• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
daveturnbull

search engine hijack

30 posts in this topic

My search engine keeps redirecting me to other sites and not the ones i have clicked on. my virus checker has also been removed.

 

here is a copy of my log file, can anyone help?

 

Logfile of HijackThis v1.99.1

Scan saved at 17:57:10, on 17/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Inventel\Gateway\wlancfg.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\AviCodecEX\mstss.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\system32\DllHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

O2 - BHO: SysMon Class - {D5EFDB0E-4F51-414F-B740-54A5C87A8957} - C:\DOCUME~1\DAVIDT~1\LOCALS~1\Temp\accute.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P35 "EPSON Stylus CX3600 Series (Copy 1)" /O6 "USB001" /M "Stylus CX3600"

O4 - HKLM\..\Run: [mstss] C:\Program Files\AviCodecEX\mstss.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Share this post


Link to post
Share on other sites

Hello,daveturnbull & Welcome

 

 

Download ATF (Atribune Temp File) Cleaner© by Atribune

 

Download and Install AVG Anti-Spyware© by Grisoft

 

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.

The program will now go to the main screen

You will need to update AVG Anti-Spyware to the latest definition files.

On the main screen select the icon Update then select the Update now link

Next select the Start Update button, the update will start and a progress bar will show the updates being installed.

Close AVG Anti-Spyware

 

( Do not run them just YET )

 

 

Reboot to Safe mode

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load

If done right a Windows Advanced Options menu will appear.

Select the Safe Mode option and press Enter

 

Run ATF Cleaner

Double-click ATF Cleaner.exe

Under Main choose: Select All

Click the Empty Selected button.

Click Exit on the Main menu to close the program

 

Run AVG Anti-Spyware

Click on Scanner at top

Click on Settings

Once in the Settings screen click on Recommended actions and then select Quarantine

Under Reports, Select Automatically generate report after every scan

Un-Select Only if threats were found

Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan

AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time

Once the scan is complete do the following :

If you have any infections you will prompted, then select Apply all actions

Next select the Reports icon at the top.

Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Now close AVG Anti-Spyware

 

Reboot into Normal Mode

 

 

show us a new HijackThis logfile and the AVG anti-spyware logfile.

 

Gogo ;)

Share this post


Link to post
Share on other sites

i tried this but did not work, it did pick up some high risk stuff which nothing else picked up, however the same problem still occurs.

 

any suggestions?

Share this post


Link to post
Share on other sites

Hi,daveturnbull

 

Well yes show us new HijackThis logfile. :)

 

Gogo ;)

Share this post


Link to post
Share on other sites

my new log, thank you for your help,

 

Logfile of HijackThis v1.99.1

Scan saved at 21:04:59, on 19/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Inventel\Gateway\wlancfg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\DllHost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Share this post


Link to post
Share on other sites

Hey,daveturnbull

 

Sorry to say that's not all of the logfile or did you get

fix happy here feedback please.

 

Gogo ;)

Share this post


Link to post
Share on other sites

yes i got fix happy and just deleted everything from hijackthis, so that is my latest file, have i made a big mistake?

Share this post


Link to post
Share on other sites

Hi,daveturnbull

 

Hmm ok how can i put this YES it makes it hard to know where we

are on this so do this for me please.

 

 

Please download ComboFix and save it to your desktop.

 

Double click combofix.exe and follow the prompts.

 

When it's done running it will produce a log for you. Please post that log in your next reply.

 

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

 

 

Please do not fix anything more till asked to do so.

 

Gogo :wub:

Share this post


Link to post
Share on other sites

sorry for late reply ive been away from my laptop over the new year period. i have done as you said and the log file is below.

 

hope this helps to find the problem

 

thank you again.

 

David Turnbull - 07-01-05 16:04:38.68 Service Pack 2

ComboFix 06.11.27 - Running from: "C:\Documents and Settings\David Turnbull\Desktop"

 

((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))

 

 

2006-12-18 20:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2006-12-18 20:40 <DIR> d-------- C:\Program Files\Grisoft

2006-12-17 20:59 <DIR> d-------- C:\Program Files\Trend Micro

2006-12-15 19:53 <DIR> d-------- C:\Program Files\Common Files\iS3

2006-12-15 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZILLAbar

2006-12-15 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!

