niallmcl

Members
  • Content Count

    72
  • Joined

  • Last visited

Everything posted by niallmcl

  1. Thanks so much for all your help!! I am going to reinstall windows this weekend.
  2. Hey Jane, I deleted that file... Does this mean i am clean? I am sure you need to know trojan what it does first. Do you think i should still reinstall windows? Thanks again Niall
  3. Here is winpfind log WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 11/02/2006 03:48:40 41984 C:\WINDOWS\killproc.exe UPX! 18/09/1997 06:12:48 7680 C:\WINDOWS\sporder.exe Checking %System% folder... PEC2 18/08/2001 13:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 01/06/2006 23:06:58 619156 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 01/06/2006 23:06:58 619156 C:\WINDOWS\SYSTEM32\DivX.dll PTech 19/06/2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll aspack 06/07/2006 18:21:48 6757792 C:\WINDOWS\SYSTEM32\MRT.exe aspack 04/08/2004 08:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll UPX! 10/07/2006 19:29:20 14848 C:\WINDOWS\SYSTEM32\protector.exe.ren.ren Umonitor 04/08/2004 08:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 25/11/2005 17:48:28 40960 C:\WINDOWS\SYSTEM32\swsc.exe winsync 18/08/2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu PTech 19/06/2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe Checking %System%\Drivers folder and sub-folders... UPX! 12/07/2006 19:27:26 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys FSG! 12/07/2006 19:27:26 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys PEC2 12/07/2006 19:27:26 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys aspack 12/07/2006 19:27:26 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys PTech 04/08/2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 21/07/2006 18:16:46 S 2048 C:\WINDOWS\bootstat.dat 16/06/2006 00:14:16 H 54156 C:\WINDOWS\QTFont.qfn 22/06/2006 12:18:30 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat 29/05/2006 17:16:00 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat 01/06/2006 21:28:56 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat 19/06/2006 16:20:58 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat 21/07/2006 18:18:20 H 1024 C:\WINDOWS\system32\config\default.LOG 21/07/2006 18:16:58 H 1024 C:\WINDOWS\system32\config\SAM.LOG 21/07/2006 18:26:58 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 21/07/2006 18:36:50 H 1024 C:\WINDOWS\system32\config\software.LOG 21/07/2006 18:20:52 H 1024 C:\WINDOWS\system32\config\system.LOG 18/07/2006 19:34:50 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 07/07/2006 12:31:56 H 0 C:\WINDOWS\system32\drivers\umdf\MsftWdf_user_01_00_00.Wdf 24/05/2006 23:43:10 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f7adf9fd-660a-4cd8-9c8c-be84feb8702e 24/05/2006 23:43:10 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 21/07/2006 18:16:52 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 04/08/2004 08:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 04/08/2004 08:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 04/08/2004 08:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 04/08/2004 08:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04/08/2004 08:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 04/08/2004 08:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04/08/2004 08:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 04/08/2004 08:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10/11/2005 14:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 04/08/2004 08:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 04/08/2004 08:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04/08/2004 08:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 04/08/2004 08:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Sun Microsystems 17/05/2002 17:04:56 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl Microsoft Corporation 04/08/2004 08:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 04/08/2004 08:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04/08/2004 08:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 04/08/2004 08:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 11/11/2005 14:02:54 1775 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\broadband medic.lnk 02/11/2001 02:28:18 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini 02/11/2004 18:34:14 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk 01/11/2004 15:00:46 875 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 02/11/2001 02:15:18 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 05/06/2006 11:24:34 1356 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 02/11/2001 02:28:18 HS 84 C:\Documents and Settings\niall mclaughlin\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 02/11/2001 02:15:18 HS 62 C:\Documents and Settings\niall mclaughlin\Application Data\desktop.ini 05/11/2004 13:16:44 27976 C:\Documents and Settings\niall mclaughlin\Application Data\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} Google Toolbar Helper = c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\Program Files\AIM\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] S3hotkey S3hotkey.exe WorksFUD C:\Program Files\Microsoft Works\wkfud.exe Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe Motive SmartBridge C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe" AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP !ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized MailScan Dispatcher "C:\Program Files\eScan\LAUNCH.EXE" eScan Updater C:\PROGRA~1\eScan\TRAYICOS.EXE /App eScan Monitor C:\PROGRA~1\eScan\AVPMWrap.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] UnHackMe Monitor C:\Program Files\UnHackMe\hackmon.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 SynchronousMachineGroupPolicy 0 SynchronousUserGroupPolicy 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableRegistryTools 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon = WgaLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 21/07/2006 18:37:12
  4. here is combofix.... Start Time= 21/07/2006 18:19:48.68 Running from: C:\Documents and Settings\niall mclaughlin\Desktop\Adware stuff QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-20 21:40:46 135834 ( A.... ) "C:\WINDOWS\winsbak2.reg" 2006-07-20 21:40:46 19516 ( A.... ) "C:\WINDOWS\winsbak.reg" 2006-07-20 21:40:42 ( .D... ) "C:\Program Files\Common Files\MicroWorld" 2006-07-20 21:40:10 ( .D... ) "C:\Program Files\eScan" 2006-07-19 21:33:00 ( .D... ) "C:\Program Files\HaxFix" 2006-07-19 09:35:46 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-18 20:15:14 ( .D... ) "C:\Program Files\UnHackMe" 2006-07-14 22:14:38 27841 ( A.... ) "C:\clean.bat" 2006-07-12 19:42:42 ( .D... ) "C:\Program Files\CCleaner" 2006-07-12 19:27:48 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\AVG7" 2006-07-12 19:27:34 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll" 2006-07-12 19:27:34 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll" 2006-07-12 19:27:12 ( .D... ) "C:\Program Files\Grisoft" 2006-07-10 19:29:20 14848 ( A.... ) "C:\WINDOWS\system32\protector.exe.ren.ren" 2006-07-06 16:47:58 ( .D... ) "C:\Program Files\Lavasoft" 2006-07-04 20:40:12 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\Lavasoft" 2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-11 22:20:56 ( .D... ) "C:\Program Files\DivX" 2006-06-08 12:38:28 ( .D... ) "C:\Program Files\QuickTime" 2006-06-08 12:35:46 ( .D... ) "C:\Program Files\iTunes" 2006-06-04 10:28:18 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla" 2006-06-04 10:28:16 ( .D... ) "C:\Program Files\Mozilla Firefox" 2006-06-01 23:11:08 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe" 2006-06-01 23:11:08 108544 ( ..... ) "C:\WINDOWS\system32\pxcpyi64.exe" 2006-06-01 23:10:26 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll" 2006-06-01 23:09:58 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll" 2006-06-01 23:09:58 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll" 2006-06-01 23:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll" 2006-06-01 23:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll" 2006-06-01 23:09:58 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll" 2006-06-01 23:09:58 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll" 2006-06-01 23:09:58 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll" 2006-06-01 23:09:58 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll" 2006-06-01 23:07:46 536576 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe" 2006-06-01 23:07:38 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll" 2006-06-01 23:07:38 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll" 2006-06-01 23:07:34 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll" 2006-06-01 23:07:00 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll" 2006-06-01 23:06:58 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll" 2006-06-01 23:06:58 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll" 2006-06-01 23:06:58 619156 ( A.... ) "C:\WINDOWS\system32\DivX.dll" 2006-06-01 23:06:34 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe" 2006-06-01 23:06:34 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\WdfMgr.exe" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\uWDF.exe" 2006-05-09 22:26:34 7706112 ( A.... ) "C:\WINDOWS\system32\wmploc.dll" 2006-05-09 22:26:34 1641472 ( A.... ) "C:\WINDOWS\system32\wmpencen.dll" 2006-05-09 22:26:34 1280000 ( A.... ) "C:\WINDOWS\system32\WMSPDMOE.dll" 2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll" 2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\WMNetMgr.dll" 2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\WMADMOD.dll" 2006-05-09 22:26:34 564736 ( A.... ) "C:\WINDOWS\system32\WMSPDMOD.dll" 2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll" 