Virus - Hijack This log

yorica

Hi gang

It would seem to my untrained eye that my google has been hijacked or corrupted in some way by a virus that I can't get rid of.

Everytime I click on a link via google the pc/virus re-directs me to a random site not linked to my original google enquiry. A website called monstermarketplace appears quite frequently in its place.

Here is the content of my hijack this logfile. I understand by placing it here that you guys might be of some assistance. Well here goes...

Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 23:08:27, on 02/02/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\cpqalert.exe
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Compaq\Desktop Management\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cpqdmi.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\CHKADMIN.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Napster\napster.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\explorer.exe
C:\Program Files\HijackThis\Analyse.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [EASY ACCESS KEYBOARD] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fast4.net/
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: !!41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: !!5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123017998531
O16 - DPF: !!7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!8F0102D8-FB9A-4774-BE5B-18264D41EFFA}: NameServer = 80.189.94.2,80.189.92.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\System32\cpqalert.exe
O23 - Service: CPQDMI - Compaq Computer Corporation - C:\WINNT\System32\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (CpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Win32sl - Intel - C:\Program Files\Compaq\Desktop Management\Dmi\Win32\bin\Win32sl.exe



I've downloaded pretty much every free anti virus/spyware software available but to no avail. I also used the software in safe mode and followed pretty all the steps in your removal guide and I'm still stuck with a useless google. I'm also afraid to access my bank account because of this virus.

Please help as my google is now useless.

Kind regards

Yorica

DrSmutt

O17 - HKLM\System\CCS\Services\Tcpip\..\!!8F0102D8-FB9A-4774-BE5B-18264D41EFFA}: NameServer = 80.189.94.2,80.189.92.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175

delete you internet connection. and re create it or if you know how check you tcp/ip setting

in control panel -> network connections -> you connection (the default 1)

right click -> properties -> double click on internet protocol (tcp/ip)

make sure they are both set to obtain ..... (not sure about people with routers).

DrSmutt

http://forums.spybot.info/showthread.php?t=5605&page=2

its a rootkit trojan.

Browntoa

please fix just these items first in hijackthis

R3 - Default URLSearchHook is missing
(Description: This will fix the search mechanism in IE.)

O17 - HKLM\System\CCS\Services\Tcpip\..\!!8F0102D8-FB9A-4774-BE5B-18264D41EFFA}: NameServer = 80.189.94.2,80.189.92.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175


next

Please download WebRoot SpySweeper (It's a 2 week trial):

http://www.webroot.com/consumer/products/spysweeper/index.html?rc=4129

Click the Free Trial link under "Downloads/SpySweeper" to download the program.

Install it. Once the program is installed, it will open.

It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.

Under What to Sweep please put a check next to the following:

* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits

Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.

Click the Start button.

When it's done scanning, click the Next button.

Make sure everything has a check next to it, then click the Next button.

It will remove all of the items found.

Click Session Log in the upper right corner, copy everything in that window.

Click the Summary tab and click Finish.

Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log back here

(info sourced from the site below to save retyping it all )

http://www.bullguard.com/forum/9/Need-Help-Removing-TrojanVundo_24247.html

yorica

Hiya

I ran the scan but there is no 2 week trial . I have to pay $30 to remove the files. So there is no way to remove it??? Am I missing something here?

I also followed your tips on hijack this. I have also included this scan.

Thanks in advance.

Here is the Spysweeper scan...

16:16: Traces Found: 28
16:16: Custom Sweep has completed. Elapsed time 00:22:15
16:16: File Sweep Complete, Elapsed Time: 00:17:35
16:09: Warning: Failed to open file "c:\program files\webroot\spy sweeper\settings.dat". The process cannot access the file because it is being used by another process
16:08: C:\Program Files\Star Downloader\Partial Downloads\BICC03AE.dat (ID = 62371)
16:08: Found Adware: hotbar/zango
16:03: Warning: Failed to open file "c:\documents and settings\administrator\application data\mozilla\firefox\profiles\j288g8ki.default\parent.lock". The process cannot access the file because it is being used by another process
16:02: Warning: Failed to open file "c:\documents and settings\administrator\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
16:02: Warning: Failed to open file "c:\documents and settings\administrator\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
16:02: Warning: Failed to open file "c:\documents and settings\administrator\ntuser.dat.log". The process cannot access the file because it is being used by another process
16:02: Warning: Failed to open file "c:\documents and settings\administrator\ntuser.dat". The process cannot access the file because it is being used by another process
16:01: Warning: Failed to open file "c:\winnt\temp\_avast4_\webshlock.txt". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\default". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\software". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\system". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\sam.log". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\sam". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\system.alt". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\security.log". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\security". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\default.log". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\config\software.log". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\perflib_perfdata_204.dat". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\winnt\system32\kdmmn.exe". The process cannot access the file because it is being used by another process
15:59: Warning: Failed to open file "c:\pagefile.sys". Access is denied
15:59: Starting File Sweep
15:59: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
15:59: Cookie Sweep Complete, Elapsed Time: 00:00:00
15:59: c:\documents and settings\administrator\cookies\administrator@statcounter[1].txt (ID = 3447)
15:59: Found Spy Cookie: statcounter cookie
15:59: Starting Cookie Sweep
15:59: Registry Sweep Complete, Elapsed Time:00:00:16
15:59: HKLM\software\classes\clsid\{ffe54f5b-2ee3-4f84-82f7-690ee6be4392}\ (ID = 657689)
15:59: HKLM\software\classes\clsid\{f6c815b9-da7a-4907-b980-cc2024e6c7fa}\ (ID = 657683)
15:59: HKLM\software\classes\clsid\{d6532056-db71-4127-b404-07bdcd2ba4fe}\ (ID = 657667)
15:59: HKLM\software\classes\clsid\{d645ea00-cf93-463a-b111-11f22dccbb3c}\ (ID = 657651)
15:59: HKLM\software\classes\clsid\{c32be913-b637-4f51-8247-8f5b57127620}\ (ID = 657635)
15:59: HKLM\software\classes\clsid\{b3fa8f72-4637-4412-a361-b78fb7bfdc3b}\ (ID = 657629)
15:59: HKLM\software\classes\clsid\{ad6880b6-aa87-4404-9015-367975d43647}\ (ID = 657613)
15:59: HKLM\software\classes\clsid\{a04e7947-6800-40a2-a717-505716d20f57}\ (ID = 657606)
15:59: HKLM\software\classes\clsid\!!9d9497b7-38e5-47ab-b75b-e97f164a3848}\ (ID = 657590)
15:59: HKLM\software\classes\clsid\!!0a87d8c7-6113-4495-bd8e-a13bbe76e5fd}\ (ID = 657482)
15:59: HKLM\software\classes\clsid\!!045a8282-70b5-43f7-8bfe-c6d558e2960f}\ (ID = 657476)
15:59: HKCR\clsid\{ffe54f5b-2ee3-4f84-82f7-690ee6be4392}\ (ID = 657432)
15:59: HKCR\clsid\{f6c815b9-da7a-4907-b980-cc2024e6c7fa}\ (ID = 657426)
15:59: HKCR\clsid\{d6532056-db71-4127-b404-07bdcd2ba4fe}\ (ID = 657410)
15:59: HKCR\clsid\{d645ea00-cf93-463a-b111-11f22dccbb3c}\ (ID = 657394)
15:59: HKCR\clsid\{c32be913-b637-4f51-8247-8f5b57127620}\ (ID = 657378)
15:59: HKCR\clsid\{b3fa8f72-4637-4412-a361-b78fb7bfdc3b}\ (ID = 657372)
15:59: HKCR\clsid\{ad6880b6-aa87-4404-9015-367975d43647}\ (ID = 657356)
15:59: HKCR\clsid\{a04e7947-6800-40a2-a717-505716d20f57}\ (ID = 657349)
15:59: HKCR\clsid\!!9d9497b7-38e5-47ab-b75b-e97f164a3848}\ (ID = 657333)
15:59: HKCR\clsid\!!0a87d8c7-6113-4495-bd8e-a13bbe76e5fd}\ (ID = 657225)
15:59: HKCR\clsid\!!045a8282-70b5-43f7-8bfe-c6d558e2960f}\ (ID = 657219)
15:59: Found Adware: psguard
15:59: HKLM\software\classes\appid\webdir.dll\ (ID = 203862)
15:59: HKCR\appid\webdir.dll\ (ID = 203861)
15:59: HKLM\software\classes\typelib\!!453dca38-2a09-4dbe-a617-a2711c8480d0}\ (ID = 203857)
15:59: HKCR\typelib\!!453dca38-2a09-4dbe-a617-a2711c8480d0}\ (ID = 203855)
15:59: Found Adware: webdir
15:58: Starting Registry Sweep
15:58: Memory Sweep Complete, Elapsed Time: 00:04:20
15:54: Starting Memory Sweep
15:54: Start Custom Sweep
15:54: Sweep initiated using definitions version 845
15:53: Your definitions are up to date.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
15:46: Shield States
15:46: Spyware Definitions: 845
15:46: Spy Sweeper 5.3.1.2344 started
15:46: Spy Sweeper 5.3.1.2344 started
15:46: | Start of Session, 03 February 2007 |
***************

Logfile of HijackThis v1.99.1
Scan saved at 16:43:09, on 03/02/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\cpqalert.exe
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Compaq\Desktop Management\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cpqdmi.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\CHKADMIN.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\Analyse.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [EASY ACCESS KEYBOARD] "C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fast4.net/
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: !!41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: !!5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123017998531
O16 - DPF: !!7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\System32\cpqalert.exe
O23 - Service: CPQDMI - Compaq Computer Corporation - C:\WINNT\System32\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (CpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Win32sl - Intel - C:\Program Files\Compaq\Desktop Management\Dmi\Win32\bin\Win32sl.exe

Browntoa

Download Fixwareout.exe by LonnyRJones, and save it to your Desktop:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Double click Fixwareout.exe to start the Fixwareout Setup Wizard
Click Next > Install.
Ensure that the box to the left of Run fixit is checked.
Click on Finish.
Follow the prompts.
You will be asked to reboot your computer - please do so. Your system may take longer than usual to load - this is normal.
When your system reboots, follow the prompts.

Afterwards HijackThis should launch by itself, close it

Rightclick on hijackthis exe and rename it to hjt exe

yorica

This comes from the Fixwareout.exe.

I've also renamed HijackThis and pasted another .txt file below.

Your time and assistance is appreciated.

Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINNT\System32\kdmmn.exe will be moved to C:\WINNT\temp\kdmmn.ren at reboot.

»»»»» System restarted
Reg Entries that were deleted
...
Random Runs removed from HKLM
...

»»»»» Misc files.

»»»»» Checking for older varients.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»

PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.

This WILL/CAN also list Legit Files, Submit them at Virustotal
Search five digit cs, dm kd and jb files.
»»»»»
»»»»» Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="\"mobsync.exe\" /logon"
"Promon.exe"="Promon.exe"
"EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"CHKADMIN"="CHKADMIN.EXE"
"EASY ACCESS KEYBOARD"="\"C:\\Program Files\\Compaq\\Easy Access Keyboard\\MMKeybd.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"NapsterShell"="\"C:\\Program Files\\Napster\\napster.exe\" /systray"
"DSLAGENTEXE"="C:\\Program Files\\Voyager 205 ADSL Router\\Adsl\\dslagent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINNT\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"NVIEW"="\"rundll32.exe\" nview.dll,nViewLoadHook"
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe\""

Hosts file was reset, If you use a custom hosts file please replace it

Logfile of HijackThis v1.99.1
Scan saved at 17:19:36, on 03/02/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\cpqalert.exe
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Compaq\Desktop Management\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cpqdmi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\notepad.exe
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\CHKADMIN.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Napster\napster.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Program Files\HijackThis\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [EASY ACCESS KEYBOARD] "C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fast4.net/
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: !!41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: !!5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123017998531
O16 - DPF: !!7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O19 - User stylesheet: (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\System32\cpqalert.exe
O23 - Service: CPQDMI - Compaq Computer Corporation - C:\WINNT\System32\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (CpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Win32sl - Intel - C:\Program Files\Compaq\Desktop Management\Dmi\Win32\bin\Win32sl.exe

Browntoa

does that seem to have cured it ??

you seem to be running both Avast and AVG anti virus, you should not run 2 antivirus, choose 1 and delete the other

yorica

Hi Browntoa

It works now, so thanks for all your advice and I will off load AVG. Phew!

However, 1 minor thing is that now my google toolbar has moved to a very odd position on my screen and I don't seem able to move it. I don't seem able to attach a screen grab to show what I mean. Any advice?

Thanks again

Yorica

Browntoa

use add/remove programs to remove it or "right click" on the toolbars to see if they are "locked" if not then drag the dividing line next to the toolbar along until it is back as it was

yorica

Pure genius.

Thanks again.


:T :T :T :T :T :T