niallmcl

Members
  • Content Count

    72
  • Joined

  • Last visited

Community Reputation

0 Neutral

About niallmcl

  • Rank
    Advanced Member
  1. Thanks so much for all your help!! I am going to reinstall windows this weekend.
  2. Hey Jane, I deleted that file... Does this mean i am clean? I am sure you need to know trojan what it does first. Do you think i should still reinstall windows? Thanks again Niall
  3. Here is winpfind log WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 11/02/2006 03:48:40 41984 C:\WINDOWS\killproc.exe UPX! 18/09/1997 06:12:48 7680 C:\WINDOWS\sporder.exe Checking %System% folder... PEC2 18/08/2001 13:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 01/06/2006 23:06:58 619156 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 01/06/2006 23:06:58 619156 C:\WINDOWS\SYSTEM32\DivX.dll PTech 19/06/2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll aspack 06/07/2006 18:21:48 6757792 C:\WINDOWS\SYSTEM32\MRT.exe aspack 04/08/2004 08:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll UPX! 10/07/2006 19:29:20 14848 C:\WINDOWS\SYSTEM32\protector.exe.ren.ren Umonitor 04/08/2004 08:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 25/11/2005 17:48:28 40960 C:\WINDOWS\SYSTEM32\swsc.exe winsync 18/08/2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu PTech 19/06/2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe Checking %System%\Drivers folder and sub-folders... UPX! 12/07/2006 19:27:26 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys FSG! 12/07/2006 19:27:26 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys PEC2 12/07/2006 19:27:26 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys aspack 12/07/2006 19:27:26 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys PTech 04/08/2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 21/07/2006 18:16:46 S 2048 C:\WINDOWS\bootstat.dat 16/06/2006 00:14:16 H 54156 C:\WINDOWS\QTFont.qfn 22/06/2006 12:18:30 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat 29/05/2006 17:16:00 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat 01/06/2006 21:28:56 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat 19/06/2006 16:20:58 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat 21/07/2006 18:18:20 H 1024 C:\WINDOWS\system32\config\default.LOG 21/07/2006 18:16:58 H 1024 C:\WINDOWS\system32\config\SAM.LOG 21/07/2006 18:26:58 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 21/07/2006 18:36:50 H 1024 C:\WINDOWS\system32\config\software.LOG 21/07/2006 18:20:52 H 1024 C:\WINDOWS\system32\config\system.LOG 18/07/2006 19:34:50 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 07/07/2006 12:31:56 H 0 C:\WINDOWS\system32\drivers\umdf\MsftWdf_user_01_00_00.Wdf 24/05/2006 23:43:10 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f7adf9fd-660a-4cd8-9c8c-be84feb8702e 24/05/2006 23:43:10 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 21/07/2006 18:16:52 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 04/08/2004 08:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 04/08/2004 08:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 04/08/2004 08:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 04/08/2004 08:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04/08/2004 08:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 04/08/2004 08:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04/08/2004 08:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 04/08/2004 08:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10/11/2005 14:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 04/08/2004 08:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 04/08/2004 08:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04/08/2004 08:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 04/08/2004 08:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Sun Microsystems 17/05/2002 17:04:56 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl Microsoft Corporation 04/08/2004 08:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 04/08/2004 08:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04/08/2004 08:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 04/08/2004 08:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 11/11/2005 14:02:54 1775 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\broadband medic.lnk 02/11/2001 02:28:18 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini 02/11/2004 18:34:14 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk 01/11/2004 15:00:46 875 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 02/11/2001 02:15:18 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 05/06/2006 11:24:34 1356 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 02/11/2001 02:28:18 HS 84 C:\Documents and Settings\niall mclaughlin\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 02/11/2001 02:15:18 HS 62 C:\Documents and Settings\niall mclaughlin\Application Data\desktop.ini 05/11/2004 13:16:44 27976 C:\Documents and Settings\niall mclaughlin\Application Data\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} Google Toolbar Helper = c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\Program Files\AIM\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] S3hotkey S3hotkey.exe WorksFUD C:\Program Files\Microsoft Works\wkfud.exe Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe Motive SmartBridge C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe" AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP !ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized MailScan Dispatcher "C:\Program Files\eScan\LAUNCH.EXE" eScan Updater C:\PROGRA~1\eScan\TRAYICOS.EXE /App eScan Monitor C:\PROGRA~1\eScan\AVPMWrap.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] UnHackMe Monitor C:\Program Files\UnHackMe\hackmon.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 SynchronousMachineGroupPolicy 0 SynchronousUserGroupPolicy 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableRegistryTools 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon = WgaLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 21/07/2006 18:37:12
  4. here is combofix.... Start Time= 21/07/2006 18:19:48.68 Running from: C:\Documents and Settings\niall mclaughlin\Desktop\Adware stuff QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-20 21:40:46 135834 ( A.... ) "C:\WINDOWS\winsbak2.reg" 2006-07-20 21:40:46 19516 ( A.... ) "C:\WINDOWS\winsbak.reg" 2006-07-20 21:40:42 ( .D... ) "C:\Program Files\Common Files\MicroWorld" 2006-07-20 21:40:10 ( .D... ) "C:\Program Files\eScan" 2006-07-19 21:33:00 ( .D... ) "C:\Program Files\HaxFix" 2006-07-19 09:35:46 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-18 20:15:14 ( .D... ) "C:\Program Files\UnHackMe" 2006-07-14 22:14:38 27841 ( A.... ) "C:\clean.bat" 2006-07-12 19:42:42 ( .D... ) "C:\Program Files\CCleaner" 2006-07-12 19:27:48 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\AVG7" 2006-07-12 19:27:34 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll" 2006-07-12 19:27:34 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll" 2006-07-12 19:27:12 ( .D... ) "C:\Program Files\Grisoft" 2006-07-10 19:29:20 14848 ( A.... ) "C:\WINDOWS\system32\protector.exe.ren.ren" 2006-07-06 16:47:58 ( .D... ) "C:\Program Files\Lavasoft" 2006-07-04 20:40:12 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\Lavasoft" 2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-11 22:20:56 ( .D... ) "C:\Program Files\DivX" 2006-06-08 12:38:28 ( .D... ) "C:\Program Files\QuickTime" 2006-06-08 12:35:46 ( .D... ) "C:\Program Files\iTunes" 2006-06-04 10:28:18 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla" 2006-06-04 10:28:16 ( .D... ) "C:\Program Files\Mozilla Firefox" 2006-06-01 23:11:08 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe" 2006-06-01 23:11:08 108544 ( ..... ) "C:\WINDOWS\system32\pxcpyi64.exe" 2006-06-01 23:10:26 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll" 2006-06-01 23:09:58 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll" 2006-06-01 23:09:58 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll" 2006-06-01 23:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll" 2006-06-01 23:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll" 2006-06-01 23:09:58 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll" 2006-06-01 23:09:58 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll" 2006-06-01 23:09:58 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll" 2006-06-01 23:09:58 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll" 2006-06-01 23:07:46 536576 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe" 2006-06-01 23:07:38 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll" 2006-06-01 23:07:38 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll" 2006-06-01 23:07:34 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll" 2006-06-01 23:07:00 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll" 2006-06-01 23:06:58 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll" 2006-06-01 23:06:58 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll" 2006-06-01 23:06:58 619156 ( A.... ) "C:\WINDOWS\system32\DivX.dll" 2006-06-01 23:06:34 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe" 2006-06-01 23:06:34 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\WdfMgr.exe" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\uWDF.exe" 2006-05-09 22:26:34 7706112 ( A.... ) "C:\WINDOWS\system32\wmploc.dll" 2006-05-09 22:26:34 1641472 ( A.... ) "C:\WINDOWS\system32\wmpencen.dll" 2006-05-09 22:26:34 1280000 ( A.... ) "C:\WINDOWS\system32\WMSPDMOE.dll" 2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll" 2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\WMNetMgr.dll" 2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\WMADMOD.dll" 2006-05-09 22:26:34 564736 ( A.... ) "C:\WINDOWS\system32\WMSPDMOD.dll" 