Thanks very much for your reply!
The PC is working pretty much fine now. I did all that you said and the result of the housecall is below. There were no trojans or spyware or viruses. There are about 65 vulnerabilities in Microsoft:
What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 65 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Critical This vulnerability enables a remote attacker to execute arbitrary code by creating an .MP3 or .WMA file that contains a corrupt custom attribute. This is caused by a buffer overflow in the Windows Shell function in Microsoft Windows XP. MS02-072
Highly Critical This vulnerability enables local users to execute arbitrary code through an RPC call. This is caused by a buffer overflow in the RPC Locator service for Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. MS03-001
Highly Critical This vulnerability enables a remote attacker to execute arbitrary code through a WebDAV request to IIS 5.0. This is caused by a buffer overflow in NTDLL.DLL on Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. MS03-007
Highly Critical This vulnerability enables a remote attacker to execute any file that can be rendered as text, and be opened as part of a page in Internet Explorer. MS03-014
Critical This vulnerability enables a remote attacker to cause a denial of service and execute arbitrary code through a specially formed web page or HTML e-mail. This is caused by a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. MS03-023
Highly Critical This vulnerability enables a remote attacker to execute arbitrary code through a malformed message. This is caused by a buffer overflow in certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003. MS03-026
Critical This vulnerability enables a remote attacker to execute arbitrary code through a specially crafted MIDI file. This is caused by multiple buffer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL). MS03-030
Critical This vulnerability could allow a remote attacker to execute arbitrary code via a malformed RPC request with a long filename parameter. This is caused by a heap-based buffer overflow found in the Distributed Component Object Model (DCOM) interface in the RPCSS Service.;This vulnerability could allow a remote attacker to cause a denial of service attack, which could allow local attackers to gain privileges via certain messages sent to the __RemoteGetClassObject interface.;This vulnerability could allow a remote attacker to execute arbitrary code via a malformed activation request packet with modified length fields. This is caused by a heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service.;This vulnerability could allow a remote attacker to cause a denial of service attack. This is caused by two threads processing the same RPC request, which will lead to its using memory after it has been freed.;This vulnerability could allow a remote attacker to cause a denial of service attack via a queue registration request. This is caused by a buffer overflow in the Microsoft Message Queue Manager. MS03-039
Highly Critical These vulnerabilities, which are due to Internet Explorer not properly determining an object type returned from a Web server in a popup window or during XML data binding, respectively, could allow an attacker to run arbitrary code on a user's system. MS03-040
Critical This vulnerability allows a remote attacker to execute arbitrary code without user approval. This is caused by the authenticode capability in Microsoft Windows NT through Server 2003 not prompting the user to download and install ActiveX controls when system is low on memory. MS03-041
Critical This vulnerability allows a remote attacker to execute arbitrary code on the affected system. This is caused of a buffer overflow in the Messenger Service for Windows NT through Server 2003. MS03-043
Important This vulnerability is due to a buffer overrun in the ListBox and ComboBox controls found in User32.dll. Any program that implements the ListBox control or the ComboBox control could allow arbitrary code to be executed at the same privilege level. This vulnerability cannot be exploited remotely. MS03-045
Critical This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this is executed under the security context of the currently logged on user.;This vulnerability could allow an attacker to save a file on the users system. This is due to dynamic HTML events related to the drag-and-drop of Internet Explorer.;This vulnerability, which is due to the incorrect parsing of URLs which contain special characters, could allow an attacker to trick a user by presenting one URL in the address bar, wherein it actually contains the content of another web site of the attackers choice. MS04-004
Highly Critical The LSASS vulnerability is a buffer overrun vulnerability allows remote code execution.;The LDAP vulnerability is a denial of service (DoS) vulnerability that causes the service in a Windows 2000 domain controller responsible for authenticating users in an Active Directory domain to stop responding.;The PCT vulnerability is a buffer overrun vulnerability in the Private Communications Transport (PCT) protocol, a part of the SSL library, that allows remote code execution.;The Winlogon vulnerability is a buffer overrun vulnerability in the Windows logon process (winlogon) that allows remote code execution.;The Metafile vulnerability is a buffer overrun vulnerability that exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats.;The Help and Support Center vulnerability allows remote code execution and is due to the way Help and Support Center handles HCP URL validation.;The Utility Manager vulnerability is a privilege elevation vulnerability that exists due to the way that Utility Manager launches applications.;The Windows Management vulnerability is a privilege elevation vulnerability