I cannot right-click anything, I cannot change the wallpaper, etc...
I have read alot of the posts here & so far have done the following...
Ran Ad Aware, CW Shredder, Spybot S&D, Microsoft Antispyware Beta 1, Panda, Windows Update (some more than once)...
Last few runs nothing popped up on Ad Aware or Spybot altho panda found 70 infected & only fixed 6...
HJT Log as follows (msconfig enabled all)
Logfile of HijackThis v1.99.1
Scan saved at 11:34:02 PM, on 4/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\dev32.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Djo.exe
C:\WINDOWS\system32\ntddetect.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Windows\Creator\Remind_XP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\AGRSMMSG.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [sahgylt] c:\windows\system32\sahgylt.exe
O4 - HKLM\..\Run: [Efd] C:\WINDOWS\system32\Kat.exe
O4 - HKLM\..\Run: [Rua] C:\WINDOWS\system32\Grg.exe
O4 - HKLM\..\Run: [Afi] C:\WINDOWS\system32\Ant.exe
O4 - HKLM\..\Run: [Uac] C:\WINDOWS\Djo.exe
O4 - HKLM\..\Run: [Aru] C:\WINDOWS\system32\Hjf.exe
O4 - HKLM\..\Run: [Avl] C:\WINDOWS\system32\Lln.exe
O4 - HKLM\..\Run: [Vja] C:\WINDOWS\system32\Bok.exe
O4 - HKLM\..\Run: [Rhi] C:\WINDOWS\Juq.exe
O4 - HKLM\..\Run: [Liq] C:\WINDOWS\Dhf.exe
O4 - HKLM\..\Run: [Quc] C:\WINDOWS\system32\Drb.exe
O4 - HKLM\..\Run: [Phb] C:\WINDOWS\Ltl.exe
O4 - HKLM\..\Run: [Dlb] C:\WINDOWS\Idg.exe
O4 - HKLM\..\Run: [Qjj] C:\WINDOWS\Bbm.exe
O4 - HKLM\..\Run: [Dlf] C:\WINDOWS\Jbp.exe
O4 - HKLM\..\Run: [Tus] C:\WINDOWS\system32\Clc.exe
O4 - HKLM\..\Run: [Sgi] C:\WINDOWS\Gsk.exe
O4 - HKLM\..\Run: [Deb] C:\WINDOWS\system32\Hsa.exe
O4 - HKLM\..\Run: [Nib] C:\WINDOWS\system32\Jin.exe
O4 - HKLM\..\Run: [Tfc] C:\WINDOWS\Mtt.exe
O4 - HKLM\..\Run: [Deo] C:\WINDOWS\Cvp.exe
O4 - HKLM\..\Run: [Vjl] C:\WINDOWS\Evd.exe
O4 - HKLM\..\Run: [Vtg] C:\WINDOWS\Bma.exe
O4 - HKLM\..\Run: [Kuk] C:\WINDOWS\system32\Sqt.exe
O4 - HKLM\..\Run: [Ktr] C:\WINDOWS\system32\Rot.exe
O4 - HKLM\..\Run: [Ntp] C:\WINDOWS\system32\Ebl.exe
O4 - HKLM\..\Run: [Tnk] C:\WINDOWS\Eke.exe
O4 - HKLM\..\Run: [Svh] C:\WINDOWS\Cmh.exe
O4 - HKLM\..\Run: [Ebs] C:\WINDOWS\Ihg.exe
O4 - HKLM\..\Run: [Lha] C:\WINDOWS\Jil.exe
O4 - HKLM\..\Run: [Hag] C:\WINDOWS\Min.exe
O4 - HKLM\..\Run: [Ejp] C:\WINDOWS\Clh.exe
O4 - HKLM\..\Run: [Sfd] C:\WINDOWS\system32\Rdu.exe
O4 - HKLM\..\Run: [Rus] C:\WINDOWS\system32\Kcp.exe
O4 - HKLM\..\Run: [Vgg] C:\WINDOWS\Fjh.exe
O4 - HKLM\..\Run: [Pvo] C:\WINDOWS\system32\Kut.exe
O4 - HKLM\..\Run: [Cdi] C:\WINDOWS\Epm.exe
O4 - HKLM\..\Run: [Ado] C:\WINDOWS\Rtc.exe
O4 - HKLM\..\Run: [Trg] C:\WINDOWS\system32\Ktb.exe
O4 - HKLM\..\Run: [Fft] C:\WINDOWS\Prq.exe
O4 - HKLM\..\Run: [Cig] C:\WINDOWS\system32\Roo.exe
O4 - HKLM\..\Run: [Nft] C:\WINDOWS\system32\Oig.exe
O4 - HKLM\..\Run: [Nat] C:\WINDOWS\Pcb.exe
O4 - HKLM\..\Run: [Quf] C:\WINDOWS\Sqm.exe
O4 - HKLM\..\Run: [Rau] C:\WINDOWS\Nmq.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Ohq] C:\WINDOWS\system32\Mdr.exe
O4 - HKLM\..\Run: [Etc] C:\WINDOWS\Lca.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKLM\..\Run: [Ber] C:\WINDOWS\system32\Kkd.exe
O4 - HKLM\..\Run: [Ddf] C:\WINDOWS\Saq.exe
O4 - HKLM\..\Run: [Ovi] C:\WINDOWS\system32\Emf.exe
O4 - HKLM\..\Run: [Gut] C:\WINDOWS\system32\Dpv.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Euh] C:\WINDOWS\system32\Bnp.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKCU\..\Run: [Efd] C:\WINDOWS\system32\Kat.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Provides three management service (FreeBSD) - Unknown owner - C:\WINDOWS\system32\dev32.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PLEASE! Any help you can provide would be most appreciated as I'm gonna have to kick something soon...