I followed the list and here are the logs. By the way, there are four users on this computer. Should I be running HJT on each user?
Vundo.txt
VundoFix V4.2.74
Running as SYSTEM
from c:\windows\system32\VundoFix.exe
Checking Java version...
Java version is 1.4.2.3
Scan started at 9:43:05 PM 5/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\awvur.dll
C:\WINDOWS\system32\ruvwa.ini
C:\WINDOWS\system32\ruvwa.bak1
C:\WINDOWS\system32\ruvwa.bak2
C:\WINDOWS\system32\ruvwa.ini2
C:\WINDOWS\system32\ruvwa.tmp
C:\WINDOWS\system32\vtuvt.dll
C:\WINDOWS\SYSTEM32\ruvwa.bak1
C:\WINDOWS\SYSTEM32\ruvwa.bak2
C:\WINDOWS\SYSTEM32\ruvwa.tmp
C:\WINDOWS\SYSTEM32\ruvwa.ini
C:\WINDOWS\SYSTEM32\ruvwa.ini2
C:\WINDOWS\SYSTEM32\awvur.dll
C:\WINDOWS\SYSTEM32\ruvwa.ini2
C:\WINDOWS\SYSTEM32\ruvwa.bak2
C:\WINDOWS\SYSTEM32\ruvwa.tmp
C:\WINDOWS\SYSTEM32\ruvwa.ini
C:\WINDOWS\SYSTEM32\ruvwa.ini2
C:\WINDOWS\SYSTEM32\awvur.dll
Attempting to delete C:\WINDOWS\system32\awvur.dll
C:\WINDOWS\system32\awvur.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ruvwa.ini
C:\WINDOWS\system32\ruvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ruvwa.bak1
C:\WINDOWS\system32\ruvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ruvwa.bak2
C:\WINDOWS\system32\ruvwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ruvwa.ini2
C:\WINDOWS\system32\ruvwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ruvwa.tmp
C:\WINDOWS\system32\ruvwa.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Ewido log
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:59:04 PM, 5/11/2006
+ Report-Checksum: 504A286B
+ Scan result:
HKU\S-1-5-21-1173386955-237758256-2301163000-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup
HKU\S-1-5-21-1173386955-237758256-2301163000-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93C6313C-9DB4-4694-8BD0-E378C573A9AD} -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-5f3cee69-2bf3986e.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1199dff7-5042d416.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-1c8925d1.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@polo.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dad\Cookies\dad@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Dad\Local Settings\Temp\temp.fr2FE2 -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@ehg-hasbro.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jessica\Cookies\jessica@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d2-71205012.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-50c69d97.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-4d122404-52ad34b5.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\1.jar-1c59dff9-5575605f.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-5149dfe9.zip/Dummy.class -> Trojan.NoCheat.240 : Cleaned with backup
C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4d73a4da-33a2f97d.zip/Dummy.class -> Trojan.NoCheat.240 : Cleaned with backup
C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-4d7e06c5-40a8efbe.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-4d7e06c5-40a8efbe.zip/Matrix.class -> Downloader.OpenStream.c : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@ads20.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@girlsass.com.22545.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@www.fantasys.com.22545.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@www.vaginas.com.22545.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Mom\Start Menu\Programs\PurityScan -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Mom\Start Menu\Programs\PurityScan\PurityScan.lnk -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-5eea83c1-15c84806.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-2a0c82a4-4babf4a4.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba449-1927a4a0.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba449-1927a4a0.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv607.jar-7bfcc9a4-280fbf70.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv616.jar-239fb83-14521f73.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wfkispcpilq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wfl4kjczwkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wjkokhdjwho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wjkyspc5gko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wjlogndjwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wjmykgcpglp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@sonymediasoftware.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Stephen\Cookies\stephen@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Stephen\Local Settings\Temp\Cookies\stephen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Stephen\Local Settings\Temp\Cookies\stephen@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Stephen\Local Settings\Temp\Cookies\stephen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Stephen\Local Settings\Temp\Cookies\stephen@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Stephen\Local Settings\Temp\Cookies\stephen@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Stephen\Local Settings\Temp\Temporary Internet Files\Content.IE5\FAVOWAPL\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Cleaned with backup
C:\Downloads\Driver-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\finaldrivenitroam-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Program Files\acces-rapide\acces-rapide.exe -> Dialer.Allotick : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20060310-112927-338.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\oleext.dll -> Trojan.Small.ev : Cleaned with backup
::Report End
HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 11:03:53 PM, on 5/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.intellica...op&prodnav=none
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec....rl/LSSupCtl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Thanks for the quick response.