that when successfully exploited allows a local attacker to take complete control of a system by executing commands at the system privilege level.;The Local Descriptor Table vulnerability is a privilege elevation vulnerability that when successfully exploited allows a local attacker to take complete control of a system by executing commands at with system privileges.;The H.323 vulnerability is a buffer overrun vulnerability that when successfully exploited can allows attackers to gain full control of a system by arbitrarily executing commands with system privileges.;Virtual DOS Machine vulnerability is a privilege elevation vulnerability that when successfully exploited allows a local attacker to gain full control of a system by executing commands with system privileges.;The Negotiate SSP vulnerability is a buffer overrun vulnerability that exists in Microsoft's Negotiate Security Service Provider (SSP) interface and allows remote code execution.;The SSL vulnerability exists due to the way SSL packets are handled and can causes the affected systems to stop responding to SSL connection requests.;The ASN.1 'Double-Free' vulnerability exists in Microsoft's Abstract Syntax Notation One (ASN.1) Library and allows remote code execution at the system privilege level. MS04-011
Critical The RPC Runtime Library vulnerability is a remote code execution vulnerability that results from a race condition when the RPC Runtime Library processes specially crafted messages. An attacker who successfully exploits this vulnerability could take complete control of an affected system.;The RPCSS Service denial of service (DoS) vulnerability allows a malicious user or malware to send specially-crafted messages to a vulnerable system, which causes the RPCSS Service to stop responding.;The RPC Over HTTP vulnerability may be used to launch a denial of service (DoS) attack against a system with CIS or RPC over HTTP Proxy enabled.;When successfully exploited, the Object Identity vulnerability allows an attacker to force currently running applications to open network communication ports, thereby opening a system to remote attacks. MS04-012
Critical The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers.This could allow an attacker to take complete control of an affected system. MS04-013
Critical This vulnerability exists in the Help and Support Center (HCP) and is due to the way it handles HCP URL validation. This vulnerability could allow an attacker to remotely execute arbitrary code with Local System privileges. MS04-015
Moderate This is a denial of service (DoS) vulnerability. It affects applications that implement the IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay. Applications that use this API are typically network-based multiplayer games.;An attacker who successfully exploits this vulnerability could cause the DirectX application to fail while a user is playing a game. The affected user would then have to restart the application. MS04-016
Moderate A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04-018
Critical This vulnerability lies in an unchecked buffer within the Task Scheduler component. When exploited, it allows the attacker to execute arbitrary code on the affected machine with the same privileges as the currently logged on user. MS04-022
Critical An attacker who successfully exploits this vulnerability could gain the same privileges as that of the currently logged on user. If the user is logged in with administrative privileges, the attacker could take complete control of the system. User accounts with fewer privileges are at less risk than users with administrative privileges. MS04-023
Critical The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit this vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visits a malicious Web site.;The Malformed BMP File Buffer Overrun Vulnerability exists in the processing of BMP image file formats that could allow remote code execution on an affected system.;The Malformed GIF File Double Free Vulnerability is a buffer overrun vulnerability that exists in the processing of GIF image file formats that could allow remote code execution on an affected system. MS04-025
Important This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.;The vulnerability is caused by an unchecked buffer in the Microsoft Office WordPerfect Converter. MS04-027
Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes. MS04-028
Important An unchecked buffer exists in the NetDDE services that could allow remote code execution. An attacker who is able to successfully exploit this vulnerability is capable of gaining complete control over an affected system. However, the NetDDe services are not automatically executed, and so would then have to be manually started for an attacker to exploit this vulnerability. This vulnerability also allows attackers to perform a local elevation of privilege, or a remote denial of service (DoS) attack. MS04-031
Critical This cumulative release from Microsoft covers four newly discovered vulnerabilities: Windows Management Vulnerability, Virtual DOS Machine Vulnerability, Graphics Rendering Engine Vulnerability, and Windows Kernel Vulnerability. MS04-032
Critical This remote code execution vulnerability exists in Microsoft Excel. It allows an attacker to take complete control of an affected system if a user us logged on with administrative privileges. An attacker who successfully exploits this vulnerability can install programs; view, change, or delete data; or create new accounts with full privileges. MS04-033
Critical This is another privately reported vulnerability about Windows Compressed Folders. There is vulnerability on the way that Windows processes Compressed (Zipped) Folders that could lead to remote code execution. Windows can not properly handle the extraction of the ZIP folder with a very long file name. Opening a specially crafted compressed file, a stack-based overflow occurs, enabling the remote user to execute arbitrary code. MS04-034
Critical This security bulletin focuses on the following vulnerabilities: Shell Vulnerability (CAN-2004-0214), and Program Group Converter Vulnerability (CAN-2004-0572). Shell vulnerability exists on the way Windows Shell launches applications that could enable remote malicious user or malware to execute arbitrary code. Windows Shell function does not properly check the length of the message before copying to the allocated buffer. Program Group Converter is an application used to convert Program Manager Group files that were produced in Windows 3.1, Windows 3.11, Windows for Workgroups 3.1, and Windows for Workgroups 3.11 so that they can still be used by later operating systems. The vulnerability lies in an unchecked buffer within the Group Converter Utility. MS04-037
Critical This is a remote code execution vulnerability that exists in the Internet Explorer. It allows remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious Web Page. The said routine could allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability. MS04-038
Critical This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user. MS04-040
Important This security advisory explains the two discovered vulnerabilities in Microsoft Word for Windows 6.0 Converter, which is used by WordPad in converting Word 6.0 to WordPad file format. Once exploited, this remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. MS04-041
Critical A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. If a user is logged on with administrator privileges, an attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution and then persuade a user to open this file. This malicious file may enable the attacker to gain complete control of the affected system. This vulnerability could also be exploited through a malicious Telnet URL if HyperTerminal had been set as the default Telnet client. MS04-043
Important This security update addresses and resolves two windows vulnerabilites, both of which may enable the current user to take control of the affected system. Both of these vulnerabilites require that the curernt user be able to log on locally and execute programs. They cannot be exploited remotely, or by anonymous users. A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. This vulnerability could allow the current user to take complete control of the system. A privilege elevation vulnerability exists in the way that the LSASS validates identity tokens. This vulnerability could allow the current user to take complete control of the affected system. MS04-044
Critical This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. MS05-001
Critical This update resolves several newly-discovered, privately reported and public vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts that have full privileges. MS05-002
Important This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. While remote code execution is possible, an attack would most likely result in a denial of service condition. MS05-003
Critical This remote code execution vulnerability exists in Microsoft Office XP software. An attacker could exploit the vulnerability by enticing users to open a malicious file hosted in Internet Explorer. An attacker could also construct an email message that contains a link to the said file.;An attacker who successfully exploits this vulnerability could take complete control of an affected system. MS05-005
Important This is an information disclosure vulnerability. An attacker who successfully exploits this vulnerability could remotely read the user names for users who have an open connection to an available shared resource. MS05-007
Important This remote code execution vulnerability exists in the way Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow an attacker to save a file on the users system if a user visited a malicious Web site or viewed a malicious e-mail message. MS05-008
Critical This remote code execution vulnerability exists in Server Message Block (SMB). It allows an attacker who successfully exploits this vulnerability to take complete control of the affected system. MS05-011
Critical This privilege elevation vulnerability exists in the way that the affected operating systems and programs access memory when they process COM structured storage files. This vulnerability could grant a currently logged-on user to take complete control of the system.;This remote code execution vulnerability exists in OLE because of the way that it handles input validation. An attacker could exploit the vulnerability by constructing a malicious document that could potentially allow remote code execution. MS05-012
Critical This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system. MS05-013
Critical This update resolves known vulnerabilities affecting Internet Explorer. An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-014
Critical A remote code execution vulnerability exists in the Hyperlink Object Library. This problem exists because of an unchecked buffer while handling hyperlinks. An attacker could exploit the vulnerability by constructing a malicious hyperlink which could potentially lead to remote code execution if a user clicks a malicious link within a Web site or e-mail message. MS05-015
Important A remote code execution vulnerability exists in the Windows Shell because of the way that it handles application association. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability. MS05-016
Important A remote code execution vulnerability exists in Message Queuing that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. MS05-017
Important This security bulletin resolves newly-discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-018