2006-12-13 18:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2006-12-13 18:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2006-12-13 18:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2006-12-13 15:31 <DIR> d-------- C:\Program Files\Common Files\ODBC

2006-12-13 15:08 <DIR> d-------- C:\Program Files\Windows Defender

2006-12-13 11:29 <DIR> d-------- C:\Program Files\Yahoo!

2006-12-13 09:53 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2006-12-10 22:15 <DIR> d-------- C:\Program Files\Common Files\Companion Wizard

2006-12-10 22:09 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll

2006-12-10 20:59 <DIR> d-------- C:\Program Files\AviCodecEX

2006-12-06 15:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2006-12-06 15:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2006-12-06 15:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-15 19:53 -------- d-------- C:\Program Files\Common Files

2006-12-13 15:32 -------- d-------- C:\Program Files\Outlook Express

2006-12-13 15:32 -------- d-------- C:\Program Files\Common Files\System

2006-12-13 10:08 -------- d-------- C:\Program Files\Windows Media Player

2006-12-13 10:08 -------- d-------- C:\Program Files\QuickTime

2006-12-13 10:08 -------- d-------- C:\Program Files\MSN

2006-12-13 10:03 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-12-13 10:01 -------- d-------- C:\Documents and Settings\David Turnbull\Application Data\Macromedia

2006-12-13 09:59 -------- d-------- C:\Program Files\HTML Help Workshop

2006-12-13 09:52 -------- d-------- C:\Program Files\Common Files\DESIGNER

2006-12-10 22:22 -------- d-------- C:\Program Files\Internet Explorer

2006-12-10 22:16 704 --a------ C:\Documents and Settings\David Turnbull\Application Data\update.log

2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-07 21:03 6049280 --a------ C:\WINDOWS\system32\ieframe.dll

2006-11-07 21:03 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll

2006-11-07 21:03 458752 --a------ C:\WINDOWS\system32\msfeeds.dll

2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll

2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll

2006-11-07 21:03 180736 --a------ C:\WINDOWS\system32\ieui.dll

2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll

2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll

2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll

2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll

2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll

2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe

2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll

2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll

2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll

2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll

2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe

2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe

2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll

2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll

2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll

2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll

2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll

2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll

2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll

2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll

2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll

2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll

2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll

2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll

2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll

2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll

2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll

2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll

2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll

2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll

2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll

2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll

2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll

2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll

2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll

2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll

2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll

2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll

2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll

2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll

2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll

2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll

2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll

2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll

2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll

2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll

2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll

2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll

2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll

2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll

2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll

2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll

2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll

2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll

2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll

2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll

2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll

2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll

2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll

2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll

2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll

2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll

2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll

2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll

2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll

2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll

2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll

2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll

2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe

2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe

2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe

2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll

2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll

2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe

2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll

2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll

2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll

2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll

2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe

2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll

2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll

2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe

2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll

2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

2006-10-13 12:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll

2006-10-13 12:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll

2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P26 \"EPSON Stylus CX3600 Series\" /M \"Stylus CX3600\" /EF \"HKCU\""

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]

@=""

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\

00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\

00,00,04,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\

00,00,01,00,00,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"Btn_Back"=dword:00000000