2006-05-09 22:26:34 417280 ( A.... ) "C:\WINDOWS\system32\wmdrmdev.dll" 2006-05-09 22:26:34 337408 ( A.... ) "C:\WINDOWS\system32\wmdrmnet.dll" 2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll" 2006-05-09 22:26:34 301056 ( A.... ) "C:\WINDOWS\system32\wmpdxm.dll" 2006-05-09 22:26:34 267776 ( A.... ) "C:\WINDOWS\system32\Audiodev.dll" 2006-05-09 22:26:34 237056 ( A.... ) "C:\WINDOWS\system32\wmpasf.dll" 2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\WMASF.dll" 2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll" 2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll" 2006-05-09 22:26:34 203776 ( A.... ) "C:\WINDOWS\system32\wmpsrcwp.dll" 2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll" 2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll" 2006-05-09 22:26:34 155136 ( A.... ) "C:\WINDOWS\system32\wmidx.dll" 2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll" 2006-05-09 22:26:34 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll" 2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll" 2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll" 2006-05-09 22:26:34 26112 ( A.... ) "C:\WINDOWS\system32\MsPMSNSv.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVE.DLL" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVD.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wdfApi.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll" 2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP4SDMOD.dll" 2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP43DMOD.dll" 2006-05-09 22:26:32 218112 ( A.... ) "C:\WINDOWS\system32\wmerror.dll" 2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll" 2006-05-09 22:26:32 7168 ( A.... ) "C:\WINDOWS\system32\asferror.dll" 2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll" 2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe" 2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll" 2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll" 2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll" 2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll" 2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll" 2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll" 2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll" 2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll" 2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll" 2006-05-09 21:00:08 382976 ( ..... ) "C:\WINDOWS\system32\MFPLAT.dll" 2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll" 2006-05-09 20:59:34 513536 ( ..... ) "C:\WINDOWS\system32\wmdrmsdk.dll" 2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll" 2006-05-09 20:59:18 229376 ( ..... ) "C:\WINDOWS\system32\drmupgds.exe" 2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll" 2006-05-09 20:58:54 3745280 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll" 2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll" 2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe" 2006-05-09 20:58:50 670208 ( A.... ) "C:\WINDOWS\system32\wpd_ci.dll" 2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll" 2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll" 2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll" 2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll" 2006-05-09 20:58:46 343552 ( A.... ) "C:\WINDOWS\system32\WPDSp.dll" 2006-05-09 20:58:40 144896 ( A.... ) "C:\WINDOWS\system32\wpdmtp.dll" 2006-05-09 20:58:40 55808 ( A.... ) "C:\WINDOWS\system32\wpdmtpus.dll" 2006-05-09 20:58:40 35840 ( A.... ) "C:\WINDOWS\system32\wpdconns.dll" 2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll" 2006-05-09 20:58:38 13312 ( A.... ) "C:\WINDOWS\system32\wpdtrace.dll" 2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll" 2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll" 2006-05-09 20:00:48 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-20 21:40 913,408 C:\WINDOWS\system32\contfilt.dll 2006-07-20 21:40 90,112 C:\WINDOWS\inst_tsp.exe 2006-07-20 21:40 9,488 C:\WINDOWS\sporder.dll 2006-07-20 21:40 7,680 C:\WINDOWS\sporder.exe 2006-07-20 21:40 508,928 C:\WINDOWS\system32\eInstall.exe 2006-07-20 21:40 41,984 C:\WINDOWS\killproc.exe 2006-07-20 21:40 335,872 C:\WINDOWS\system32\mwtsp.dll 2006-07-20 21:40 32,768 C:\WINDOWS\system32\esmxlog.dll 2006-07-20 21:40 19,516 C:\WINDOWS\winsbak.reg 2006-07-20 21:40 146,432 C:\WINDOWS\REGEDIT.COM 2006-07-20 21:40 146,432 C:\WINDOWS\R.COM 2006-07-20 21:40 135,834 C:\WINDOWS\winsbak2.reg 2006-07-20 21:40 135,680 C:\WINDOWS\system32\TASKMGR.COM 2006-07-20 21:40 135,680 C:\WINDOWS\system32\T.COM 2006-07-20 21:40 130,560 C:\WINDOWS\system32\ZIPDLL.DLL 2006-07-20 21:40 125,440 C:\WINDOWS\system32\UNZDLL.DLL 2006-07-20 21:40 110,592 C:\WINDOWS\system32\mwnsp.dll 2006-07-20 21:40 <DIR> C:\WINDOWS\system32\FLCSS.EXE 2006-07-19 21:33 90,112 C:\WINDOWS\system32\RegDACL.exe 2006-07-19 21:33 40,960 C:\WINDOWS\system32\swsc.exe 2006-07-19 21:33 4,096 C:\WINDOWS\system32\reboot.exe 2006-07-19 21:33 38,400 C:\WINDOWS\system32\moveex.exe 2006-07-19 21:33 27,841 C:\clean.bat 2006-07-17 23:25 519,622,656 C:\hiberfil.sys 2006-07-12 19:27 499,712 C:\WINDOWS\system32\msvcp71.dll 2006-07-12 19:27 348,160 C:\WINDOWS\system32\msvcr71.dll 2006-07-10 19:29 14,848 C:\WINDOWS\system32\protector.exe.ren.ren 2006-06-11 22:21 109,568 C:\WINDOWS\system32\pxinsi64.exe 2006-06-11 22:21 108,544 C:\WINDOWS\system32\pxcpyi64.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "S3hotkey"="S3hotkey.exe" "WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe" "Motive SmartBridge"="C:\\PROGRA~1\\ntl\\BROADB~1\\SMARTB~1\\MotiveSB.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "MailScan Dispatcher"="\"C:\\Program Files\\eScan\\LAUNCH.EXE\"" "eScan Updater"="C:\\PROGRA~1\\eScan\\TRAYICOS.EXE /App" "eScan Monitor"="C:\\PROGRA~1\\eScan\\AVPMWrap.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "UnHackMe Monitor"="C:\\Program Files\\UnHackMe\\hackmon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" Contents of the 'Scheduled Tasks' folder Completion time: 21/07/2006 18:20:36.86 ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt ComboFix.2006-07-20.142840.txt ComboFix.2006-07-21.181948.txt
  5. here is the log after i cleaned -------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 11:08:13 21/07/2006 + Scan result: C:\Program Files\eScan\scaninst.exe -> Heuristic.Win32.AVKiller : Ignored. :mozilla.62:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.63:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.13:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.48:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.46:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.14:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.58:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.59:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.60:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.47:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.55:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end
  6. Here is an ewido report, i ran it this morning and thought i would post it. i have deleted what it found. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 11:05:19 21/07/2006 + Scan result: C:\Program Files\eScan\scaninst.exe -> Heuristic.Win32.AVKiller : No action taken. :mozilla.62:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Adtech : No action taken. :mozilla.63:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Adtech : No action taken. :mozilla.13:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.15:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.16:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.48:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Atdmt : No action taken. :mozilla.46:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Com : No action taken. :mozilla.14:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken. :mozilla.58:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.59:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.60:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.47:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken. :mozilla.55:C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla\Firefox\Profiles\261knj8v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. ::Report end
  7. I posted those files for you ... i have already changed all my passwords to my different accounts with a different computer and i havent put any of the new ones into this computer.
  8. no problem Logfile of HijackThis v1.99.1 Scan saved at 23:00:14, on 20/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\eScan\TRAYSSER.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\eScan\avpm.exe C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\S3hotkey.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\eScan\TRAYICOS.EXE C:\PROGRA~1\eScan\MAILDISP.EXE C:\PROGRA~1\eScan\AVPMWrap.EXE C:\Program Files\UnHackMe\hackmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\PROGRA~1\eScan\MAILSCAN.EXE C:\PROGRA~1\ESCAN\SPOOLER.EXE C:\PROGRA~1\eScan\kavss.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\PROGRA~1\eScan\AvpM.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\niall mclaughlin\Desktop\Adware stuff\Hijack download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [s3hotkey] S3hotkey.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE" O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.northernbank.co.uk/html/ac...B/e-Safekey.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
  9. ok i attached it as a text document on the other forum.
  10. I cant access it on microsoft ie either
  11. Unable to connect Firefox can't establish a connection to the server at www.kaspersky.com. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
  12. http://www.kaspersky.com/virusscanner That page isnt responding at the minute. I will keep trying it, can you access it?
