Hi
My problems are the computer often rebooting after windows opens. The computer is also running very slow.
Here is the link to the scan you requested: http://www.pcpitstop.com/betapit/sec.asp?conid=22097076
thanks
Hi
My problems are the computer often rebooting after windows opens. The computer is also running very slow.
Here is the link to the scan you requested: http://www.pcpitstop.com/betapit/sec.asp?conid=22097076
thanks
1) C:\Documents and Settings\Chris Radford\Chris Radford.exe
I understand this is you name, what I want to know is what is the executable that is installed using your name?
2) "My computer reboots on a regular basis"
When the computer restarts, do you get any message indicating why this is occuring?
3) You have maintenance issues, I can see this in the diagnostic from PCPitStop, but also in the HijackThis log. You have a load of running processes, and I would like you to start looking at this information for help.
http://www.netsquirrel.com/msconfig/msconfig_xp.html
http://www.malwareremoval.com/tutori...ningslowly.php
http://users.telenet.be/bluepatchy/m...wcomputer.html
http://www.microsoft.com/atwork/getstarted/speed.mspx
4) Recommended Fixes (diagnostic report)
You need to click each of the fixes, read and follow the directions. (no need to purchase anything, all fixes can be done without buying anying useless programs) The out of date drivers could easily be causing the restarting problems. Once you finish all of those items, then run a new scan and post the results. I suggest you review the information under all tabs for a better understanding of your computer.
5) I don't want to install additional programs on the computer at this time, we will use programs you have to look a bit more for malware.
TeaTimer must be disabled.
Run Clean Manager
http://spyware-free.us/tutorials/cleanmgr/
Read this information to be sure the Prefetch Folder got cleaned if needed:
*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/art...efetch-XP.html
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Malwarebytes' Anti-Malware <<< you have MBAM so you do not need to download it, but please make sure it is updated and run it as instructed.
Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum...ware-mbam.html
Recap: Post the information about Chris Radford.exe, the error message when the computer restarts if there is one, the report from MBAM and a new HJT log.
Thanks...Phil
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
Phil
Many thanks for your instructions. I am currently working through them and will email you back tomorrow with the results I get
Chris
Phil
I checked on task manager and the chris radford. exe file is a running process. Also, when I go to shutdown, I have the message: Chris Radford.exe -DLL initialisation failed . How do I find out what this running process is for?
thanks
Make sure you can view all files and folders:
http://www.bleepingcomputer.com/tuto...l62.html#winxp
Navigate to that file:
C:\Documents and Settings\Chris Radford\Chris Radford.exe
Use this scan: http://virusscan.jotti.org/
to scan the file and post the results of the scan.
You can also right click that file and choose Properties, the information there may provide information also.
Thanks
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
Hi
Here is the link for the results of the scan of that exe. file:
http://virusscan.jotti.org/en/scanre...52b5828f8d7731
C:\Documents and Settings\Chris Radford\Chris Radford.exe
The file in red is bad and need to be deleted. Look in the folder (Chris Radford), see what is there, if there is nothing you need, delete the complete folder.
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
I have gone to Search and typed in Chris Radford.exe ,it foudn it and it has now been deleted to the recycle bin. Is this all I need to do and can I delete it from the recycle bin?
Yes...then continue with the rest of the instructions in my post #12.
Thanks
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
Hi
I have gone through the instruction you gave at post 12. Here is the Malware Bytes report:
Malwarebytes' Anti-Malware 1.36
Database version: 2109
Windows 5.1.2600 Service Pack 3
11/05/2009 21:36:18
mbam-log-2009-05-11 (21-36-18).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 273008
Time elapsed: 1 hour(s), 37 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 76
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bug doctor_is1 (Rogue.BugDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Bug Doctor (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software\Bug Doctor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software\Bug Doctor\SKIN (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Bug Doctor\BugDoctorLiveUpdate.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Bug Doctor\BugDoctor.lnk (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Bug Doctor\Get Bonuses!.lnk (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Bug Doctor\Uninstall BugDoctor.lnk (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\Bug Doctor Help.chm (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\BugDoctor.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\Get Bonuses.url (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin.ini (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\unins000.dat (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\unins000.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\bug.swf (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fixing_error-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fixing_error-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fixing_error-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fixing_error-rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fix_complete-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fix_complete-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fix_complete-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fix_complete-roll_over.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\LiveUpdate_disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\LiveUpdate_normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\LiveUpdate_pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\LiveUpdate_rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\main_disable.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\main_enable.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\main_pressed.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\main_roll_over.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\mask.bmp (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\mask1.bmp (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan.swf (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scancomplete.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scanning_error-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scanning_error-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scanning_error-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scanning_error-rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan_complete-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan_complete-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan_complete-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan_complete-roll_over.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\schedule_disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\schedule_normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\schedule_pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\schedule_rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\skin.ini (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\SubMainDisable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\SubMainNormal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\SubMainPressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\SubMainRollOver.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\support_disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\support_normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\support_pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\support_rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\unlock_key-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\unlock_key-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\unlock_key-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\unlock_key-roll_over.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software\Bug Doctor\BugDoctor.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software\Bug Doctor\error_list(fixed).log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software\Bug Doctor\error_list.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software\Bug Doctor\SKIN\saMasterCertificate.jpg (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Local Settings\Temp\BN48.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Desktop\BugDoctor.lnk (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris Radford\Desktop\Get Bonuses!.lnk (Rogue.BugDoctor) -> Quarantined and deleted successfully.
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:30, on 11/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1184691695\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\PROGRA~1\FREEIN~1\Clearpch.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris Radford\Chris Radford.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6061004
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6061004
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1184691695\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\PROGRA~1\FREEIN~1\Clearpch.exe -Start
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Chris Radford] C:\Documents and Settings\Chris Radford\Chris Radford.exe /i
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-130116947-2810976214-1870102969-1007\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Lisa Thomson')
O4 - HKUS\S-1-5-21-130116947-2810976214-1870102969-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lisa Thomson')
O4 - HKUS\S-1-5-21-130116947-2810976214-1870102969-1007\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User 'Lisa Thomson')
O4 - HKUS\S-1-5-21-130116947-2810976214-1870102969-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Lisa Thomson')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://*.live.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.msn.com
O15 - Trusted Zone: http://*.passport.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader57.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98b0763e4f0f0) (gupdate1c98b0763e4f0f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 13378 bytes
thanks
Chris