2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll" 2006-05-09 22:26:34 417280 ( A.... ) "C:\WINDOWS\system32\wmdrmdev.dll" 2006-05-09 22:26:34 337408 ( A.... ) "C:\WINDOWS\system32\wmdrmnet.dll" 2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll" 2006-05-09 22:26:34 301056 ( A.... ) "C:\WINDOWS\system32\wmpdxm.dll" 2006-05-09 22:26:34 267776 ( A.... ) "C:\WINDOWS\system32\Audiodev.dll" 2006-05-09 22:26:34 237056 ( A.... ) "C:\WINDOWS\system32\wmpasf.dll" 2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\WMASF.dll" 2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll" 2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll" 2006-05-09 22:26:34 203776 ( A.... ) "C:\WINDOWS\system32\wmpsrcwp.dll" 2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll" 2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll" 2006-05-09 22:26:34 155136 ( A.... ) "C:\WINDOWS\system32\wmidx.dll" 2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll" 2006-05-09 22:26:34 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll" 2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll" 2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll" 2006-05-09 22:26:34 26112 ( A.... ) "C:\WINDOWS\system32\MsPMSNSv.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVE.DLL" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVD.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wdfApi.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll" 2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP4SDMOD.dll" 2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP43DMOD.dll" 2006-05-09 22:26:32 218112 ( A.... ) "C:\WINDOWS\system32\wmerror.dll" 2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll" 2006-05-09 22:26:32 7168 ( A.... ) "C:\WINDOWS\system32\asferror.dll" 2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll" 2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe" 2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll" 2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll" 2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll" 2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll" 2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll" 2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll" 2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll" 2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll" 2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll" 2006-05-09 21:00:08 382976 ( ..... ) "C:\WINDOWS\system32\MFPLAT.dll" 2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll" 2006-05-09 20:59:34 513536 ( ..... ) "C:\WINDOWS\system32\wmdrmsdk.dll" 2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll" 2006-05-09 20:59:18 229376 ( ..... ) "C:\WINDOWS\system32\drmupgds.exe" 2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll" 2006-05-09 20:58:54 3745280 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll" 2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll" 2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe" 2006-05-09 20:58:50 670208 ( A.... ) "C:\WINDOWS\system32\wpd_ci.dll" 2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll" 2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll" 2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll" 2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll" 2006-05-09 20:58:46 343552 ( A.... ) "C:\WINDOWS\system32\WPDSp.dll" 2006-05-09 20:58:40 144896 ( A.... ) "C:\WINDOWS\system32\wpdmtp.dll" 2006-05-09 20:58:40 55808 ( A.... ) "C:\WINDOWS\system32\wpdmtpus.dll" 2006-05-09 20:58:40 35840 ( A.... ) "C:\WINDOWS\system32\wpdconns.dll" 2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll" 2006-05-09 20:58:38 13312 ( A.... ) "C:\WINDOWS\system32\wpdtrace.dll" 2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll" 2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll" 2006-05-09 20:00:48 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-20 21:40 913,408 C:\WINDOWS\system32\contfilt.dll 2006-07-20 21:40 90,112 C:\WINDOWS\inst_tsp.exe 2006-07-20 21:40 9,488 C:\WINDOWS\sporder.dll 2006-07-20 21:40 7,680 C:\WINDOWS\sporder.exe 2006-07-20 21:40 508,928 C:\WINDOWS\system32\eInstall.exe 2006-07-20 21:40 41,984 C:\WINDOWS\killproc.exe 2006-07-20 21:40 335,872 C:\WINDOWS\system32\mwtsp.dll 2006-07-20 21:40 32,768 C:\WINDOWS\system32\esmxlog.dll 2006-07-20 21:40 19,516 C:\WINDOWS\winsbak.reg 2006-07-20 21:40 146,432 C:\WINDOWS\REGEDIT.COM 2006-07-20 21:40 146,432 C:\WINDOWS\R.COM 2006-07-20 21:40 135,834 C:\WINDOWS\winsbak2.reg 2006-07-20 21:40 135,680 C:\WINDOWS\system32\TASKMGR.COM 2006-07-20 21:40 135,680 C:\WINDOWS\system32\T.COM 2006-07-20 21:40 130,560 C:\WINDOWS\system32\ZIPDLL.DLL 2006-07-20 21:40 125,440 C:\WINDOWS\system32\UNZDLL.DLL 2006-07-20 21:40 110,592 C:\WINDOWS\system32\mwnsp.dll 2006-07-20 21:40 <DIR> C:\WINDOWS\system32\FLCSS.EXE 2006-07-19 21:33 90,112 C:\WINDOWS\system32\RegDACL.exe 2006-07-19 21:33 40,960 C:\WINDOWS\system32\swsc.exe 2006-07-19 21:33 4,096 C:\WINDOWS\system32\reboot.exe 2006-07-19 21:33 38,400 C:\WINDOWS\system32\moveex.exe 2006-07-19 21:33 27,841 C:\clean.bat 2006-07-17 23:25 519,622,656 C:\hiberfil.sys 2006-07-12 19:27 499,712 C:\WINDOWS\system32\msvcp71.dll 2006-07-12 19:27 348,160 C:\WINDOWS\system32\msvcr71.dll 2006-07-10 19:29 14,848 C:\WINDOWS\system32\protector.exe.ren.ren 2006-06-11 22:21 109,568 C:\WINDOWS\system32\pxinsi64.exe 2006-06-11 22:21 108,544 C:\WINDOWS\system32\pxcpyi64.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "S3hotkey"="S3hotkey.exe" "WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe" "Motive SmartBridge"="C:\\PROGRA~1\\ntl\\BROADB~1\\SMARTB~1\\MotiveSB.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "MailScan Dispatcher"="\"C:\\Program Files\\eScan\\LAUNCH.EXE\"" "eScan Updater"="C:\\PROGRA~1\\eScan\\TRAYICOS.EXE /App" "eScan Monitor"="C:\\PROGRA~1\\eScan\\AVPMWrap.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "UnHackMe Monitor"="C:\\Program Files\\UnHackMe\\hackmon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" Contents of the 'Scheduled Tasks' folder Completion time: 21/07/2006 18:20:36.86 ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt ComboFix.2006-07-20.142840.txt ComboFix.2006-07-21.181948.txt
  5. here is the log after i cleaned -------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 11:08:13 21/07/2006 + Scan result: C:\Program Files\eScan\scaninst.exe -> Heuristic.Win32.AVKiller : Ignored. :mozilla.62:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.63:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.13:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.48:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.46:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.14:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.58:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.59:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.60:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.47:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.55:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end
  6. Here is an ewido report, i ran it this morning and thought i would post it. i have deleted what it found. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 11:05:19 21/07/2006 + Scan result: C:\Program Files\eScan\scaninst.exe -> Heuristic.Win32.AVKiller : No action taken. :mozilla.62:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Adtech : No action taken. :mozilla.63:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Adtech : No action taken. :mozilla.13:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.15:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.16:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.48:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Atdmt : No action taken. :mozilla.46:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Com : No action taken. :mozilla.14:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken. :mozilla.58:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.59:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.60:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.47:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken. :mozilla.55:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. ::Report end
  7. I posted those files for you ... i have already changed all my passwords to my different accounts with a different computer and i havent put any of the new ones into this computer.
  8. no problem Logfile of HijackThis v1.99.1 Scan saved at 23:00:14, on 20/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\eScan\TRAYSSER.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\eScan\avpm.exe C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\S3hotkey.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\eScan\TRAYICOS.EXE C:\PROGRA~1\eScan\MAILDISP.EXE C:\PROGRA~1\eScan\AVPMWrap.EXE C:\Program Files\UnHackMe\hackmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\PROGRA~1\eScan\MAILSCAN.EXE C:\PROGRA~1\ESCAN\SPOOLER.EXE C:\PROGRA~1\eScan\kavss.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\PROGRA~1\eScan\AvpM.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\niall mclaughlin\Desktop\Adware stuff\Hijack download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [s3hotkey] S3hotkey.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE" O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.northernbank.co.uk/html/ac...B/e-Safekey.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
  9. ok i attached it as a text document on the other forum.
  10. I cant access it on microsoft ie either
  11. Unable to connect Firefox can't establish a connection to the server at www.kaspersky.com. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
  12. http://www.kaspersky.com/virusscanner That page isnt responding at the minute. I will keep trying it, can you access it?
