White/blank desktop after Spyware ad, Need help!!

Welcome to MGs!

This may or may not be related to the SmitFraud/SpyAxe family of problems. First try running the steps in the below link and post the smitfiles.txt log:

Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

Afterwards if you still have a Desktop problem, use the below procedure.

Fixing Locked Desktop
Also you should right click on your Desktop and select Properties. Then click the Desktop tab and then the Customize Desktop button. Now in the next window that comes up click the Web tab. Make sure at the bottom that Lock desktop items is unchecked. Then in the Web pages: box delete all items but My Current Home Page and make sure it is unchecked too. Then click OK. Apply. OK.

Let me know the results!

Also have you run ALL the steps in the READ & RUN ME sticky? If so, where are the BitDefender and PandaActiveScan logs that you should have attached if still having problems.

 

Why did you add a message putting them inline when you already attached them?

Your HJT log appears to be from safe mode and the directions specifially request that logs be from normal boot mode. Do not post a new one yet! We will do that later on.

Also it does not appear that you completed all the steps in the READ ME. I do not see proper signs that Spybot was installed per the instructions and I do not see MS Antispyware running. Did you install and run them?

Boot into safe mode and use Windows Explorer to locate and delete the below if they still exist:
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp
C:\WINDOWS\loadadv728.exe
C:\WINDOWS\secure32.html
C:\WINDOWS\system32\azebar.xml
C:\WINDOWS\system32\iasada.dll
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\drsmartload95a.exe

Also your HJT log does not show the proper signs that the BitDefender and PandaActive scans were run. Did you get the HJT log before doing the scans? If so, that is not what the directions ask for. Please post a HijackThis log from normal boot mode and I would expect that there should be evidence that the online scans were run in this new log.

Did you run the SmitRem tool (part of that Smitfraud link a gave you)? If so, post the requested log.

 

Not in this forum! They are always attachments. If not, they are removed (or sometimes attached for you if for some reason you cannot attach files).

You never followed the direction for installing HJT. You have it running from:
C:\Documents and Settings\Main\Desktop\HijackThis.exe

You should install it properly.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: *.real.com
O15 - Trusted Zone: http://yahoo.sbc.com

After clicking Fix, exit HJT.

How is everything working now?

 

You're welcome. Now make sure you check out the below link to help keep you clean:

How to Protect yourself from malware!