Here's copy of the Mwav log...
File C:\PROGRA~1\MYWAY\MYBAR\1.BIN\MYBAR.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.c". Action Taken: No Action Taken.
File C:\PROGRA~1\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.c". Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mybar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mybar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mybar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Netzip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Netzip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Netzip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Netzip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyWay Search Assistant Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "RapidBlaster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "RapidBlaster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyWay Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "msbb Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Netzip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CscCtrl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\scribble.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\dot.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\mnature.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\hoverbot.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\will.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\powerpup.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\genius.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\BS96SE.EXE" refers to invalid object "D:\aamsstp\app\bs96se.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\WINDOWS\Application Data\Microsoft Web Folders\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\WINDOWS\Start Menu\Programs\Microsoft Office Tools\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Program Files\Common Files\Symantec Shared\LiveReg\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Program Files\Common Files\Symantec Shared\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\WINDOWS\All Users\Application Data\Symantec\Symantec Shared\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\WINDOWS\All Users\Application Data\Symantec\Symantec Shared\Log\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\WINDOWS\All Users\Application Data\Symantec\CommonClient\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\WINDOWS\Application Data\Symantec\Norton Internet Security\Log\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\WINDOWS\Application Data\Symantec\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\WINDOWS\Application Data\Symantec\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Program Files\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\WINDOWS\Start Menu\Programs\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Program Files\Common Files\Symantec Shared\Script Blocking\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\IDSDefs\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\IDS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\msoc.dll" refers to invalid object "C:\Program Files\MSOffice\Office". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\PROGRA~1\UMSDTO~1.33\MFC42.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\PROGRA~1\UMSDTO~1.33\MFC42.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\PROGRA~1\UMSDTO~1.33\MFC42.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A63D47D-1BA2-48ff-9955-31207899BE01}" refers to invalid object "C:\PROGRAM FILES\MCAFEE.COM\SHARED\MCINFO.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{340A0150-9DC7-11D3-9A01-005004677EF4}" refers to invalid object "C:\PROGRAM FILES\MCAFEE.COM\VSO\EDISK.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A73B6F3D-FD35-4992-AB4B-4AD729BB20E7}" refers to invalid object "C:\PROGRAM FILES\MCAFEE.COM\SHARED\MCINFO.EXE". Action Taken: No Action Taken.
Entry "HKCR\Equation" refers to invalid object "{00033000B-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\Serif.DrawPlus\shell\open\command" refers to invalid object "C:\PROGRA~1\SERIF\DP30\DRAWPLUS.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\HomeNetCore.SymHomeNetCore" refers to invalid object "{2A20B6AF-7CC0-4F0F-B3B7-073E7F1388A1}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.FWRuleEditor" refers to invalid object "{A8526C0D-7EBA-41C4-9906-153C23CBF5DB}". Action Taken: No Action Taken.
Entry "HKCR\ApplicationControlDispatch.ACDispatch" refers to invalid object "{81032241-A8EE-4E33-B549-B342500B54EB}". Action Taken: No Action Taken.
Entry "HKCR\ApplicationControlDispatch.AxAppListCtrl" refers to invalid object "{A0323174-B13B-4DD1-A3ED-4AF6B5DC5961}". Action Taken: No Action Taken.
Entry "HKCR\RLevel.NISSpam" refers to invalid object "{6E5DA949-AC9A-49A5-B6A0-CF46EAF0154A}". Action Taken: No Action Taken.
Entry "HKCR\NiSPlug.NISStatistics" refers to invalid object "{CAE323CC-7FE8-11D3-8B2D-005004D71BAF}". Action Taken: No Action Taken.
Entry "HKCR\NisLUCbk.CLuUrlCallback" refers to invalid object "{1C13629E-23C5-4A3F-AE92-2E6350ABDC81}". Action Taken: No Action Taken.
Entry "HKCR\NiSPlug.NISProduct2002" refers to invalid object "{CAE323C3-7FE8-11D3-8B2D-005004D71BAF}". Action Taken: No Action Taken.
Entry "HKCR\RLevel.NISReportingLevel" refers to invalid object "{75D7FC19-C634-4744-B4EC-A2D6BD06F9F0}". Action Taken: No Action Taken.
Entry "HKCR\FREInteg.FREIntegEx" refers to invalid object "{72E492DD-B841-4D9C-8EBC-3BAC9711F6E5}". Action Taken: No Action Taken.