  13. Morning Jane, Here is the ComboFix Log.... I will do the other scan now To answer your question. I dont think i have anything like that downloaded, i have never heard of it. Start Time= 20/07/2006 14:28:40.61 Running from: C:\Documents and Settings\niall mclaughlin\Desktop\Adware stuff QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-19 21:33:00 ( .D... ) "C:\Program Files\HaxFix" 2006-07-19 09:35:46 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-18 20:15:14 ( .D... ) "C:\Program Files\UnHackMe" 2006-07-14 22:14:38 27841 ( A.... ) "C:\clean.bat" 2006-07-12 19:42:42 ( .D... ) "C:\Program Files\CCleaner" 2006-07-12 19:27:48 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\AVG7" 2006-07-12 19:27:34 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll" 2006-07-12 19:27:34 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll" 2006-07-12 19:27:12 ( .D... ) "C:\Program Files\Grisoft" 2006-07-10 19:32:34 6912 ( A.... ) "C:\WINDOWS\system32\ddirectxt.sys" 2006-07-10 19:32:34 6912 ( A.... ) "C:\WINDOWS\system32\ddirectxt.sys" 2006-07-10 19:29:22 19840 ( A.... ) "C:\WINDOWS\system32\ntio256.sys" 2006-07-10 19:29:22 19840 ( A.... ) "C:\WINDOWS\system32\ntio256.sys" 2006-07-10 19:26:12 372 ( A.... ) "C:\WINDOWS\system32\3584.exe" 2006-07-06 16:47:58 ( .D... ) "C:\Program Files\Lavasoft" 2006-07-04 20:40:12 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\Lavasoft" 2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-11 22:20:56 ( .D... ) "C:\Program Files\DivX" 2006-06-08 12:38:28 ( .D... ) "C:\Program Files\QuickTime" 2006-06-08 12:35:46 ( .D... ) "C:\Program Files\iTunes" 2006-06-04 10:28:18 ( .D... ) "C:\Documents and Settings\niall mclaughlin\Application Data\Mozilla" 2006-06-04 10:28:16 ( .D... ) "C:\Program Files\Mozilla Firefox" 2006-06-01 23:11:08 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe" 2006-06-01 23:11:08 108544 ( ..... ) "C:\WINDOWS\system32\pxcpyi64.exe" 2006-06-01 23:10:26 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll" 2006-06-01 23:09:58 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll" 2006-06-01 23:09:58 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll" 2006-06-01 23:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll" 2006-06-01 23:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll" 2006-06-01 23:09:58 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll" 2006-06-01 23:09:58 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll" 2006-06-01 23:09:58 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll" 2006-06-01 23:09:58 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll" 2006-06-01 23:07:46 536576 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe" 2006-06-01 23:07:38 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll" 2006-06-01 23:07:38 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll" 2006-06-01 23:07:34 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll" 2006-06-01 23:07:00 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll" 2006-06-01 23:06:58 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll" 2006-06-01 23:06:58 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll" 2006-06-01 23:06:58 619156 ( A.... ) "C:\WINDOWS\system32\DivX.dll" 2006-06-01 23:06:34 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe" 2006-06-01 23:06:34 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\WdfMgr.exe" 2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\uWDF.exe" 2006-05-09 22:26:34 7706112 ( A.... ) "C:\WINDOWS\system32\wmploc.dll" 2006-05-09 22:26:34 1641472 ( A.... ) "C:\WINDOWS\system32\wmpencen.dll" 2006-05-09 22:26:34 1280000 ( A.... ) "C:\WINDOWS\system32\WMSPDMOE.dll" 2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll" 2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\WMNetMgr.dll" 2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\WMADMOD.dll" 2006-05-09 22:26:34 564736 ( A.... ) "C:\WINDOWS\system32\WMSPDMOD.dll" 2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll" 2006-05-09 22:26:34 417280 ( A.... ) "C:\WINDOWS\system32\wmdrmdev.dll" 2006-05-09 22:26:34 337408 ( A.... ) "C:\WINDOWS\system32\wmdrmnet.dll" 2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll" 2006-05-09 22:26:34 301056 ( A.... ) "C:\WINDOWS\system32\wmpdxm.dll" 2006-05-09 22:26:34 267776 ( A.... ) "C:\WINDOWS\system32\Audiodev.dll" 2006-05-09 22:26:34 237056 ( A.... ) "C:\WINDOWS\system32\wmpasf.dll" 2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\WMASF.dll" 2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll" 2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll" 2006-05-09 22:26:34 203776 ( A.... ) "C:\WINDOWS\system32\wmpsrcwp.dll" 2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll" 2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll" 2006-05-09 22:26:34 155136 ( A.... ) "C:\WINDOWS\system32\wmidx.dll" 2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll" 2006-05-09 22:26:34 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll" 2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll" 2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll" 2006-05-09 22:26:34 26112 ( A.... ) "C:\WINDOWS\system32\MsPMSNSv.