I think I managed to fix this now by using starter (
http://www.simtel.ne...ad.php?id=57830)
to remove all references to csrss.exe in my startup process. (unlike msconfig it ran!)
I rebooted and ran spybot again with sucess.
Everything seems to run fine now.
I've included my Hijack This just in case you can spot something.
Thanks mega...
Logfile of HijackThis v1.99.1
Scan saved at 1:45:53 PM, on 6/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Vet\isafe.exe
C:\WINDOWS\system32\GMTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Vet\VetTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\FLY2000TV\Fly2000TV.exe
C:\Program Files\FLY2000TV\FlyAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Vet\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dad\My Documents\Important Stuff\Trojan Defense\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB001" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Fly 2000 TV.lnk = C:\Program Files\FLY2000TV\Fly2000TV.exe
O4 - Startup: FlyAgent.lnk = C:\Program Files\FLY2000TV\FlyAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...l_v1-0-3-24.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1094293093343O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FA805EE3-E0B4-4662-B0C8-E76DCFB85D46}: NameServer = 203.134.24.70 203.134.26.70
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: GMT-Service - Unknown owner - C:\WINDOWS\system32\GMTService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe