HI and thank in advance for your help. I have a Windows XP machine that is showing lots of malware.

Tried fixing yesterday with Spybot but to no avail.

Did a Kapersky scan but to long to post so I am posting all identified malicious from the kapersky scan...
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Tuesday, December 18, 2007 10:46:44 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 18/12/2007

Kaspersky Anti-Virus database records: 486393

-------------------------------------------------------------------------------



Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true



Scan Target - My Computer:

A:\

C:\

D:\



Scan Statistics:

Total number of scanned objects: 51257

Number of viruses found: 9

Number of infected objects: 90

Number of suspicious objects: 0

Duration of the scan process: 01:17:54



Infected Object Name / Virus Name / Last Action

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\Trend Micro\HijackThis\backups\backup-20071217-161601-755.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0015354.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0015458.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP144\A0015549.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP144\A0015746.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP144\A0015783.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP145\A0015799.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP145\A0015806.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP147\A0015838.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP149\A0015954.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0015978.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP151\A0016053.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP152\A0016121.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP154\A0016210.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP155\A0016224.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP158\A0016379.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP159\A0016391.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP159\A0016397.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP161\A0016488.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP161\A0016493.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP162\A0016535.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP165\A0016631.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP166\A0016664.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP169\A0016707.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP170\A0016764.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0016913.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP173\A0017012.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP174\A0018035.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0018081.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP176\A0018118.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP177\A0018138.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP178\A0018172.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0018205.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP180\A0018250.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP182\A0018307.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP184\A0018420.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP184\A0018464.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0018491.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0018562.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0018573.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP188\A0018655.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP190\A0018697.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0018733.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019104.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019110.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP196\A0019150.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP196\A0019197.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0019231.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0020435.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0020532.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP205\A0020591.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP206\A0020653.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP206\A0020747.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP208\A0020930.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP208\A0021911.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP208\A0021914.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP213\A0022664.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP213\A0022668.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP214\A0022718.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP216\A0022748.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP216\A0022771.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP216\A0022774.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217\A0023771.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217\A0023774.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0023826.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0023835.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0023844.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0023854.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0023864.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0023877.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0023886.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0023891.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0023902.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\change.log Object is locked skipped

C:\temp\ulSaa1212.exe/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\temp\ulSaa1212.exe/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\temp\ulSaa1212.exe/data0004 Infected: Trojan-Downloader.Win32.Small.gzs skipped

C:\temp\ulSaa1212.exe/data0006/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\temp\ulSaa1212.exe/data0006 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\temp\ulSaa1212.exe NSIS: infected - 5 skipped

C:\VundoFix Backups\byxvwtu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped

C:\VundoFix Backups\efcdeda.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped

C:\VundoFix Backups\hflwgfun.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped

C:\VundoFix Backups\kyekkfrl.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped

C:\VundoFix Backups\ltftkwvy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped

C:\VundoFix Backups\qomkhec.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped

C:\VundoFix Backups\rvcoguvj.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped

C:\VundoFix Backups\xxywxvt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped



C:\WINDOWS\system32\oc9\qopre83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\WINDOWS\system32\oc9\qopre83122.exe NSIS: infected - 1 skipped

Scan process completed.

------------------------------------

Any help would be greatly appreciated, will post HijackThis scan momentarily after re-naming hijackthis.exe

Here is the HijackThis Report...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:10:14 AM, on 12/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Common Files\FotoNation\EvLstnr.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Conversions Plus\MacName.exe

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\carman.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: {849f53fd-2451-a198-94a4-6dbbe1cb9705} - {5079bc1e-bbd6-4a49-891a-1542df35f948} - C:\WINDOWS\system32\kyekkfrl.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {89B6B6FC-597F-40A0-A779-638CA0BCF7DD} - C:\WINDOWS\system32\sstqq.dll (file missing)

O2 - BHO: (no name) - {9745AF4F-3583-4003-950E-D8DBEB98EC4B} - C:\Program Files\Internet Explorer\mexocagoC:\WINDOWS\system32\oc9\qopre83122.exe.dll (file missing)

O2 - BHO: (no name) - {AE57A54A-2AFD-4CC6-A182-33E7534D7227} - C:\WINDOWS\system32\pmkji.dll (file missing)

O2 - BHO: (no name) - {AEBF6926-DBA6-4100-A838-1CED0169AB78} - (no file)

O2 - BHO: (no name) - {C5C306C8-D173-42AE-AAC8-5F62C7B4142C} - (no file)

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe

O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\Conversions Plus\MacLic.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.gomyhit.com

O15 - Trusted Zone: *.imageservr.com

O15 - Trusted Zone: *.imagesrvr.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.imagesrvr.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149449736515

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{51E4E863-4573-4861-AA66-EDC25BA60131}: NameServer = 207.69.188.185

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\iewdhvag.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--

End of file - 8414 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Sorry for the wait, we have this:
The Waiting Room
http://forums.spybot.info/forumdisplay.php?f=37

If your issues have not been resolved, read the directions, turn off "Word Wrap" in notepad and post a new HJT log, and I will take a look.

Thanks

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it had been 10 days or more since your last post, and especially if the helper assisting you posted a response to that post to which you did not reply, the topic will not be reopened.

In that situation, if you still require help, it would be best to start a new topic and include a fresh HijackThis log with a link to your original thread.

Everyone else please begin a New Topic.