"Btn_Forward"=dword:00000000

"Btn_Stop"=dword:00000000

"Btn_Refresh"=dword:00000000

"Btn_Home"=dword:00000000

"Btn_Search"=dword:00000000

"Btn_History"=dword:00000000

"Btn_Favorites"=dword:00000000

"Btn_Media"=dword:00000000

"Btn_Folders"=dword:00000000

"Btn_Fullscreen"=dword:00000000

"Btn_Tools"=dword:00000000

"Btn_MailNews"=dword:00000000

"Btn_Size"=dword:00000000

"Btn_Print"=dword:00000000

"Btn_Edit"=dword:00000000

"Btn_Discussions"=dword:00000000

"Btn_Cut"=dword:00000000

"Btn_Copy"=dword:00000000

"Btn_Paste"=dword:00000000

"Btn_Encoding"=dword:00000000

"Btn_PrintPreview"=dword:00000000

"NoActiveDesktop"=dword:00000000

"NoInternetIcon"=dword:00000000

"NoNetHood"=dword:00000000

"NoDesktop"=dword:00000000

"NoFavoritesMenu"=dword:00000000

"NoFind"=dword:00000000

"NoRun"=dword:00000000

"NoSetActiveDesktop"=dword:00000000

"NoWindowsUpdate"=dword:00000000

"NoChangeStartMenu"=dword:00000000

"NoFolderOptions"=dword:00000000

"NoRecentDocsMenu"=dword:00000000

"NoRecentDocsHistory"=dword:00000000

"ClearRecentDocsOnExit"=dword:00000000

"NoLogoff"=dword:00000000

"NoClose"=dword:00000000

"NoSetFolders"=dword:00000000

"NoSetTaskbar"=dword:00000000

"NoTrayContextMenu"=dword:00000000

"NoFileMenu"=dword:00000000

"NoViewContextMenu"=dword:00000000

"EnforceShellExtensionSecurity"=dword:00000000

"LinkResolveIgnoreLinkInfo"=dword:00000000

"NoDrives"=dword:00000000

"NoNetConnectDisconnect"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoMSAppLogo5ChannelNotify"=dword:00000000

"NoToolbarCustomize"=dword:00000000

"NoBandCustomize"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"

"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"

"item"="Kodak EasyShare software"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\KODAK Software Updater.lnk"

"backup"="C:\\WINDOWS\\pss\\KODAK Software Updater.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "

"item"="KODAK Software Updater"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DataLayer"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="UpdaterUI"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LaunchApplication"

"hkey"="HKLM"

"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SHSTAT"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20061218-222855-250

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

backup-20061218-222855-244

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

backup-20061218-222855-316

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

backup-20061218-222855-381

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

backup-20061218-222855-914

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

backup-20061218-222854-927

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

backup-20061218-222853-480

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

backup-20061218-222853-305

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

backup-20061218-222853-860

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

backup-20061217-185654-421

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

backup-20061217-185654-511

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

backup-20061217-185654-618

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

backup-20061217-185654-774

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

backup-20061217-185654-831

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

backup-20061217-185654-744

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

backup-20061217-185654-222

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

backup-20061217-185654-632

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

backup-20061217-185653-495

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

backup-20061217-185654-939

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

backup-20061217-185653-684

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab

backup-20061217-185652-353

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab

backup-20061217-185652-644

O11 - Options group: [iNTERNATIONAL] International*

backup-20061217-185652-361

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

backup-20061217-185651-255

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

backup-20061217-185651-186

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20061217-185651-758

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20061217-185651-158

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

backup-20061217-185651-493

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

backup-20061217-185651-450

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

backup-20061217-185650-914

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

backup-20061217-185650-710

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P35 "EPSON Stylus CX3600 Series (Copy 1)" /O6 "USB001" /M "Stylus CX3600"

backup-20061217-185650-887

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"

backup-20061217-185650-756

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

backup-20061217-185650-478

O2 - BHO: SysMon Class - {D5EFDB0E-4F51-414F-B740-54A5C87A8957} - C:\DOCUME~1\DAVIDT~1\LOCALS~1\Temp\accute.dll

backup-20061217-185650-826

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

backup-20061217-185342-936

O4 - HKLM\..\Run: [mstss] C:\Program Files\AviCodecEX\mstss.exe

backup-20061217-185342-716

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

backup-20061217-185342-488

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://theonlybookmark.com/in.cgi?20

backup-20061216-071733-726

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

backup-20061216-071733-636

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

backup-20061216-071733-946

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

backup-20061216-071733-538

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080

backup-20061215-210600-526

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

backup-20061215-210600-921

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

backup-20061215-210600-340

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

backup-20061215-210600-596

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\MP Scheduled Scan.job

 

Completion time: 07-01-05 16:05:38.12

C:\ComboFix.txt ... 07-01-05 16:05

Share this post


Link to post
Share on other sites

Hi,daveturnbull

 

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

 

And show me new HijackThis logfile.

 

 

Gogo :o

Share this post


Link to post
Share on other sites

did as you said, the list is below.

