nickyprout

Hi Chiaz, Thanks for your help. PC seems to be running fine now. Hopefully I won't need your help in the near future. Thanks to all involved. Nicky

Hi Chiaz, Have done as requested. Here is the MBAM log. Malwarebytes' Anti-Malware 1.41 Database version: 2917 Windows 5.1.2600 Service Pack 3 07/10/2009 08:47:45 mbam-log-2009-10-07 (08-47-45).txt Scan type: Full Scan (C:\|) Objects scanned: 218789 Time elapsed: 26 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{DDFC0DDF-04B9-4FC9-9CF2-71A6304CF328}\RP24\A0027400.sys (Worm.Agent) -> Quarantined Do I now have to uninstall Combofix? Nicky

Chiaz, I've been told by someone that I should "Disable Administrative Shares". What does that mean? Nicky

Last Bit [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1616) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows.0\system32\WININET.dll - - - - - - - > 'explorer.exe'(3076) c:\windows.0\system32\WININET.dll c:\windows.0\system32\ieframe.dll c:\windows.0\system32\WPDShServiceObj.dll c:\windows.0\system32\PortableDeviceTypes.dll c:\windows.0\system32\PortableDeviceApi.dll . Completion time: 2009-10-05 15:05 ComboFix-quarantined-files.txt 2009-10-05 14:05 ComboFix2.txt 2009-09-19 12:36 Pre-Run: 220,480,217,088 bytes free Post-Run: 220,438,691,840 bytes free 206 --- E O F --- 2009-09-09 21:02

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info] @Denied: (3) (LocalSystem) "AppDataDir"="c:\\Documents and Settings\\All Users.WINDOWS.0\\Application Data\\ESET\\ESET Smart Security\\" "DataDir"="ESET\\ESET Smart Security\\" "EditionName"="Student Edition" "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\" "LanguageId"=dword:00000409 "ProductBase"=dword:00000001 "ProductCode"="{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}" "ProductName"="ESET Smart Security" "ProductType"="ess" "ProductVersion"="3.0.684.0" "UniqueId"="0006AC9E49ABC1A1" "ScannerBuild"=dword:00000ed0 "ScannerVersionId"=dword:00000de1 "ScannerVersion"="" "FixId"=dword:00000005