Entry "HKCR\NiSPlug.NISSubscription" refers to invalid object "{CAE323C8-7FE8-11D3-8B2D-005004D71BAF}". Action Taken: No Action Taken.
Entry "HKCR\RLevel.NISBlockList" refers to invalid object "{FFB78858-77B5-419D-8869-31F0E6277DEB}". Action Taken: No Action Taken.
Entry "HKCR\RLevel.NISStatusInfo" refers to invalid object "{4CE39024-798E-4083-B8E2-1C259BCB9790}". Action Taken: No Action Taken.
Entry "HKCR\NiSPlug.NIS_NSW_IntegrationProduct" refers to invalid object "{7EB31067-0561-45cc-A9B7-765969B8A908}". Action Taken: No Action Taken.
Entry "HKCR\RLevel.SymMenu" refers to invalid object "{9AAFBC1A-209A-43C9-BD55-D9707B50315E}". Action Taken: No Action Taken.
Entry "HKCR\NisLUCbk.LUCallback" refers to invalid object "{3E4E1B8D-781C-11D3-9C30-00C04FB59D98}". Action Taken: No Action Taken.
Entry "HKCR\FREInteg.FREIntegrator" refers to invalid object "{7CA87530-E5EB-4B82-92DB-6299B2116A0A}". Action Taken: No Action Taken.
Entry "HKCR\RLevel.NISIDSSettings" refers to invalid object "{C18F8AA8-96E5-4D18-8886-1DEB82898E89}". Action Taken: No Action Taken.
Entry "HKCR\NiSPlug.NIS_NSW_IntegrationCategory" refers to invalid object "{733CC4B1-6650-4946-980F-825742701BB3}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.SystemLogEvent" refers to invalid object "{9A3F64E7-0EE3-4DF3-97BB-EAE83A31C49D}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.ActiveXAlertEvent" refers to invalid object "{2A50FA88-C106-4265-847A-2153CEC475B7}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.JavaAlertEvent" refers to invalid object "{CF0D1536-1E65-45AD-97A2-24753EA05D6E}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.LicensingEvent" refers to invalid object "{AE85576D-FEF5-4d0b-B1CE-4A0E0B57CB8A}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.PrivacyLogEvent" refers to invalid object "{A9075EF3-A4D4-4740-A003-6CC486A8B40F}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.ProxyStatsEvent" refers to invalid object "{78A81FC7-628B-45CA-AFBB-C61282C116A1}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.RestrictionsLogEvent" refers to invalid object "{566E3BED-3A82-4923-9416-47630B5BA879}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.SettingsChangeEvent" refers to invalid object "{7411805E-EA0E-4796-A64F-16DC2F402279}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.SpamLogEvent" refers to invalid object "{C5304D07-4B1E-4B8E-B811-06D456374468}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.TrashCanEvent" refers to invalid object "{90B0A059-A7D1-461e-9990-B8F4ECB45D93}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.WebHistoryLogEvent" refers to invalid object "{3AE06582-3C46-4E6C-AB82-4756E160E607}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.ConfidentialInfoAlertEvent" refers to invalid object "{B9CA7D93-ED00-4AE6-B270-C9BF1BFB79FE}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.CookieAlertEvent" refers to invalid object "{6AAF74EB-52D0-4B1B-BC76-CE8EF0A91FF6}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.ConfidentialInfoLogEvent" refers to invalid object "{F9B0C0D3-9292-4204-8F7D-80815E99595F}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.ContentBlockingLogEvent" refers to invalid object "{7AC8E46C-821C-417D-8C3F-2FC6D272AA29}". Action Taken: No Action Taken.
Entry "HKCR\CcRuleIO.ccFWRulesIO" refers to invalid object "{17BEE251-1B1A-409D-9B90-BB1B78312D3D}". Action Taken: No Action Taken.
Entry "HKCR\PrivateProfile.PrivateProfileEngine" refers to invalid object "{C3EDEA8D-CE3F-4AF2-A883-2069306215BA}". Action Taken: No Action Taken.
Entry "HKCR\WrapUM.WrapNISUM" refers to invalid object "{26676CDD-DD35-4AF2-8751-CC25DC468EF2}". Action Taken: No Action Taken.