Critical This security bulletin resolves newly discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. However, an attacker who successfully exploited the most severe of these vulnerabilities would most likely cause the affected system to stop responding. MS05-019
Critical This security bulletin resolves three newly-discovered, privately-reported vulnerabilities affecting Internet Explorer. If a user is logged on with administrative user rights, an attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-020
Critical This security bulletin resolves the following vulnerabilities affecting Internet Explorer.; The PNG Image Rendering Memory Corruption vulnerability could allow an attacker to execute arbitrary code on the system because of a vulnerability in the way Internet Explorer handles PNG images.; The XML Redirect Information Disclosure vulnerability could allow an attacker to read XML data from another Internet Explorer domain because of a vulnerability in the way Internet Explorer handles certain requests to display XML content. MS05-025
Critical HTML Help is the standard help system for the Windows platform. Authors can use it to create online Help files for a software application or content for a multimedia title or a Web site. This vulnerability in HTML Help could allow attackers to execute arbitrary code on the affected system via a specially crafted Compiled Windows Help (CHM) file, because it does not completely validate input data. MS05-026
Critical A remote code execution vulnerability exists in the Microsofts implementation of the Server Message Block (SMB) protocol, which could allow an attacker to execute arbitrary codes to take complete control over a target system. This vulnerability could be exploited over the Internet. An attacker would have to transmit a specially crafted SMB packet to a target system to exploit it. However, failure to successfully exploit the vulnerability could only lead to a denial of service. MS05-027
Important A vulnerability exists in the way that Windows processes Web Client requests, which could allow a remote attacker to execute arbitrary code and take complete control over the affected system. MS05-028
Important A remote code execution vulnerability exists in Outlook Express when it is used as a newsgroup reader. An attacker could exploit this vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news. MS05-030
Moderate This vulnerability could enable an attacker to spoof trusted Internet content because security prompts can be disguised by a Microsoft Agent character. MS05-032
Moderate This vulnerability in the Microsoft Telnet client could allow an attacker to gain sensitive information about the affected system and read the session variables of users who have open connections to a malicious Telnet server. MS05-033
Critical This vulnerability could allow a remote attacker to execute arbitrary codes on the affected system via a malicious image file in a Web site or email message. This vulnerability exists because of the way Microsoft Color Management Module handles ICC profile format tag validation. MS05-036
Critical A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037
Critical This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer. MS05-038
Critical An unchecked buffer in the Plug and Play service results in this vulnerability. Once successfully exploited, this vulnerability permits an attacker to have complete virtual control of an affected system. This vulnerability involves a remote code execution and local elevation of privilege. It can be exploited over the Internet. MS05-039
Important This security advisory explains a vulnerability in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. Attackers who successfully exploits the said vulnerability can take complete control of an affected system. They could then install programs, view, change, or delete data, and create new accounts with full user rights. MS05-040
Moderate A remote malicious user can use the process employed by the Remote Desktop Protocol (RDP) to validate data to cause a denial of service (DoS) attack, which stops an affected machine from responding and causing it to automatically restart. MS05-041
Moderate This security bulletin resolves the following vulnerabilities found in Microsoft Windows: (1) the Kerberos vulnerability, which is a denial of service vulnerability that allows an attacker to send a specially crafted message to a Windows domain controller, making the service that is responsible for authenticating users in an Active Directory domain to stop responding, and (2)the PKINIT vulnerability, which is an information disclosure and spoofing vulnerability that allows an attacker to manipulate certain information that is sent from a domain controller and potentially access sensitive client network communication. MS05-042
Critical A remote code execution vulnerability in the Printer Spooler service allows an attacker who successfully exploits this vulnerability to take complete control of the affected system.
I have done a new Hijack This logfile, the results of which are below.
Logfile of HijackThis v1.99.1
Scan saved at 20:05:06, on 31/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\atievxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\wanadoo\wanadooconnectionkit\atdialler1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\spare1234\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.co.uk/0SEENGB/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\wanadoo\wanadooconnectionkit\atdialler1.exe
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v ... 3038977138
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnme ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EB9C85-3992-4AEA-B352-6B0C98464DD3}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I have also fixed up a firewall.
Thanks again!