 

Ad-Aware SE Personal

Adobe Acrobat 4.0

Adobe Flash Player 9

AVG Anti-Spyware 7.5

CardRd81

CCScore

Companion wizard

CR2

eBook Pro Viewer 5.54

EPSON Printer Software

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

essvcpt

ESSvpaht

ESSvpot

Garmin POI Loader

Garmin WebUpdater

HijackThis 1.99.1

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

iTunes

J2SE Runtime Environment 5.0 Update 1

Java 2 Runtime Environment Standard Edition v1.3.1_01

Java 2 Runtime Environment, SE v1.4.0

Java 2 SDK, SE v1.4.0

Java Web Start

Kodak EasyShare software

KSU

LimeWire 4.12.6

McAfee VirusScan Enterprise

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visio Professional 2002 [English]

MSN Messenger 7.5

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

Nero OEM

Nokia Connectivity Cable Driver

Nokia PC Suite

Notifier

OfotoXMI

OTtBP

OTtBPSDK

Philips GoGear Digital Audio Player

PIF DESIGNER2.1

QuickTime

RealPlayer

Realtek AC'97 Audio

Risk II

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB926255)

SFR

SFR2

SHASTA

SKIN0001

SKINXSDK

SpeedTouch USB Software

Twyford Spec-Master

UniChrome Graphics Driver and Utilities

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

VIA Audio Driver Setup Program

VPRINTOL

Windows Defender

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

WinZip

WIRELESS

Share this post


Link to post
Share on other sites

Hi,daveturnbull

 

 

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

 

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

AviCodecEX

 

Note: Please that these items may need you to do a reboot to complete the Uninstall then please do so.

 

===========

 

View hidden files and folders:

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

===========

 

Run HijackThis

Scan and when it finishes, put a check mark only next to these following items : (if present)

 

O2 - BHO: SysMon Class - {D5EFDB0E-4F51-414F-B740-54A5C87A8957} - C:\DOCUME~1\DAVIDT~1\LOCALS~1\Temp\accute.dll

 

O4 - HKLM\..\Run: [mstss] C:\Program Files\AviCodecEX\mstss.exe

 

These two items here if not put in place by you or Admins of PC fix them.

NOTE: please some software like Spybot will add this restriction

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

 

Close all browsers and any open Windows, making sure that only HijackThis is open

Click Fix Checked

Close HijackThis

 

===========

 

Restart your computer in Safe Mode.

  1. If the computer is running, shut down Windows, and then turn off the power.
  2. Wait 30 seconds, and then turn the computer on.
  3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  4. Ensure that the Safe Mode option is selected.
  5. Press Enter. The computer then begins to start in Safe Mode.
  6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

 

===========

 

Next, please find and delete the following files/folders (if present):

C:\Program Files\AviCodecEX\<---This folder

C:\DOCUME~1\DAVIDT~1\LOCALS~1\Temp\<--Clean out this folder but do not delete the folder it's self.

 

==============

 

Clean out your Temporary Internet files.

Internet Explorer

Close Internet Explorer and close any instances of Windows Explorer.

Click Start -> Control Panel and then double-click Internet Options.

On the General tab, click Delete Files under Temporary Internet Files.

In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.

On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.

Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.

Click OK.

 

Firefox (In case you also have Firefox installed)

Open Firefox and go to Tools -> Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Cache).

Click OK to close the Options window.

Alternatively, you can clear all information stored while browsing by clicking Clear All.

A confirmation dialog box will be shown before clearing the information.

 

 

Now Restart in Normal Mode show me one more logfile and till me how PC is doing.

 

Gogo :)

Share this post


Link to post
Share on other sites

This is the new log file, i deleted the files in safe mode but couldnt find anything in the add/remove. when i cleared out the second file there was 2 files that would not delete they were Df227c.tmp and dfd61.tmp. My search engine is still the same though, it continues to send me to other sites. is there anything else i can try or am i going to have to do a full reboot and reinstall windows?

 

 

Ad-Aware SE Personal

Adobe Acrobat 4.0

Adobe Flash Player 9

AVG Anti-Spyware 7.5

CardRd81

CCScore

Companion wizard

CR2

eBook Pro Viewer 5.54

EPSON Printer Software

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

essvcpt

ESSvpaht

ESSvpot

Garmin POI Loader

Garmin WebUpdater

HijackThis 1.99.1

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

iTunes

J2SE Runtime Environment 5.0 Update 1

Java 2 Runtime Environment Standard Edition v1.3.1_01

Java 2 Runtime Environment, SE v1.4.0

Java 2 SDK, SE v1.4.0

Java Web Start

Kodak EasyShare software

KSU

LimeWire 4.12.6

McAfee VirusScan Enterprise

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visio Professional 2002 [English]

MSN Messenger 7.5

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

Nero OEM

Nokia Connectivity Cable Driver

Nokia PC Suite

Notifier

OfotoXMI

OTtBP

OTtBPSDK

Philips GoGear Digital Audio Player

PIF DESIGNER2.1

QuickTime

RealPlayer

Realtek AC'97 Audio

Risk II

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB926255)

SFR

SFR2

SHASTA

SKIN0001

SKINXSDK

SpeedTouch USB Software

Twyford Spec-Master

UniChrome Graphics Driver and Utilities

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

VIA Audio Driver Setup Program

VPRINTOL

Windows Defender

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

WinZip

WIRELESS

Share this post


Link to post
Share on other sites

Hi,daveturnbull

 

Ok when you did the above fix did you try and reset your web settings in IE

and where is it that the search engine is sending you to.

 

Gogo ;)

Share this post


Link to post
Share on other sites

yes i reset the web settings.

 

The search engine sends me to either another search engine, or ebay, or a loan website etc. it does use the same ones over again.

 

its very frustrating when using a search engine.

Share this post


Link to post
Share on other sites

Hi,daveturnbull

 

Sorry about the hold-up on this

 

lit's try something here see what if anything happens

 

Go here-->C:\WINDOWS\SYSTEM32\DRIVERS\ETC

 

and look for the hosts files and rename it hosts.old

 

reboot then see if the same thing happens if still the same

go back and again rename to hosts.

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

my file is already named host.old, this is because i did what you said when the problem first happened. i never changed it back though.

 

No need to be sorry for hold up, i am very grateful for your time on this.

Share this post


Link to post
Share on other sites

Hi,daveturnbull

 

Do this for me please

 

 

Download and Save blacklight to your desktop.

F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml

Double-click blbeta.exe then accept the agreement.

click > scan then > next,

You'll see a list of all items found - if found, so don't worry it tells that there were no files found.

In case hidden files were found, Don't choose for rename yet! I want to see the log first, because legit items can also be present there...

There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)

Post the contents of the log in your next reply.

 

 

and also

 

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, the Advanced Options Menu should appear;

Select the first option, to run Windows in Safe Mode, then press Enter.

Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

There was a hidden file, log is below. just going to do second part now in safe mode.

 

 

01/08/07 19:58:53 [info]: BlackLight Engine 1.0.55 initialized

01/08/07 19:58:53 [info]: OS: 5.1 build 2600 (Service Pack 2)

01/08/07 19:58:54 [Note]: 7019 4

01/08/07 19:58:54 [Note]: 7005 0

01/08/07 19:58:58 [Note]: 7006 0

01/08/07 19:58:58 [Note]: 7011 1580

01/08/07 19:58:59 [Note]: 7026 0

01/08/07 19:58:59 [Note]: 7026 0

01/08/07 19:59:08 [Note]: FSRAW library version 1.7.1021

01/08/07 20:05:35 [info]: Hidden file: c:\WINDOWS\system32\kdeoa.exe

01/08/07 20:05:35 [Note]: 7002 32

01/08/07 20:05:35 [Note]: 7003 1

01/08/07 20:05:35 [Note]: 10002 1

01/08/07 20:10:53 [Note]: 7007 0

Share this post


Link to post
Share on other sites

Completed second part log file below

 

 

SDFix: Version 1.57

****************

 

08/01/2007 - 20:23:09.55

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Stage One - Safe Mode

 

Checking Services...

 

Service Name:

 

 

File Path:

 

 

 

 

Starting Registry Repairs...

 

Restoring Default Hosts File...

 

Stage One Complete

 

Rebooting...

 

Stage Two - Normal Mode

 

Checking For Malware:

--------------------

 

 

Backing Up and Removing any Files Found...

 

Alternate Stream Check:

 

C:\WINDOWS\system32

No streams found.

Final Check:

 

Remaining Services:

------------------

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser"

"C:\\j2sdk1.4.0\\jre\\bin\\java.exe"="C:\\j2sdk1.4.0\\jre\\bin\\java.exe:*:Enabled:java"

"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Disabled:Framework Service"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

Checking for files with Hidden Attributes:

 

C:\NTDETECT.COM

C:\WINDOWS\system32\clbcatq.dll

C:\WINDOWS\system32\msvbvm60.dll

C:\WINDOWS\system32\rpcrt4.dll

C:\WINDOWS\system32\cdplayer.exe.manifest

C:\WINDOWS\system32\logonui.exe.manifest

C:\IO.SYS

C:\MSDOS.SYS

C:\pagefile.sys

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

 

FINISHED!

