Hi there,
Firstly, thanks for your help it really is much appreciated.
I completed the steps you laid out for me.
04-HKLM\..Run: [brvuzf] c:\windows\system32\subuflh.exe was not there.
I fix checked the two other items.
Also, my computer could not find:
c:\windows\tuckwg.exe
c:\windows\system32\subuflh.exe
Ewido found this:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 19:20:15, 19/05/2005
+ Report-Checksum: 4F87B5DE
+ Date of database: 19/05/2005
+ Version of scan engine: v3.0
+ Duration: 66 min
+ Scanned Files: 81588
+ Speed: 20.55 Files/Second
+ Infected files: 51
+ Removed files: 51
+ Files put in quarantine: 51
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@bannerspace[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@careers[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@gsmworld[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][1].txt -> SpSpyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@sitemeter[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\Cookies\jonathan may@35222379[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\i5.tmp -> TrojanDownloader.Totavel.a -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\ICD7.tmp\WinCtlAdX.dll -> Spyware.WinAD.f -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.hp -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\temp.fr60A5 -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temporary Internet Files\Content.IE5\OPY3CXY7\DrPMon[1].dll -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temporary Internet Files\Content.IE5\OTUVSX6F\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temporary Internet Files\Content.IE5\U1D2ZUXK\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078625.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078635.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078638.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078645.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078647.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078648.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078649.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078651.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078652.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078654.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078660.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078664.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078674.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078675.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078676.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078682.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll -> Spyware.WinAD.f -> Cleaned with backup
C:\WINDOWS\qggtrptbrze.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\SYSTEM32\evgsqb.exe -> Trojan.Agent.cp -> Cleaned with backup
::Report End
---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------
+ Created on: 19:30:25, 19/05/2005
+ Report-Checksum: F1BB44C9
0: System Process
4: System Process
364: \SystemRoot\System32\smss.exe
412: \??\C:\WINDOWS\system32\csrss.exe
436: \??\C:\WINDOWS\system32\winlogon.exe
480: C:\WINDOWS\system32\services.exe
492: C:\WINDOWS\system32\lsass.exe
496: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
608: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
644: C:\WINDOWS\system32\svchost.exe
676: C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
700: C:\WINDOWS\system32\svchost.exe
740: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
764: C:\WINDOWS\System32\svchost.exe
788: C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
804: C:\Program Files\USBToolbox\Res.EXE
824: C:\WINDOWS\System32\svchost.exe
860: C:\WINDOWS\System32\svchost.exe
872: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
896: C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
936: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
992: C:\Program Files\QuickTime\qttask.exe
1012: C:\Program Files\iTunes\iTunesHelper.exe
1028: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
1080: C:\Program Files\ewido\security suite\ewidoctrl.exe
1084: C:\WINDOWS\system32\ctfmon.exe
1188: C:\WINDOWS\system32\spoolsv.exe
1288: C:\WINDOWS\Explorer.EXE
1356: C:\Program Files\Realtek\Rtl8180\RtlWake.exe
1376: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
1432: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
1576: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
1644: C:\WINDOWS\System32\nvsvc32.exe
1684: C:\WINDOWS\System32\svchost.exe
1812: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
1944: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
2172: C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
2200: C:\Program Files\iPod\bin\iPodService.exe
2420: C:\WINDOWS\System32\alg.exe
2564: C:\Program Files\ewido\security suite\ewidoguard.exe
2968: C:\Program Files\ewido\security suite\securitysuite.exe
3284: C:\WINDOWS\system32\wuauclt.exe
3624: C:\Program Files\Internet Explorer\iexplore.exe
---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------
+ Created on: 19:30:34, 19/05/2005
+ Report-Checksum: B21C401
Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Reg\HKLM\Run DadApp C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
Reg\HKLM\Run AdaptecDirectCD C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Reg\HKLM\Run CookieWall C:\Program Files\AnalogX\CookieWall\cookie.exe
Reg\HKLM\Run SideWinderTrayV4 C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
Reg\HKLM\Run nwiz nwiz.exe /installquiet
Reg\HKLM\Run vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
Reg\HKLM\Run iamapp C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
Reg\HKLM\Run USB Storage Toolbox C:\Program Files\USBToolbox\Res.EXE
Reg\HKLM\Run EPSON Stylus Photo R300 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
Reg\HKLM\Run gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Reg\HKCU\Run MoneyAgent "C:\Program Files\Microsoft Money\System\Money Express.exe"
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Shell\CommonStartup RtlWake.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RtlWake.lnk
Second run
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 20:47:49, 19/05/2005
+ Report-Checksum: E81F49D7
+ Date of database: 19/05/2005
+ Version of scan engine: v3.0
+ Duration: 75 min
+ Scanned Files: 81611
+ Speed: 18.06 Files/Second
+ Infected files: 2
+ Removed files: 2
+ Files put in quarantine: 2
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078685.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078686.exe -> Spyware.BetterInternet -> Cleaned with backup
::Report End
---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------
+ Created on: 20:48:21, 19/05/2005
+ Report-Checksum: B8791FEC
0: System Process
4: System Process
364: \SystemRoot\System32\smss.exe
412: \??\C:\WINDOWS\system32\csrss.exe
436: \??\C:\WINDOWS\system32\winlogon.exe
480: C:\WINDOWS\system32\services.exe
492: C:\WINDOWS\system32\lsass.exe
496: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
608: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
644: C:\WINDOWS\system32\svchost.exe
676: C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
700: C:\WINDOWS\system32\svchost.exe
740: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
764: C:\WINDOWS\System32\svchost.exe
788: C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
804: C:\Program Files\USBToolbox\Res.EXE
824: C:\WINDOWS\System32\svchost.exe
860: C:\WINDOWS\System32\svchost.exe
872: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
896: C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
936: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
992: C:\Program Files\QuickTime\qttask.exe
1012: C:\Program Files\iTunes\iTunesHelper.exe
1028: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
1080: C:\Program Files\ewido\security suite\ewidoctrl.exe
1084: C:\WINDOWS\system32\ctfmon.exe
1188: C:\WINDOWS\system32\spoolsv.exe
1288: C:\WINDOWS\Explorer.EXE
1356: C:\Program Files\Realtek\Rtl8180\RtlWake.exe
1376: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
1432: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
1576: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
1644: C:\WINDOWS\System32\nvsvc32.exe
1684: C:\WINDOWS\System32\svchost.exe
1780: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
1812: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
1944: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
2172: C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
2200: C:\Program Files\iPod\bin\iPodService.exe
2420: C:\WINDOWS\System32\alg.exe
2564: C:\Program Files\ewido\security suite\ewidoguard.exe
2588: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
2968: C:\Program Files\ewido\security suite\securitysuite.exe
3284: C:\WINDOWS\system32\wuauclt.exe
3624: C:\Program Files\Internet Explorer\iexplore.exe
---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------
+ Created on: 20:48:38, 19/05/2005
+ Report-Checksum: 68BD499C
Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Reg\HKLM\Run DadApp C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
Reg\HKLM\Run AdaptecDirectCD C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Reg\HKLM\Run CookieWall C:\Program Files\AnalogX\CookieWall\cookie.exe
Reg\HKLM\Run SideWinderTrayV4 C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
Reg\HKLM\Run nwiz nwiz.exe /installquiet
Reg\HKLM\Run vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
Reg\HKLM\Run iamapp C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
Reg\HKLM\Run USB Storage Toolbox C:\Program Files\USBToolbox\Res.EXE
Reg\HKLM\Run EPSON Stylus Photo R300 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
Reg\HKLM\Run gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Reg\HKCU\Run MoneyAgent "C:\Program Files\Microsoft Money\System\Money Express.exe"
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Shell\CommonStartup RtlWake.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RtlWake.lnk
Logfile of HijackThis v1.99.1
Scan saved at 20:49:23, on 19/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Program Files\USBToolbox\Res.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\securitysuite.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Jonathan May\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.euro.dell...gen/default.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bbc.co.uk/newsR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.euro.dell...gen/default.htmO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) -
https://webresponse....eX/FileXfer.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
Thank you for your continued help,
Jonny May.