Contents of the 'Scheduled Tasks' folder 2009-10-05 c:\windows.0\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37] . . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.yahoo.com/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-05 15:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-05 19:42 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows.0\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS.0\\system32\\dldncoms.exe"= "c:\\Program Files\\Dell V105\\dldnmon.exe"= "c:\\WINDOWS.0\\system32\\spool\\drivers\\w32x86\\3\\dldnpswx.exe"= "c:\\WINDOWS.0\\system32\\spool\\drivers\\w32x86\\3\\dldnjswx.exe"= "c:\\Program Files\\Dell V105\\dldnlscn.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Dell V105\\frun.exe"= R0 pavboot;pavboot;c:\windows.0\system32\drivers\pavboot.sys [03/10/2009 15:57 28544] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 12:43 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 12:43 74480] R2 dldn_device;dldn_device;c:\windows.0\system32\dldncoms.exe -service --> c:\windows.0\system32\dldncoms.exe -service [?] R2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:\windows.0\system32\spool\drivers\w32x86\3\dldnserv.exe [11/01/2009 20:56 99568] R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24/10/2008 21:51 468224] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows.0\system32\TUProgSt.exe [14/09/2009 16:14 604416] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [16/04/2008 15:56 598856] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 12:43 7408] S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows.0\system32\drivers\WebSTAR.sys [16/04/2008 16:05 15417] S3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;c:\windows.0\system32\drivers\SACMXP1.sys [20/11/2003 16:01 14848] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-18 1998576] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2008-09-17 86016] "dldnmon.exe"="c:\program files\Dell V105\dldnmon.exe" [2008-06-24 668912] "dldnamon"="c:\program files\Dell V105\dldnamon.exe" [2008-06-24 16624] "NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2008-09-17 13574144] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RTHDCPL"="RTHDCPL.EXE" - c:\windows.0\RTHDCPL.exe [2006-08-14 16050176] "SkyTel"="SkyTel.EXE" - c:\windows.0\SkyTel.exe [2006-05-16 2879488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\ Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-2-9 303104] STK02N 2.3 PNP Monitor.lnk - c:\windows.0\STK02N\STK02NM.exe [2009-2-12 163840] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-05 19:42 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-04 20:30 . 2009-08-18 19:26 -------- d-----w- c:\documents and settings\The Prout Family.ELONEX\Application Data\dvdcss 2009-10-04 08:37 . 2008-04-16 14:15 -------- d---a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP 2009-10-04 08:37 . 2008-06-30 16:10 -------- d-----w- c:\program files\SpywareBlaster 2009-09-28 20:52 . 2008-11-29 12:56 16 ----a-w- c:\windows.0\popcinfo.dat 2009-09-23 19:45 . 2007-07-25 20:17 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-22 22:25 . 2008-10-10 21:49 -------- d-----w- c:\program files\LeeGTs Games 2009-09-19 15:28 . 2008-02-09 12:01 -------- d-----w- c:\program files\FinePixViewerS 2009-09-18 10:28 . 2009-02-25 20:10 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-14 15:14 . 2009-08-14 13:53 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-09-14 13:46 . 2009-03-16 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-10 13:54 . 2009-03-16 11:59 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2009-03-16 11:59 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys 2009-09-06 16:37 . 2009-08-18 15:05 24 ----a-w- c:\windows.0\popcinfot.dat 2009-08-29 15:05 . 2009-08-29 15:05 -------- d-----w- c:\program files\3Planesoft Screensaver Manager 2009-08-29 15:05 . 2009-08-29 15:05 -------- d-----w- c:\program files\Cuckoo Clock 3D Screensaver 2009-08-24 18:53 . 2008-07-30 18:38 -------- d-----w- c:\program files\Ricochet Xtreme 2009-08-22 10:43 . 2009-08-22 10:43 -------- d-----w- c:\program files\Legjendat 2009-08-18 16:11 . 2009-08-18 15:19 -------- d-----w- c:\program files\Auran 2009-08-18 15:03 . 2009-08-18 15:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\PopCap Games 2009-08-18 15:03 . 2009-08-18 14:49 -------- d-----w- c:\program files\PopCap Games 2009-08-18 14:47 . 2009-08-18 14:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\HipSoft 2009-08-15 13:31 . 2009-08-15 09:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Candy Factory 2009-08-14 13:53 . 2008-04-16 14:27 -------- d-----w- c:\documents and settings\The Prout Family.ELONEX\Application Data\TuneUp Software 2009-08-14 13:53 . 2009-08-14 13:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\TuneUp Software 2009-08-14 13:52 . 2009-08-14 13:52 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-08-09 12:58 . 2009-08-09 12:58 -------- d-----w- c:\program files\Google 2009-08-09 12:58 . 2009-08-09 11:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\BigFishGamesCache 2009-08-09 12:58 . 2009-08-09 12:58 -------- d-----w- c:\program files\BFG 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows.0\system32\mswebdvd.dll 2009-07-18 16:20 . 2008-04-16 15:34 27272 ----a-w- c:\documents and settings\The Prout Family.ELONEX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows.0\system32\atl.dll 2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows.0\system32\wmpdxm.dll 2007-10-26 13:14 . 2007-10-26 13:14 774144 ----a-w- c:\program files\RngInterstitial.dll