  13. Morning Jane, Here is the ComboFix Log.... I will do the other scan now To answer your question. I dont think i have anything like that downloaded, i have never heard of it. Start Time= 20/07/2006 14:28:40.61 Running from: C:\Documents and Settings\niall mclaughlin\Desktop\Adware stuff QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-19 21:33:00 ( .D... ) "C:\Program Files\HaxFix" 2006-07-19 09:35:46 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-18 20:15:14 ( .D... ) "C:\Program Files\UnHackMe" 2006-07-14 22:14:38 27841 ( A.... ) "C:\clean.bat" 2006-07-12 19:42:42 ( .D... ) "C:\Program Files\CCleaner" 2006-07-12 19:27:48 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\AVG7" 2006-07-12 19:27:34 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll" 2006-07-12 19:27:34 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll" 2006-07-12 19:27:12 ( .D... ) "C:\Program Files\Grisoft" 2006-07-10 19:32:34 6912 ( A.... ) "C:\WINDOWS\system32\ddirectxt.sys" 2006-07-10 19:32:34 6912 ( A.... ) "C:\WINDOWS\system32\ddirectxt.sys" 2006-07-10 19:29:22 19840 ( A.... ) "C:\WINDOWS\system32\ntio256.sys" 2006-07-10 19:29:22 19840 ( A.... ) "C:\WINDOWS\system32\ntio256.sys" 2006-07-10 19:26:12 372 ( A.... ) "C:\WINDOWS\system32\3584.exe" 2006-07-06 16:47:58 ( .D... ) "C:\Program Files\Lavasoft" 2006-07-04 20:40:12 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\Lavasoft" 2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-11 22:20:56 ( .D... ) "C:\Program Files\DivX" 2006-06-08 12:38:28 ( .D... ) "C:\Program Files\QuickTime" 2006-06-08 12:35:46 ( .D... ) "C:\Program Files\iTunes" 2006-06-04 10:28:18 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla" 2006-06-04 10:28:16 ( .D... ) "C:\Program Files\Mozilla Firefox" 2006-06-01 23:11:08 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe" 2006-06-01 23:11:08 108544 ( ..... ) "C:\WINDOWS\system32\pxcpyi64.exe" 2006-06-01 23:10:26 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll" 2006-06-01 23:09:58 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll" 2006-06-01 23:09:58 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll" 2006-06-01 23:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll" 2006-06-01 23:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll" 2006-06-01 23:09:58 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll" 2006-06-01 23:09:58 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll" 2006-06-01 23:09:58 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll" 2006-06-01 23:09:58 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll" 2006-06-01 23:07:46 536576 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe" 2006-06-01 23:07:38 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll" 2006-06-01 23:07:38 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll" 2006-06-01 23:07:34 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll" 2006-06-01 23:07:00 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll" 2006-06-01 23:06:58 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll" 2006-06-01 23:06:58 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll" 2006-06-01 23:06:58 619156 ( A.... ) "C:\WINDOWS\system32\DivX.dll" 2006-06-01 23:06:34 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe" 2006-06-01 23:06:34 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\WdfMgr.exe" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\uWDF.exe" 2006-05-09 22:26:34 7706112 ( A.... ) "C:\WINDOWS\system32\wmploc.dll" 2006-05-09 22:26:34 1641472 ( A.... ) "C:\WINDOWS\system32\wmpencen.dll" 2006-05-09 22:26:34 1280000 ( A.... ) "C:\WINDOWS\system32\WMSPDMOE.dll" 2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll" 2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\WMNetMgr.dll" 2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\WMADMOD.dll" 2006-05-09 22:26:34 564736 ( A.... ) "C:\WINDOWS\system32\WMSPDMOD.dll" 2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll" 2006-05-09 22:26:34 417280 ( A.... ) "C:\WINDOWS\system32\wmdrmdev.dll" 2006-05-09 22:26:34 337408 ( A.... ) "C:\WINDOWS\system32\wmdrmnet.dll" 2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll" 2006-05-09 22:26:34 301056 ( A.... ) "C:\WINDOWS\system32\wmpdxm.dll" 2006-05-09 22:26:34 267776 ( A.... ) "C:\WINDOWS\system32\Audiodev.dll" 2006-05-09 22:26:34 237056 ( A.... ) "C:\WINDOWS\system32\wmpasf.dll" 2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\WMASF.dll" 2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll" 2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll" 2006-05-09 22:26:34 203776 ( A.... ) "C:\WINDOWS\system32\wmpsrcwp.dll" 2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll" 2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll" 2006-05-09 22:26:34 155136 ( A.... ) "C:\WINDOWS\system32\wmidx.dll" 2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll" 2006-05-09 22:26:34 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll" 2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll" 2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll" 2006-05-09 22:26:34 26112 ( A.... ) "C:\WINDOWS\system32\MsPMSNSv.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVE.DLL" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVD.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wdfApi.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll" 2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP4SDMOD.dll" 2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP43DMOD.dll" 2006-05-09 22:26:32 218112 ( A.... ) "C:\WINDOWS\system32\wmerror.dll" 2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll" 2006-05-09 22:26:32 7168 ( A.... ) "C:\WINDOWS\system32\asferror.dll" 2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll" 2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe" 2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll" 2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll" 2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll" 2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll" 2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll" 2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll" 2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll" 2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll" 2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll" 2006-05-09 21:00:08 382976 ( ..... ) "C:\WINDOWS\system32\MFPLAT.dll" 2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll" 2006-05-09 20:59:34 513536 ( ..... ) "C:\WINDOWS\system32\wmdrmsdk.dll" 2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll" 2006-05-09 20:59:18 229376 ( ..... ) "C:\WINDOWS\system32\drmupgds.exe" 2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll" 2006-05-09 20:58:54 3745280 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll" 2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll" 2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe" 2006-05-09 20:58:50 670208 ( A.... ) "C:\WINDOWS\system32\wpd_ci.dll" 2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll" 2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll" 2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll" 2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll" 2006-05-09 20:58:46 343552 ( A.... ) "C:\WINDOWS\system32\WPDSp.dll" 2006-05-09 20:58:40 144896 ( A.... ) "C:\WINDOWS\system32\wpdmtp.dll" 2006-05-09 20:58:40 55808 ( A.... ) "C:\WINDOWS\system32\wpdmtpus.dll" 2006-05-09 20:58:40 35840 ( A.... ) "C:\WINDOWS\system32\wpdconns.dll" 2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll" 2006-05-09 20:58:38 13312 ( A.... ) "C:\WINDOWS\system32\wpdtrace.dll" 2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll" 2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll" 2006-05-09 20:00:48 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-19 21:33 90,112 C:\WINDOWS\system32\RegDACL.exe 2006-07-19 21:33 40,960 C:\WINDOWS\system32\swsc.exe 2006-07-19 21:33 4,096 C:\WINDOWS\system32\reboot.exe 2006-07-19 21:33 38,400 C:\WINDOWS\system32\moveex.exe 2006-07-19 21:33 27,841 C:\clean.bat 2006-07-17 23:25 519,622,656 C:\hiberfil.sys 2006-07-12 19:27 499,712 C:\WINDOWS\system32\msvcp71.dll 2006-07-12 19:27 348,160 C:\WINDOWS\system32\msvcr71.dll 2006-07-10 19:32 6,912 C:\WINDOWS\system32\ddirectxt.sys 2006-07-10 19:29 19,840 C:\WINDOWS\system32\ntio256.sys 2006-07-10 19:26 372 C:\WINDOWS\system32\3584.exe 2006-06-11 22:21 109,568 C:\WINDOWS\system32\pxinsi64.exe 2006-06-11 22:21 108,544 C:\WINDOWS\system32\pxcpyi64.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "S3hotkey"="S3hotkey.exe" "WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe" "BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe" "Motive SmartBridge"="C:\\PROGRA~1\\ntl\\BROADB~1\\SMARTB~1\\MotiveSB.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "ÿ_zsknk_un]oqsfyonyn[niwmdksz_"="c:\\windows\\system32\\_zskdmwin[nynoyfsqo]nu_kn.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ÿ_zsknk_un]oqsfyonyn[niwmdksz_"="c:\\windows\\system32\\_zskdmwin[nynoyfsqo]nu_kn.exe" "UnHackMe Monitor"="C:\\Program Files\\UnHackMe\\hackmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "ÿ_zsknk_un]oqsfyonyn[niwmdksz_"="c:\\windows\\system32\\_zskdmwin[nynoyfsqo]nu_kn.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" Contents of the 'Scheduled Tasks' folder Completion time: 20/07/2006 14:29:08.72 ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt ComboFix.2006-07-20.142840.txt
  14. No problem Jane thanks so much for all your help!!! I am in Europe as well so we will be on the same time, I am Irish. Thanks again!!