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVE.DLL" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVD.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmoe2.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wdfApi.dll" 2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll" 2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP4SDMOD.dll" 2006-05-09 22:26:34 4096 ( ..... ) "C:\WINDOWS\system32\MP43DMOD.dll" 2006-05-09 22:26:32 218112 ( A.... ) "C:\WINDOWS\system32\wmerror.dll" 2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll" 2006-05-09 22:26:32 7168 ( A.... ) "C:\WINDOWS\system32\asferror.dll" 2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll" 2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe" 2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll" 2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll" 2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll" 2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll" 2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll" 2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll" 2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll" 2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll" 2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll" 2006-05-09 21:00:08 382976 ( ..... ) "C:\WINDOWS\system32\MFPLAT.dll" 2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll" 2006-05-09 20:59:34 513536 ( ..... ) "C:\WINDOWS\system32\wmdrmsdk.dll" 2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll" 2006-05-09 20:59:18 229376 ( ..... ) "C:\WINDOWS\system32\drmupgds.exe" 2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll" 2006-05-09 20:58:54 3745280 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll" 2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll" 2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe" 2006-05-09 20:58:50 670208 ( A.... ) "C:\WINDOWS\system32\wpd_ci.dll" 2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll" 2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll" 2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll" 2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll" 2006-05-09 20:58:46 343552 ( A.... ) "C:\WINDOWS\system32\WPDSp.dll" 2006-05-09 20:58:40 144896 ( A.... ) "C:\WINDOWS\system32\wpdmtp.dll" 2006-05-09 20:58:40 55808 ( A.... ) "C:\WINDOWS\system32\wpdmtpus.dll" 2006-05-09 20:58:40 35840 ( A.... ) "C:\WINDOWS\system32\wpdconns.dll" 2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll" 2006-05-09 20:58:38 13312 ( A.... ) "C:\WINDOWS\system32\wpdtrace.dll" 2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll" 2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll" 2006-05-09 20:00:48 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-19 21:33 90,112 C:\WINDOWS\system32\RegDACL.exe 2006-07-19 21:33 40,960 C:\WINDOWS\system32\swsc.exe 2006-07-19 21:33 4,096 C:\WINDOWS\system32\reboot.exe 2006-07-19 21:33 38,400 C:\WINDOWS\system32\moveex.exe 2006-07-19 21:33 27,841 C:\clean.bat 2006-07-17 23:25 519,622,656 C:\hiberfil.sys 2006-07-12 19:27 499,712 C:\WINDOWS\system32\msvcp71.dll 2006-07-12 19:27 348,160 C:\WINDOWS\system32\msvcr71.dll 2006-07-10 19:32 6,912 C:\WINDOWS\system32\ddirectxt.sys 2006-07-10 19:29 19,840 C:\WINDOWS\system32\ntio256.sys 2006-07-10 19:26 372 C:\WINDOWS\system32\3584.exe 2006-06-11 22:21 109,568 C:\WINDOWS\system32\pxinsi64.exe 2006-06-11 22:21 108,544 C:\WINDOWS\system32\pxcpyi64.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "S3hotkey"="S3hotkey.exe" "WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe" "BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe" "Motive SmartBridge"="C:\\PROGRA~1\\ntl\\BROADB~1\\SMARTB~1\\MotiveSB.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "ÿ_zsknk_un]oqsfyonyn[niwmdksz_"="c:\\windows\\system32\\_zskdmwin[nynoyfsqo]nu_kn.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ÿ_zsknk_un]oqsfyonyn[niwmdksz_"="c:\\windows\\system32\\_zskdmwin[nynoyfsqo]nu_kn.exe" "UnHackMe Monitor"="C:\\Program Files\\UnHackMe\\hackmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "ÿ_zsknk_un]oqsfyonyn[niwmdksz_"="c:\\windows\\system32\\_zskdmwin[nynoyfsqo]nu_kn.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" Contents of the 'Scheduled Tasks' folder Completion time: 20/07/2006 14:29:08.72 ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt ComboFix.2006-07-20.142840.txt
  14. No problem Jane thanks so much for all your help!!! I am in Europe as well so we will be on the same time, I am Irish. Thanks again!!
