HKEY_USERS\S-1-5-21-1085031214-117609710-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1
after removing this threat and scanning again, it seems to have returned.
how do i remove it completely?
here is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:42:07 AM, on 15/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\Program
Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Trend Micro\Internet Security 2006
\pccguide.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common
Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0
\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRAM FILES\SECWAY\SIMPLITE-MSN 2.1.7
BETA 4\SIMPLITE-MSN.EXE
C:\PROGRAM FILES\UPDATES FROM HP\137903
\PROGRAM\BACKWEB-137903.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\INTERNET
EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_AU&c=Q304&bd=pavili
on&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_AU&c=Q304&bd=pavil
ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_AU&c=Q304&bd=pavil
ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_AU&c=Q304&bd=pavili
on&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_AU&c=Q304&bd=pavil
ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_AU&c=Q304&bd=pavili
on&pf=desktop
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Inte
rnet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F
-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-
9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -
{AE7CD045-E861-484f-8273-0445EE161910} -
C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-
05D28BCF79F5} - C:\Program Files\HP\Digital
Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar -
{871F91FD-3A92-4988-A842-16AB2CFF5AF1} -
C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll (file
missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8
-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program
Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common Files\Real\Update_OB\realsched.exe" -
osboot
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32
\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program
Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32
\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32
\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}
\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05]
C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program
Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program
Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program
Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program
Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1
\HPPAVI~1\Pavilion\XPHWWBS4
\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Simp] C:\Program
Files\Secway\SimpLite-MSN 2.1.7 beta 4\SimpLite-
MSN.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Acrobat Speed
Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program
Files\Updates from HP\137903\Program\BackWeb-
137903.exe
O8 - Extra context menu item: Add to &Windows Live
Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to
existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.ht
ml
O8 - Extra context menu item: Convert selected links to
existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.ht
ml
O8 - Extra context menu item: Convert selection to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to
existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF
- res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft
Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11
\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-
B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1
\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-
2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-
FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Cont
rols/en/x86/client/wuweb_site.cab?1141441344750
O16 - DPF: {6E5A37BF-FD42-463A-877C-
4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-
housecall.trendmicro-
europe.com/housecall/applet/html/native/x86/win32/acti
vex/hcImpl.cab
O16 - DPF: {77F539E4-3C23-48D9-960B-
B6E62905C113} (FavImport Class) -
https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-
4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStat
sClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-
595F0A5519FF} (MsnMessengerSetupDownloadControl
Class) -
http://cdn.messenger.msn.com/download/MsnMesseng
erSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-
587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-
8E305202313F} - "C:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component
(PcCtlCom) - Trend Micro Incorporated. -
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv)
- Trend Micro Incorporated. - C:\PROGRA~1
\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) -
Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3
\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) -
Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3
\tmproxy.exe