Share this post


Link to post
Share on other sites

Log file from hijackthis

 

Ad-Aware SE Personal

Adobe Acrobat 4.0

Adobe Flash Player 9

AVG Anti-Spyware 7.5

CardRd81

CCScore

Companion wizard

CR2

eBook Pro Viewer 5.54

EPSON Printer Software

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

essvcpt

ESSvpaht

ESSvpot

Garmin POI Loader

Garmin WebUpdater

HijackThis 1.99.1

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

iTunes

J2SE Runtime Environment 5.0 Update 1

Java 2 Runtime Environment Standard Edition v1.3.1_01

Java 2 Runtime Environment, SE v1.4.0

Java 2 SDK, SE v1.4.0

Java Web Start

Kodak EasyShare software

KSU

LimeWire 4.12.6

McAfee VirusScan Enterprise

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visio Professional 2002 [English]

MSN Messenger 7.5

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

Nero OEM

Nokia Connectivity Cable Driver

Nokia PC Suite

Notifier

OfotoXMI

OTtBP

OTtBPSDK

Philips GoGear Digital Audio Player

PIF DESIGNER2.1

QuickTime

RealPlayer

Realtek AC'97 Audio

Risk II

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB926255)

SFR

SFR2

SHASTA

SKIN0001

SKINXSDK

SpeedTouch USB Software

Twyford Spec-Master

UniChrome Graphics Driver and Utilities

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

VIA Audio Driver Setup Program

VPRINTOL

Windows Defender

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

WinZip

WIRELESS

Share this post


Link to post
Share on other sites

Hey,daveturnbull

 

 

Go to Jotti's malware scan

 

Copy and paste the following file path into the "File to upload & scan" box on the top of the page:

 

c:\WINDOWS\system32\kdeoa.exe

 

Click on the submit button. Please post the results in your next reply.

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

hijackthis log file

 

Ad-Aware SE Personal

Adobe Acrobat 4.0

Adobe Flash Player 9

AVG Anti-Spyware 7.5

CardRd81

CCScore

Companion wizard

CR2

eBook Pro Viewer 5.54

EPSON Printer Software

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

essvcpt

ESSvpaht

ESSvpot

Garmin POI Loader

Garmin WebUpdater

HijackThis 1.99.1

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

iTunes

J2SE Runtime Environment 5.0 Update 1

Java 2 Runtime Environment Standard Edition v1.3.1_01

Java 2 Runtime Environment, SE v1.4.0

Java 2 SDK, SE v1.4.0

Java Web Start

Kodak EasyShare software

KSU

LimeWire 4.12.6

McAfee VirusScan Enterprise

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visio Professional 2002 [English]

MSN Messenger 7.5

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

Nero OEM

Nokia Connectivity Cable Driver

Nokia PC Suite

Notifier

OfotoXMI

OTtBP

OTtBPSDK

Philips GoGear Digital Audio Player

PIF DESIGNER2.1

QuickTime

RealPlayer

Realtek AC'97 Audio

Risk II

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB926255)

SFR

SFR2

SHASTA

SKIN0001

SKINXSDK

SpeedTouch USB Software

Twyford Spec-Master

UniChrome Graphics Driver and Utilities

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

VIA Audio Driver Setup Program

VPRINTOL

Windows Defender

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

WinZip

WIRELESS

Share this post


Link to post
Share on other sites

tried doing what you said but this came up

 

"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

 

i turned off my firewall but same result.

Share this post


Link to post
Share on other sites

Hey,daveturnbull

 

 

Download The Avenger Copyright © Swandog46

You must extract avenger.exe to your desktop, before you run it.

 

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

 

 

Copy all the text contained in the code box below to your Clipboard.

NOTE: don't copy the word quote

 

Files to delete:

c:\WINDOWS\system32\kdeoa.exe

 

The above script is for this user only, if you need help please start your own thread.

 

Start the Avenger.

Under "Script file to execute" choose "Input Script Manually".

Click on the Magnifying Glass icon which will open a new window titled "View/edit script".

Paste the entire text in into this window.

Click done, now click on the Green Light

Answer "Yes" twice when prompted.

Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.

 

After the restart, it will create a log file that should open.

This log file will be located at C:\avenger.txt

 

Paste the contents of C:\avenger.txt into your reply along with a fresh HijackThis! log.

 

Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.

 

 

Then come back here with the log and feedback did it make it any better for us.

 

Gogo ;)

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0