Right heres what I have for you:
HJT LogLogfile of HijackThis v1.99.1
Scan saved at 09:50:22, on 29/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Liam\My Documents\Unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.geekstogo.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://cavio.cust.vaioni.com/registerR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
http://www.uclan.ac....mote/wficat.cabO16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
http://gamingzone.ub...s/GSManager.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by102fd.bay10...es/MsnPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1122311688328O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
http://appdirectory....sharingctrl.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://by109fd.bay10...ex/HMAtchmt.ocxO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 09:36:32, 29/09/2005
+ Report-Checksum: F2BC3319
+ Scan result:
C:\WINDOWS\system32\msudp4.sys -> TrojanSpy.Goldun.bf : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K5A7052J\p5e[1].jpg -> Backdoor.IRCBot.ex : Cleaned with backup
C:\Documents and Settings\Liam\Local Settings\Temp\Cookies\liam@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Liam\Local Settings\Temp\Cookies\
[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Liam\Local Settings\Temp\Cookies\liam@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Liam\Local Settings\Temp\dima2.exe -> TrojanDropper.Agent.py : Cleaned with backup
C:\Documents and Settings\Liam\My Documents\Unzipped\hijackthis\backups\backup-20050907-155015-399.dll -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Liam\Cookies\liam@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Liam\Cookies\
[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Liam\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Liam\Cookies\liam@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Liam\Cookies\
[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Liam\Cookies\liam@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Liam\Cookies\liam@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\SpySheriff -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\Uninstall.exe -> Spyware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP185\A0079862.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP185\A0079863.EXE -> Backdoor.Delf.ach : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP185\A0079864.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP185\A0079865.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP185\A0079866.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP188\A0091030.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP188\A0091031.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP199\A0107757.EXE -> Backdoor.Small.eo : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP199\A0108670.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP199\A0108671.dll -> TrojanSpy.Goldun.bp : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP199\A0108672.exe -> TrojanProxy.Lager.x : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP199\A0108673.exe -> Worm.Bagz.m : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP199\A0108674.exe -> Backdoor.IRCBot.ex : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP199\A0110678.dll -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP199\A0110679.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{C39DF4B0-C3CF-475F-9C39-C9F173F17665}\RP199\A0110696.exe -> Adware.SpySheriff : Cleaned with backup
C:\optix.exe -> Backdoor.Optix.Pro.13 : Cleaned with backup
C:\winstall.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\winld32.dll -> TrojanDownloader.Small.anu : Cleaned with backup
::Report End
ActiveScan:
Incident Status Location
Virus:W32/Gaobot.gen.worm Disinfected C:\WINDOWS\system32\scvhost.exe
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\osconfig.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\?ttrib.exe
Adware:Adware/Startpage.AIR No disinfected C:\WINDOWS\system32\paytime.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\gihtxawzfa.html
Adware:adware/ilookup No disinfected C:\WINDOWS\system32\xbox_round1.bmp
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\system32\InstallerV3.exe
Virus:W32/Gaobot.KJD.worm Disinfected C:\WINDOWS\system32\Windows.exe
Virus:W32/Gaobot.gen.worm Disinfected C:\WINDOWS\system32\hardcore1.exe
Virus:Trj/Downloader.FAW Disinfected C:\WINDOWS\loadnew.exe
Possible Virus. No disinfected C:\WINDOWS\kl.exe
Virus:Trj/Downloader.EUY Disinfected C:\WINDOWS\tool1.exe
Virus:Trj/Multidropper.AUQ Disinfected C:\WINDOWS\tool3.exe
Adware:adware/antivirus-gold No disinfected C:\WINDOWS\desktop.html
Virus:Trj/Qhost.CG Disinfected C:\WINDOWS\hosts
Adware:Adware/Beginto No disinfected C:\Documents and Settings\Liam\My Documents\Unzipped\runescape cheats\Self Extracting.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Liam\My Documents\Unzipped\hijackthis\backups\backup-20050907-155015-741.dll
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Liam\My Documents\Unzipped\hijackthis\backups\backup-20050928-172741-871.dll
Possible Virus. No disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
Adware:Adware/PurityScan No disinfected C:\Program Files\rbra\ehri.exe
I still cant change my desktop picture from the warning sign:(