0

I followed a previous thread and installed HijackThis and have the stuff on a notepad. The following stuff appeared:

Logfile of HijackThis v1.99.1
Scan saved at 8:20:47 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINPENJR\Win32\CUSTOM.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINPENJR\Win32\PPHBUF.EXE
C:\WINPENJR\Win32\DRAWOBJ.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Cathy\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by7fd.bay7.hotmail.msn.com/cgi-bin/Mail?r=http://by7fd.bay7.hotmail.msn.com/cgi-bin/hmhome?fti=yes&curmbox=F000000001&a=d99099a71a481eaf2185d693fd1df12abbeaa463e1c5f8fa015635eaa8f2c639&curmbox=F000000001&a=d99099a71a481eaf2185d693fd1df12abbeaa463e1c5f8fa015635eaa8f2c639 (obfuscated)
F3 - REG:win.ini: run=C:\WINPENJR\Win32\CUSTOM.EXE
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [d12a346d.exe] C:\WINDOWS\system32\d12a346d.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [d12a346d.exe] C:\Documents and Settings\Cathy\Local Settings\Application Data\d12a346d.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

Can one of you please analyze this and tell me what I should do?

2
Contributors
3
Replies
4
Views
11 Years
Discussion Span
Last Post by DMR
0

Hi zellex, welcome to DaniWeb. :)

To begin with, please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.


* Download the 14-day free trial verison of ewido anti-malware.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run a scan with ewido yet; just close the program once the updates are installed.


* Close all open/running programs, especially Internet Explorer.
Run HijackThis again, put a check mark in the boxes to the left of the following entries, and then click the "Fix checked" button. Close HJT after the fixes have completed:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by7fd.bay7.hotmail.msn.com/cg...5635eaa8f2c639 (obfuscated)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [d12a346d.exe] C:\WINDOWS\system32\d12a346d.exe
O4 - HKCU\..\Run: [d12a346d.exe] C:\Documents and Settings\Cathy\Local Settings\Application Data\d12a346d.exe

* Using your Add/Remove Programs control panel, uninstall the "Viewpoint" software package.

* Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
Look for the following file, and delete it if it still exists:
C:\Documents and Settings\Cathy\Local Settings\Application Data\d12a346d.exe


* Empty your Recycle Bin and reboot normally.


* Run HJT again and post the new log. Also post the scan report that ewido generated.

0

Here is my new log and my ewido log. Um, I forgot to disconnect from the internet...should I repeat the above process again and disconnect from the internet? Also, my background is still locked :P.

Logfile of HijackThis v1.99.1
Scan saved at 5:12:54 PM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINPENJR\Win32\CUSTOM.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINPENJR\Win32\PPHBUF.EXE
C:\WINPENJR\Win32\DRAWOBJ.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Cathy\Desktop\HijackThis.exe
F3 - REG:win.ini: run=C:\WINPENJR\Win32\CUSTOM.EXE
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

My ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:00:34 PM, 5/24/2006
+ Report-Checksum: F389E1B3
+ Scan result:
C:\Documents and Settings\Cathy\Cookies\cathy@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@adtech[1].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@e-2dj6wjliakd5adp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@e-2dj6wjmywjcpshq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@e-2dj6wjnyckdpwaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-cathaypacificusa.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-christiandior.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-fandango.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-golfsmith.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-hasbro.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-ignitemedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-mattress.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-melbourneit.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-sonycomputer.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-traderpublishing.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg-worldvision.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@jcrew.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@rccl.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@saksfifthavenue.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Cathy\Cookies\cathy@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\CZ17I6RL\cmFEY1FVVXl0Sm9BQUdJelhXMEFBQUli[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\GDYFOHUF\ie0604[1].htm -> Not-A-Virus.Exploit.JS.CVE20061359.b : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\installer\id53.exe -> Trojan.SecondThought.l : Cleaned with backup
C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup
C:\Program Files\eZula -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.dst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.kwd -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.pu -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.pu.dyn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\CHCON.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\eabh.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\genun.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\arrow1.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\arrow2.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\button_small.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\icon.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Bottom.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Center.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\new.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_divider.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Left.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Off.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_On.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Right.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_B.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_L.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_R.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\spacer.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\INSTALL.LOG -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\legend.lgn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\mmod.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\param.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\rwds.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\search.src -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\seng.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\UNWISE.EXE -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\upgrade.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\version.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\wndbannn.src -> Adware.eZula : Cleaned with backup
C:\Program Files\Hotbar -> Adware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin -> Adware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\3.0.12.0 -> Adware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\3.0.12.0\HBinst.exe -> Adware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\3.0.12.0\HbInstIE.dll -> Adware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\3.0.12.0\HbSrv.EXE -> Adware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\3.0.12.0\HbToolbar.DLL -> Adware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\3.0.12.0\Install.scr -> Adware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\HotBar.log -> Adware.HotBar : Cleaned with backup
C:\Program Files\ISTbar -> Adware.ISTBar : Cleaned with backup
C:\Program Files\PerfectNav -> Adware.PerfectNav : Cleaned with backup
C:\Program Files\PerfectNav\BHO -> Adware.PerfectNav : Cleaned with backup
C:\Program Files\PerfectNav\BHO\PerfectNav150.dll -> Adware.PerfectNav : Cleaned with backup
C:\Program Files\PestTrap\PestTrap.exe -> Adware.PestTrap : Cleaned with backup
C:\Program Files\TV Media\Tvm.exe -> Adware.TotalVelocity : Cleaned with backup
C:\Program Files\TV Media\TvmCore.dll -> Adware.TotalVelocity : Cleaned with backup
C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup

::Report End

0

* Your HJT log is clean, and ewido appears to have cleaned up a number of hidden "nasties".

* In this case, physically disconnecting from the Net was just a precaution on my part; part of my general malware removal "canned answer". If it appears necessary to redo things in Safe Mode, we will do that.

* The "locked background" problem you describe is usually a leftover symptom of the SpySheriff/Smitfraud group of infections. Here's the specific fix for regaining full functionality of your desktop properties:

- Download the smitfraud.reg file by right-clicking on this link and choosing "Save link as..." or "Save target as..." from the resulting pop-up menu. Save the file to your desktop.
- Double-click the smitfraud.reg file you saved, and when it asks if you want to merge with the registry, click YES.
- Reboot your computer; your display properties should be returned to normal.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.