  15. There was no infection found.... Here is HJT Logfile of HijackThis v1.99.1 Scan saved at 22:22:54, on 19/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\S3hotkey.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\UnHackMe\hackmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\niall mclaughlin\Desktop\Adware stuff\Hijack download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [s3hotkey] S3hotkey.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ÿ_zsknk_un]oqsfyonyn[niwmdksz_] c:\windows\system32\_zskdmwin[nynoyfsqo]nu_kn.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\RunServices: [ÿ_zsknk_un]oqsfyonyn[niwmdksz_] c:\windows\system32\_zskdmwin[nynoyfsqo]nu_kn.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ÿ_zsknk_un]oqsfyonyn[niwmdksz_] c:\windows\system32\_zskdmwin[nynoyfsqo]nu_kn.exe O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.northernbank.co.uk/html/ac...B/e-Safekey.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BZK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\NIALLM~1\LOCALS~1\Temp\BZK.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  16. HAXFIX logfile - by Marckie ______________ version 3.07 19/07/2006 21:33:27.32 checking for haxdoor -------------------- checking for a3d files.... a3d files not found checking for matching notify keys.... no matching notify keys found checking for matching services.... matching services found CmBatt checking for matching safeboot services.... no matching safeboot services found Checking for goldun ------------------- checking for notify keys.... no notify keys found checking for services.... ddirectxt
  17. here is result, it removed whatever it found last night i will try next tool now. Thanks CJ --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 21:29:38 19/07/2006 + Scan result: Nothing found. ::Report end
  18. Sorry i meant to say couldn't find it when i searched for the log
  19. I am sorry CJ i could find that log when i searched for it... so i ran it again this morning and it didnt show up with anything. I will scan it edwido again and post a log
  20. Any ideas today? is there anyone you know that could help me get rid of this?
  21. I ran ewido again this morning and it siad there was nothing found.
  22. I know this has turned in to a bigger problem that you thought. Thanks for all you patience
  23. Ewido did find some things but i saved the file and i dont know where it is
  24. HJT Logfile of HijackThis v1.99.1 Scan saved at 21:37:35, on 18/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\S3hotkey.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe C:\Program Files\UnHackMe\hackmon.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Do######ents and Settings\niall mclaughlin\Desktop\Adware stuff\Hijack download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O4 - HKLM\..\Run: [s3hotkey] S3hotkey.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ÿ_zsknk_un]oqsfyonyn[niwmdksz_] c:\windows\system32\_zskdmwin[nynoyfsqo]nu_kn.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\RunServices: [ÿ_zsknk_un]oqsfyonyn[niwmdksz_] c:\windows\system32\_zskdmwin[nynoyfsqo]nu_kn.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ÿ_zsknk_un]oqsfyonyn[niwmdksz_] c:\windows\system32\_zskdmwin[nynoyfsqo]nu_kn.exe O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?50999bcc6db0478f8ec160e942594214 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?50999bcc6db0478f8ec160e942594214 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.northernbank.co.uk/html/ac...B/e-Safekey.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BZK - Sysinternals - www.sysinternals.com - C:\DO######E~1\NIALLM~1\LOCALS~1\Temp\BZK.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe