virus/trojan - hijackthis log (no virus name known so far)

firstly,i would of put the virus name as part or the topic name/searched for it but i don't know what virus/trojan i'm looking for in here,hence the poor subject title!
anyway,i've got a friend and they think they've got a virus/trojan.a message comes up on their screen,then the pc restarts.i've got her to do a hijackthis log,and the process viewer so i can post them on here

process viewer:
Process PID CPU Description User Name Priority Handles Window Title
System Idle Process 0 86 <access denied> 0 0
System 4 00 NT AUTHORITY\SYSTEM 8 359
smss.exe 516 00 Windows NT Session Manager NT AUTHORITY\SYSTEM 11 21
csrss.exe 592 01 Client Server Runtime Process NT AUTHORITY\SYSTEM 13 526
winlogon.exe 616 00 Windows NT Logon Application NT AUTHORITY\SYSTEM 13 421
services.exe 660 02 Services and Controller app NT AUTHORITY\SYSTEM 9 301
ati2evxx.exe 812 00 ATI External Event Utility EXE Module NT AUTHORITY\SYSTEM 8 39
svchost.exe 824 00 Generic Host Process for Win32 Services NT AUTHORITY\SYSTEM 8 203
iexplore.exe 244 00 Internet Explorer WOODWARD\Rachel Woodward 8 301 http://www.azworks.com/ProcessExplorer/ - Microsoft Internet Explorer
gcasDtServ.exe 2392 00 Microsoft AntiSpyware Data Service WOODWARD\Rachel Woodward 8 200 gcasDtServHolder
gcasServ.exe 2472 01 Microsoft AntiSpyware Service WOODWARD\Rachel Woodward 4 200
WISPTIS.EXE 2904 00 Microsoft Tablet PC Platform Component WOODWARD\Rachel Woodward 13 109
svchost.exe 892 00 Generic Host Process for Win32 Services NT AUTHORITY\NETWORK SERVICE 8 437
svchost.exe 932 00 Generic Host Process for Win32 Services NT AUTHORITY\SYSTEM 8 1798
svchost.exe 972 00 Generic Host Process for Win32 Services NT AUTHORITY\NETWORK SERVICE 8 88
svchost.exe 1084 00 Generic Host Process for Win32 Services NT AUTHORITY\LOCAL SERVICE 8 203
spoolsv.exe 1336 00 Spooler SubSystem App NT AUTHORITY\SYSTEM 8 125
HPConfig.exe 1476 00 HPConfig Module NT AUTHORITY\SYSTEM 8 108
HPWirelessMgr.exe 1492 00 HPWirelessMgr Module NT AUTHORITY\SYSTEM 8 101
MsPMSPSv.exe 1620 00 WMDM PMSP Service NT AUTHORITY\SYSTEM 8 43
alg.exe 1796 00 Application Layer Gateway Service NT AUTHORITY\LOCAL SERVICE 8 102
iPodService.exe 1884 00 iPodService Module NT AUTHORITY\SYSTEM 8 113
avgupsvc.exe 2808 00 AVG Update Service NT AUTHORITY\SYSTEM 8 85
avgamsvr.exe 2888 00 AVG Alert Manager NT AUTHORITY\SYSTEM 8 161
lsass.exe 672 00 LSA Shell (Export Version) NT AUTHORITY\SYSTEM 9 366
explorer.exe 1296 02 Windows Explorer WOODWARD\Rachel Woodward 8 514 My Documents
hpqtra08.exe 168 00 HP Digital Imaging Monitor (CUE) WOODWARD\Rachel Woodward 8 114
SynTPEnh.exe 356 00 Synaptics TouchPad Enhancements WOODWARD\Rachel Woodward 8 84
atiptaxx.exe 456 00 ATI Desktop Control Panel WOODWARD\Rachel Woodward 8 91
ONETOUCH.EXE 492 00 One-Touch WOODWARD\Rachel Woodward 8 58
SynTPLpr.exe 500 00 TouchPad Driver Helper Application WOODWARD\Rachel Woodward 8 31
hphmon05.exe 540 00 HPHmon05 WOODWARD\Rachel Woodward 8 42
hpcmpmgr.exe 552 00 HP Framework Component Manager Service WOODWARD\Rachel Woodward 8 192
DrgToDsc.exe 588 00 Drag To Disc Application WOODWARD\Rachel Woodward 8 134
carpserv.exe 1052 00 carpserv WOODWARD\Rachel Woodward 8 8
dragdiag.exe 1096 00 SpeedTouch Statistics WOODWARD\Rachel Woodward 8 23
hpwuSchd2.exe 1220 00 Hewlett-Packard Product Assistant WOODWARD\Rachel Woodward 8 19
iTunesHelper.exe 1268 00 iTunesHelper Module WOODWARD\Rachel Woodward 8 183
qttask.exe 1284 00 WOODWARD\Rachel Woodward 8 42
msnmsgr.exe 1452 01 MSN Messenger WOODWARD\Rachel Woodward 8 935 Halibobilobs- ****in stress - Conversation
msmsgs.exe 2468 00 Windows Messenger WOODWARD\Rachel Woodward 8 506 :^) - Conversation
Fcc32.exe 3104 00 FirstClass® Client WOODWARD\Rachel Woodward 8 256
WinRAR.exe 3488 00 WinRAR archiver WOODWARD\Rachel Woodward 8 125 procexp.zip - WinRAR (evaluation copy)
procexp.exe 2200 07 Sysinternals Process Explorer WOODWARD\Rachel Woodward 13 148 Process Explorer - Sysinternals: www.sysinternals.com
avgcc.exe 1348 00 AVG Control Center WOODWARD\Rachel Woodward 8 191
avgemc.exe 2020 00 AVG E-Mail Scanner WOODWARD\Rachel Woodward 8 152

Process: System Idle Process Pid: 0

Handle Type Access Name

hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 14:28:18, on 22/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\FirstClass\Fcc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Rachel Woodward\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://students.shu.ac.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://students.shu.ac.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/uk/*http://www.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/uk/*http://www.yahoo.co.uk
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3978774-832F-4565-B4FF-17D746BE6C7C}: NameServer = 62.241.162.200 158.43.240.3
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Intel PDS - Unknown owner - C:\WINDOWS\system32\cba\pds.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)


to the untrained eye there doesn't seem a lot wrong with it but knowing me i'll be wrong i've only just found out that shes deleted files that are associated to it (i did not tell her to do that!)

any advice appreciated

EDIT: i forgot to say,when she tries running antivirus it just crashes,and thats the same with using the housecall online virus scanner...that crashes aswell

 

Hi
Mind editing your post to take the hjt (hijackthis) log out of the code box, so we can see it clearly, thanks

 

sorry

 

Thanks

Reboot into Safe Mode.

Delete C:\windows\system32\elit????32.exe <these file's
Delete "C:\Windows\system32\Kalv???32.exe"
(where ??? indicates random characters).
Delete C:\windows\EliteToolBar
Delete C:\windows\EliteBar

Later tell us which were found and deleted ?

Other files to look for silent.exe, protector.exe, silent_install.exe

Run Hijackthis and fix these items >
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...www.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...www.yahoo.co.uk

DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
=========================================
Now is a great time to run AVG and do a full system scan
, SpyBot and ad-Aware also, one at a time of cource.


Restart back to a normal windows session, once here make and post a fresh log

 

she says that no message is coming up now.she did what you said but didn't find some of the files to delete
NEW HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 18:47:42, on 22/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SAV\DefWatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SAV\vptray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAV\VPC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rachel Woodward\My Documents\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3978774-832F-4565-B4FF-17D746BE6C7C}: NameServer = 62.241.162.200 158.43.240.3
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SAV\DefWatch.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Server (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SAV\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

 

Thats good news

Install SpywareBlaster 3.3 (By JavaCool): http://www.javacoolsoftware.com/spywareblaster.html

Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
If any problems feel free to ask