
C.Run the online scans below.
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
http://housecall.trendmicro.com/hou.../start_corp.asp
D. Now, download Ad-Aware SE, and SpyBot, (both are free, see links below) install them and update them seperately. Then re-boot to safe mode (pressing F8 when booting up) and run a FULL system scan with Ad-Aware, (not the Smart Scan), and check all the items it finds/let it remove them. Run SpyBot and scan, let it remove what it finds. REBOOT your machine and run them again, TAKE NOTE of what items still remain that they couldn't get ride of! Some items will be taken off from a 2nd scan and some items they will NOT be able to remove at all, (Note what those items are).
http://www.download.com/Ad-Aware-SE...tml?tag=lst-0-2
http://www.safer-networking.org/en/mirrors/index.html
2nd:
A. Click Start > Run > type in regedit
Navigate to and modify the registry entries below:
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %ALLUSERSPROFILE%\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Select "Common Desktop" and change the value to C:\Documents and Settings\All Users\Desktop
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Select "Desktop" and change the value to C:\Documents and Settings\LocalService\Desktop
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Select "Desktop" and change the value to C:\Documents and Settings\NetworkService\Desktop
Also under HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
that should be set to:
C:\Documents and Settings\NetworkService\Desktop
B. with the viewing of hidden files & folders enabled go to and delete the C:\Windows\Desktop.html (highlight it, Shift+Delete, Yes). and any other instances of desktop.html.
Navigate to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
Look for a DWORD value called "NoChangingWallPaper"
When located right click and delete it!
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
you should NOT have the following VALUES, RIGHTCLICK AND DELETE THEM...
NoActiveDesktop
ForceActiveDesktopOn
And for the following ActiveDesktop KEY:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
There should only be the (default) string here, right click and delete all of these entries. Remove everything but the (default) string. not the following:
NoComponents
NoAddingComponents
NoDeletingComponents
NoEditingComponents
NoHTMLWallpaper
3rd:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Look for a DWORD value called "NoViewContextMenu"
When located right click and delete it!
Navigate to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Look for a DWORD value called "NoViewContextMenu"
When located right click and delete it!
3 things... first run some scans, second fix the desktop, third fix the mouse. (see instructions below). However you should make a backup of your registry before doing the 2nd & 3rd steps (see here how to do it).
1st:
A. Disable System Restore (right-click on "My Computer", Properties, System Restore, check Turn off System Restore).
B. Enable viewing of all files/folders (open "My Computer", Tools, Folder Options, View, click "View hidden folders and files" and uncheck "Hide extensions for known file types").
C.Run the online scans below.
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
http://housecall.trendmicro.com/hou.../start_corp.asp
D. Now, download Ad-Aware SE, and SpyBot, (both are free, see links below) install them and update them seperately. Then re-boot to safe mode (pressing F8 when booting up) and run a FULL system scan with Ad-Aware, (not the Smart Scan), and check all the items it finds/let it remove them. Run SpyBot and scan, let it remove what it finds. REBOOT your machine and run them again, TAKE NOTE of what items still remain that they couldn't get ride of! Some items will be taken off from a 2nd scan and some items they will NOT be able to remove at all, (Note what those items are).
http://www.download.com/Ad-Aware-SE...tml?tag=lst-0-2
http://www.safer-networking.org/en/mirrors/index.html
2nd:
A. Click Start > Run > type in regedit
Navigate to and modify the registry entries below:
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Select "Desktop" and change the value to %ALLUSERSPROFILE%\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Select "Common Desktop" and change the value to C:\Documents and Settings\All Users\Desktop
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Select "Desktop" and change the value to %USERPROFILE%\Desktop
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Select "Desktop" and change the value to C:\Documents and Settings\LocalService\Desktop
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Select "Desktop" and change the value to C:\Documents and Settings\NetworkService\Desktop
Also under HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
that should be set to:
C:\Documents and Settings\NetworkService\Desktop
B. with the viewing of hidden files & folders enabled go to and delete the C:\Windows\Desktop.html (highlight it, Shift+Delete, Yes). and any other instances of desktop.html.
Navigate to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
Look for a DWORD value called "NoChangingWallPaper"
When located right click and delete it!
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
you should NOT have the following VALUES, RIGHTCLICK AND DELETE THEM...
NoActiveDesktop
ForceActiveDesktopOn
And for the following ActiveDesktop KEY:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
There should only be the (default) string here, right click and delete all of these entries. Remove everything but the (default) string. not the following:
NoComponents
NoAddingComponents
NoDeletingComponents
NoEditingComponents
NoHTMLWallpaper
3rd:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Look for a DWORD value called "NoViewContextMenu"
When located right click and delete it!
Navigate to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Look for a DWORD value called "NoViewContextMenu"
When located right click and delete it!
Last edited:
Well i have done everything requested of me. Also when i start the browser i get the exact warning screen that praetor has posted. i am still having the exact problems i had before. i have troubleshot and by ending the process explorer.exe the screen goes away, of course so does everything else. anyone know where to find another explorer.exe file. i tried copying one off of my wife's laptop but that didn't work. I have a file called screen.html in my c:\WINDOWS folder. if i delete it then the screen of the advertisement background goes away to a white screen. however all i can still do is click it and take me to the page. anymore suggestions?? i appreciate the help. thanks
Logfile of HijackThis v1.99.1
Scan saved at 7:11:48 PM, on 6/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dave.DAVID\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp760A.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logfile of HijackThis v1.99.1
Scan saved at 7:11:48 PM, on 6/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dave.DAVID\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp760A.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Byteman
Malware Destroyer
Open "my computer", goto Tools, folder options, view tab, make sure you can see hidden and system folders, and don't hide the file extensions.
Now do the reg entries again and this time search you hardrive for screen.html higlight them and hold down the shift button on your keyboard, the the delete button.
Reboot into safemode and run another search for screen.html, if non are found, reboot normal. If there are still some, delete them, and reboot normal and re-check the registry entries.
Now do the reg entries again and this time search you hardrive for screen.html higlight them and hold down the shift button on your keyboard, the the delete button.
Reboot into safemode and run another search for screen.html, if non are found, reboot normal. If there are still some, delete them, and reboot normal and re-check the registry entries.
awsome, we have gotten the background issue solved, there are two users for this computer. i compared the HKEY_CURRENT_USER\Software\Microsoft\internet explorer\desktop\components between the two users. only one user is having these issues. and in that folder there was an extra folder labeled 1. in that folder contained the screen.html along with other stuff that was different from folder 0. so i deleted that folder and now the background is back to normal. however everytime i go to my home page it takes me to http://www.updatesearches.com and gives me that error screen. even if i am on the net and at a page, if i type in my home page or hit the home page shortcut it takes me back to updatesearches.com. suggestions??? i appreciate your help. thanks
Byteman
Malware Destroyer
your past log doesn't say much, but... get rid of the following:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp760A.tmp
And goto the following file, and delete it, then reboot. (yes I know it looks like an HP file name, but HP doesn't make Browser Helper Objects, at least that I've ever seen).
C:\WINDOWS\System32\hp760A.tmp
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp760A.tmp
And goto the following file, and delete it, then reboot. (yes I know it looks like an HP file name, but HP doesn't make Browser Helper Objects, at least that I've ever seen).
C:\WINDOWS\System32\hp760A.tmp
awsome, i posted my last reply without seeing what byteman had said. i did that and now it works fine. what can you tell me about the problem i had. this is a friends computer and he said that the antivirus was disabled at one point when he went on the net. that's when this all happened. just some good spyware?? i had already deleted 5 viruses before i posted in here. thanks for all the help.
Byteman
Malware Destroyer
Some spyware and a bunch of viruses use technics to disable your antivirus and the ability to update them or go to their respective websites as well. You had 2 problems we delt with, 1 (the more difficult) was the desktop hijack, these are really nasty because Hijackthis doesn't even look at the registry keys that they use. And now marketing firms have figured this out so there are more and more varients to the desktop hijack coming out, (which makes it difficult to kill). You notice that i asked you to delete desktop.html, but your's was actually screen.html (...varients). You 2nd problem was just plain old spyware (some generic homepage hijack). 
MSantispyware is great at dealing with these.
MSantispyware is great at dealing with these.