Hi Elrond,
Many thanks for your help.
1. Restore points were already enabled.
2. i do have an anti virus programme running called Spyware doctor. it runs frequently and finds the 10 startpage trojan infections each time as well as quarantining anything it finds.
3. Combofix log attached:
ComboFix 08-01-03.4 - Ashley Mount 2008-01-03 16:45:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.107 [GMT 0:00]
Running from: C:\Documents and Settings\Ashley Mount\Local Settings\Temporary Internet Files\Content.IE5\OXYBKPUB\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Christine Agius\Application Data\Hotbar
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066422.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070519.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\130459.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\1374346.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\165632.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\2896152.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\583135.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\625696.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\628955.sdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\32ab.dat
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13546
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13562
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13925
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14410
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14415
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15034
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15040
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\166165
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\196982
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\2021
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21010
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22657
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\242317
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\251440
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\252276
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27060
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32242
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\376813
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41999
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43638
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44229
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44458
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54189
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54473
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59844
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64517
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6873
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\702287
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\71009
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79257
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82557
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85062
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90358
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91224
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91589
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\916
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93544
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95704
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99008
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\32ab.dat
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtone.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\country.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\Documents and Settings\Christine Agius\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.
2008-01-03 16:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-18 20:26 . 2007-12-18 21:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-18 20:26 . 2007-12-18 20:26 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-12 17:07 . 2007-12-12 17:07 <DIR> d-------- C:\WINDOWS\Ad-Ware Pro
2007-12-12 09:44 . 2007-12-12 09:44 <DIR> d-------- C:\Documents and Settings\Ashley Mount\Application Data\AdwareAlert
2007-12-12 09:37 . 2007-12-12 09:37 <DIR> d-------- C:\Documents and Settings\Ashley Mount\Application Data\SpywareBot
2007-12-12 09:03 . 2004-09-21 23:13 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-12 09:03 . 2004-09-21 23:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-12-12 09:03 . 2004-09-21 23:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-12-12 09:03 . 2004-09-21 23:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-12-10 17:50 . 2007-12-10 17:50 <DIR> d-------- C:\Documents and Settings\Ashley Mount\Application Data\PCToolsFirewallPlus
2007-12-10 17:27 . 2008-01-03 16:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-10 17:26 . 2007-12-12 08:52 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2007-12-10 17:26 . 2007-12-10 17:26 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2007-12-10 17:26 . 2007-11-09 16:00 209,816 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2007-12-10 17:26 . 2007-11-02 09:15 120,832 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2007-12-10 17:26 . 2007-11-09 16:00 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys
2007-12-10 17:26 . 2007-11-09 16:00 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 16:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-03 16:40 --------- d-----w C:\Documents and Settings\Ashley Mount\Application Data\Skype
2007-12-29 15:41 --------- d-----w C:\Documents and Settings\Ashley Mount\Application Data\AdobeUM
2007-12-15 09:20 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-15 09:20 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-13 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-13 19:31 --------- d-----w C:\Program Files\Kontiki
2007-12-13 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2007-12-12 09:40 --------- d-----w C:\Program Files\VideoLAN
2007-12-12 08:44 --------- d-----w C:\Program Files\Symantec
2007-12-10 18:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-10 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-10 07:28 --------- d-----w C:\Program Files\iWin.com
2007-12-10 07:24 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 19:02 --------- d-----w C:\Documents and Settings\Ashley Mount\Application Data\PC Tools
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-04 09:50 --------- d-----w C:\Program Files\Skype
2007-11-04 09:50 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-04 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-31 22:15 0 ---ha-w C:\Documents and Settings\Ashley Mount\Application Data\hpothb07.dat
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-01-09 20:25 0 ---ha-w C:\Documents and Settings\Christine Agius\hpothb07.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-08-18 16:47 1335390]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-15 18:18 171448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05 143360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"AdwareProMFC"="C:\Program Files\Ad-Ware Pro\Ad-Ware Pro.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 03:42 212992]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 09:23 67584 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-05-10 10:30 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-05-10 10:29 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 04:38 88361 C:\WINDOWS\AGRSMMSG.exe]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-08-06 15:48 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-08-06 15:52 356352]
"BtcMaestro"="C:\Program Files\KMaestro\KMaestro.exe" [2004-06-02 07:35 237568]
"iMON"="C:\Program Files\SOUNDGRAPH\iMON\iMON.exe" [2004-09-17 14:11 1024000]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2004-09-17 18:30 81920]
"Workflow"="D:\Workflow.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-24 18:02 180269]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55 54832]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-11-09 16:00 2598808]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
blueyonder Instant Support Tool.lnk - C:\Program Files\blueyonder IST\bin\matcli.exe [2005-02-08 14:01:38]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-08-06 15:48 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2007-11-09 16:00]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2007-11-09 16:00]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2007-11-09 16:00]
R3 TGIOPort;TGIOPort Service;C:\WINDOWS\system32\drivers\TGIOPort.sys [2004-04-13 10:57]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
S3 StkMini;USB 2.0TV;C:\WINDOWS\system32\Drivers\USBTVMini.sys [2004-08-31 22:59]
S3 StkScan;USB 2.0TV Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2004-08-06 09:28]
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 10:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-12 09:45:13 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-11-04 17:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-03 16:05:43 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2005-03-14 18:44:10 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1105296211.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-01-03 16:35:31 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-05-20 14:56:32 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-12 09:37:46 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-03 16:52:16
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 16:54:02
ComboFix-quarantined-files.txt 2008-01-03 16:53:55
.
2007-12-15 10:47:14 --- E O F ---
4. New Hijack this log attached:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:53 PM, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ashley Mount\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://runonce.msn.com/?v=msgrv75R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.pcservicecall.co.ukR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdwareProMFC] C:\Program Files\Ad-Ware Pro\Ad-Ware Pro.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?4e69601f753142d38b57513d38358109
O8 - Extra context menu item: Open in new foreground tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?4e69601f753142d38b57513d38358109
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) -
https://www.hmvdigital.com/HMV.Digital. ... loader.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 9607 bytes
5. Could not find Ad-ware pro programme following your instructions.
Many thanks again.