My computer got infected by a virus or spyware that hijacked my wallpaper. I ran Norton anti-virus 2005, Spybouncer, Adware away and xoftspy, got rid of several things but still can't change wallpaper.
My HJT log is:
Logfile of HijackThis v1.99.1
Scan saved at 14:13:07, on 7/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Softick\CardExport\CardGate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WDC\CR\SetIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\clipmt40\CLIPMT45.exe
C:\Program Files\Star Alliance Timetable\StarUpdater.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Network ICE\BlackICE\rapapp.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www/google.com.br
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jambock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www/google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jambock.com/
F2 - REG:system.ini: Shell=Explorer.exe sysinit32p2.exe
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <meta http-equiv="Content-Language" content="en-us">
O1 - Hosts: <title>P2dll.com install toolbar</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
O1 - Hosts: <link href="style.css" rel="stylesheet" type="text/css">
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="#FFFFFF" background="images/layout_55.gif" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
O1 - Hosts: <!-- ImageReady Slices (layout.psd) -->
O1 - Hosts: <table id="Table_01" width="100" height="651" border="0" cellpadding="0" cellspacing="0">
O1 - Hosts: <!-- MSTableType="nolayout" -->
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="11">
O1 - Hosts: <img src="images/layout_01.gif" width="470" height="104" alt=""></td>
O1 - Hosts: <td colspan="5">
O1 - Hosts: <img src="images/layout_02.gif" width="302" height="104" alt=""></td>
O1 - Hosts: <td width="100" rowspan="8" background="images/layout_03.gif">
O1 - Hosts: <img src="images/layout_03.gif" width="8" height="294" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="104" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_04.gif" width="16" height="42" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <A href=/><img src="images/layout_05.gif" width="81" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_06.gif" width="18" height="42" alt=""></td>
O1 - Hosts: <td colspan="2">
O1 - Hosts: <A href=index?name=about><img src="images/layout_07.gif" width="72" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_08.gif" width="18" height="42" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <A href=write><img src="images/layout_09.gif" width="83" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_10.gif" width="20" height="42" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <A href=index?name=terms><img src="images/layout_11.gif" width="95" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_12.gif" width="17" height="42" alt=""></td>
O1 - Hosts: <td colspan="3">
O1 - Hosts: <A href=index?name=about><img src="images/layout_13.gif" width="120" height="42" alt="" border=0></A></td>
O1 - Hosts: <td colspan="3" rowspan="2">
O1 - Hosts: <img src="images/layout_14.gif" width="232" height="68" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="42" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="12" rowspan="2">
O1 - Hosts: <img src="images/layout_15.gif" width="525" height="50" alt=""></td>
O1 - Hosts: <td rowspan="6">
O1 - Hosts: <img src="images/layout_16.gif" width="15" height="148" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="26" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td rowspan="3">
O1 - Hosts: <img src="images/layout_17.gif" width="34" height="71" alt=""></td>
O1 - Hosts: <td rowspan="3" background="images/layout_18.gif"> <form method=post action=login>
O1 - Hosts: <div align="center">
O1 - Hosts: <input type="text" name="id" size="12"><br>
O1 - Hosts: <br>
O1 - Hosts: <input type="password" name="pass" size="14">
O1 - Hosts: </div>
O1 - Hosts: <td rowspan="2">
O1 - Hosts: <img src="images/layout_19.gif" width="64" height="37" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="24" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="4" rowspan="3">
O1 - Hosts: <img src="images/layout_20.gif" width="174" height="79" alt=""></td>
O1 - Hosts: <td colspan="8" rowspan="3">
O1 - Hosts: <img src="images/layout_21.gif" width="351" height="79" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="13" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td>
O1 - Hosts: <input type=image src="images/layout_22.gif" width="64" height="34" alt="" border=0></td></form>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="34" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="3" rowspan="2">
O1 - Hosts: <img src="images/layout_23.gif" width="232" height="51" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="32" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="12">
O1 - Hosts: <img src="images/layout_24.gif" width="525" height="19" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="19" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="12" valign="middle">
O1 - Hosts: <table id="Table_02" width="525" height="304" border="0" cellpadding="0" cellspacing="0">
O1 - Hosts: <tr>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_25.gif" width="525" height="19" alt=""></td>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\Palm\FireConverterBrowserHelperObject.dll
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - d:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - d:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CardGate] "C:\Program Files\Softick\CardExport\CardGate.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\CR\SetIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RepliGo Assistant] "d:\Program Files\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WatchDog] D:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [second] C:\WINDOWS\system32\second.bat
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - Startup: ClipMate 4.5.lnk = C:\Program Files\clipmt40\CLIPMT45.exe
O4 - Startup: StarUpdater.exe.lnk = ?
O4 - Startup: CMStart.exe.lnk = C:\Program Files\CH Products\Control Manager\CMStart.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\palm\iSiloX\iSiloXIE.dll
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\palm\iSiloX\iSiloXIE.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\rapapp.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I thank you guys in advance.
All the best,
Sydy