Will have to put log in seperate posts as too big for one. ComboFix 09-10-04.01 - The Prout Family 05/10/2009 15:00.4.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3519.3029 [GMT 1:00] Running from: c:\documents and settings\The Prout Family.ELONEX\Desktop\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 ))))))))))))))))))))))))))))))) . 2009-10-03 14:57 . 2008-06-19 16:24 28544 ----a-w- c:\windows.0\system32\drivers\pavboot.sys 2009-09-23 19:45 . 2009-09-23 19:46 -------- d-----w- c:\program files\Ballance 2009-09-22 22:40 . 2009-09-22 22:40 -------- d-----w- c:\documents and settings\The Prout Family.ELONEX\Application Data\Merscom 2009-09-22 22:40 . 2009-09-22 22:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Merscom 2009-09-22 22:33 . 2009-09-22 22:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Brainiversity2 2009-09-22 22:27 . 2009-09-22 22:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Becky Brogan 2009-09-22 22:24 . 2009-09-22 22:24 -------- d-----w- c:\documents and settings\The Prout Family.ELONEX\Application Data\MA 2009-09-14 15:14 . 2009-09-14 15:14 604416 ----a-w- c:\windows.0\system32\TUProgSt.exe 2009-09-14 15:14 . 2009-04-27 12:21 28928 ----a-w- c:\windows.0\system32\uxtuneup.dll 2009-09-14 15:14 . 2009-09-14 15:14 361216 ----a-w- c:\windows.0\system32\TuneUpDefragService.exe 2009-09-09 21:36 . 2009-09-09 21:36 -------- d-----w- c:\windows.0\system32\wbem\Repository 2009-09-09 20:22 . 2009-06-21 21:44 153088 -c----w- c:\windows.0\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

Hi Chiaz. ok, I think I'd rather clean than re-install, so I'll download Combofix and post the log. Nicky

Hi Chiaz/Tootech, Have read the article given by Tootech and have understood it. My computer is mainly used for surfing the net and games. I do, however use online banking, so yes I do have personal banking infor on my pc. Having said that, when I had to re-instal windows in the past, I lost all the sites that I had put onto my favorites (I am not the only user of this pc). Is there some way to back these up? j Chiaz, like Tootech, do you recomend a re-instal?. If your answer is yes then I will follow that advice. If you think you can cleanse my pc AGAIN! then I'll proceed to download Combofix Thanks for your help Nicky

Hi Chiaz, Here we are again then!!!! I presume you mean we "can" attempt to clean my pc. I have had to reformat before and I did not enjoy losing everything that I had stored, so if it is at all possible to re-clean this pc then I will do as advised and change all of my personal details on my accounts. Sorry to be a pain. If you say it is too difficult (I have every faith in you) then I will have to re format. Nicky

Hi Guys, Here is the requested hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:33, on 04/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\dldnserv.exe C:\WINDOWS.0\system32\dldncoms.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS.0\system32\nvsvc32.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\TUProgSt.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\system32\SearchIndexer.exe C:\WINDOWS.0\RTHDCPL.EXE C:\WINDOWS.0\system32\RUNDLL32.EXE C:\Program Files\Dell V105\dldnmon.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Dell V105\dldnMsdMon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS.0\system32\ctfmon.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\WINDOWS.0\STK02N\STK02NM.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [dldnmon.exe] "C:\Program Files\Dell V105\dldnmon.exe" O4 - HKLM\..\Run: [dldnamon] "C:\Program Files\Dell V105\dldnamon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe O4 - Global Startup: STK02N 2.3 PNP Monitor.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?AuthParam=1236265810_6d2cb8bf9032a5183a54abf82d9813b9&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab&File=jinstall-6u12-windows-i586-jc.cab&BHost=javadl.sun.com O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: dldnCATSCustConnectService - Unknown owner - C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe O23 - Service: dldn_device - - C:\WINDOWS.0\system32\dldncoms.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS.0\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS.0\System32\TUProgSt.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 8063 bytes Nicky

Thankyou muchly to all involved. Greatly appreciated. Great site, Great advise given, quick responses and great people. Thanks once again