Entry "HKCR\EvtPWrap.EventProviderWrapper" refers to invalid object "{EB690BF5-6425-404F-B0BB-ED846DFE10B8}". Action Taken: No Action Taken.
Entry "HKCR\NIS_SMUI.nisUIData" refers to invalid object "{D1935641-9481-432E-AC8D-1FA0422174C9}". Action Taken: No Action Taken.
Entry "HKCR\NIS_SMUI.nisUIDataSrc" refers to invalid object "{60732740-6409-4372-941F-1129F5A22578}". Action Taken: No Action Taken.
Entry "HKCR\NISLicense.NISLicenseHelper" refers to invalid object "{37611656-A7F6-4581-A1AE-9DB4E1442BB2}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.InternetSecurity.NisEvt.LiveUpdateEvent" refers to invalid object "{6F1D8273-C319-4ec8-8D4D-55A18F7CAA27}". Action Taken: No Action Taken.
Entry "HKCR\McSubMgr.McSubMgr" refers to invalid object "{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}". Action Taken: No Action Taken.
Had to uninstall and re-install WG111 software and restart the router to get on the web....
Couldn't find programs MyWay, Bargain Buddy, n-case or WildTangent.
Ran HijackThis and fix-checked all the entries you said.
Deleted MyWay folder & contents
Couldn't find Bargain Buddy, n-case or updater.
Couldn't run Trendmicro scan - couldn't get the scan to launch properly. Website said operating system verified but Java Vendor, Java version and Java Enabled all showing as 'Detecting'. Tried changing my IE security settings but still couldn't get it to work. Tried downloading & running Java VM installer, but kept getting message 'Abort-Java installer - to restart the Java installer please refresh the webpage'
Did however manage to run Pandasoftware activescan and here's the log from that.
Incident Status Location
Adware:adware/comet No disinfected C:\WINDOWS\INF\dm.PNF
Adware:adware/powerscan No disinfected Windows Registry
Virus:Exploit/iFrame Disinfected Local Folders\Inbox\Re: In house quotes and OTR quotes notification[~0000001.~]
Virus:W32/Bugbear Disinfected Local Folders\Inbox\Re: In house quotes and OTR quotes notification[Skateboard Tournament.doc.scr]
And here's the latest rerun HijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 00:23:43, on 21/09/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\HYPERDRIVE20\SHWICON.EXE
C:\PROGRAM FILES\UMSD TOOLS2.33\UMSD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSMONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\PGP60\PGPTRAY.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\NETGEAR\WG111 CONFIGURATION UTILITY\WG111CFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BLUEYONDER IST\BIN\MPBTN.EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.iclway.co.ukR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CyberMedia Agent] "C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE" /SU
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [ACTIVsplash] C:\ACTIV\splash.exe C:\ACTIV
O4 - HKLM\..\Run: [ACTIVfilter] C:\ACTIV\ACTIVfilter.exe
O4 - HKLM\..\Run: [OWCCardbusTray] ocbtray.exe
O4 - HKLM\..\Run: [WORKFLOW] D:\WORKFLOW.EXE
O4 - HKLM\..\Run: [ShowIcon_Hypertec_Hypertec USB Product Driver v2.15r013] "C:\Program Files\Hyperdrive20\shwicon.exe" -t"Hypertec\Hypertec USB Product Driver v2.15r013"
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools2.33\umsd.exe sys_auto_run C:\PROGRAM FILES\UMSD TOOLS2.33
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [First Aid Guardian] "C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDWARN.EXE
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\MSMoney\System\reminder.exe
O4 - Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGP60\PGPtray.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O4 - Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {64ACA6A0-3AE3-11D3-BF88-40FF4CC10184} -
http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {69DEAF94-AF66-11D3-BEC0-00105AA9B6AE} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec....sa/LSSupCtl.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec....sa/SymAData.cabO16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) -
http://www.amiuptoda...pdatePortal.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...90/mcinsctl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcaf...,23/mcgdmgr.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...571/mcfscan.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabA couple of things don't know if they're relevant:
- after fix-checking in HijackThis, when I restarted pc I got msg 'msgsrv32 not responding' so I ended the task.
- I keep getting a program c\windows\System\conagent.exe executing at startup - but I don't think it ever used to before I had these problems....
Thanks for your efforts - much appreciated.....