Trojans, Spyware, pop ups

tingting44 · 02-02-2009, 12:51 PM

Hey guys i am writing a post for my girlfriends laptop, it is a Novatech L51AI0 running on Vista O/S. Right where to start it is a total mess when i turn it on it comes up with a windows defender warning saying there is a trojan horse! :-( the name of it is "TrojanDownloader:Win32/Renos.AW" with a high level alert. Also get so many rediculous pop ups, also i get a microsoft windows alert saying "Host Process for windows services has stopped working" it beats me, it really is doing my head in :-( I really hope you guys can help me out :-)

i just ran a hijackthis log on the laptop.......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:28, on 30/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Users\Darran\AppData\Local\Temp\winlogin.exe
C:\Windows\System32\rs32net.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rs32net.exe
C:\Users\Darran\AppData\Local\Temp\csrssc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Users\Darran\AppData\Local\Temp\Low\466460906.exe
C:\Windows\system32\WerFault.exe
C:\Users\Darran\AppData\Local\Temp\jzrBA6.tmp
C:\Windows\system32\lssa.exe
C:\Windows\system32\svchost.exe
C:\Users\Darran\AppData\Local\Temp\zsh40EE.tmp
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: C:\Windows\system32\hgfdge4unjdfdg.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hgfdge4unjdfdg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\tbu03102\dyn_surflite_aff_1000.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\Users\Darran\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [rs32net] C:\Windows\System32\rs32net.exe
O4 - HKLM\..\Run: [Windows Service Processor] lssa.exe
O4 - HKLM\..\RunServices: [Windows Service Processor] lssa.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\Users\Darran\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Run: [rs32net] C:\Windows\System32\rs32net.exe
O4 - HKCU\..\Run: [Lsass Service] C:\20905.exe
O4 - HKCU\..\Run: [Windows Update] "C:\Windows\system32\Updater.exe"
O4 - HKCU\..\Run: [Adobe System Update] C:\Users\Darran\AppData\Local\Temp\IXP002.TMP\Adobe_Update.exe
O4 - HKCU\..\Run: [Java Runtime Update] C:\Users\Darran\AppData\Local\Temp\IXP002.TMP\Java Update.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\Users\Darran\AppData\Local\Temp\csrssc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZRman000
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: SurfLite Toolbar - {6226ba26-c017-4007-928c-de9715c6fa68} - C:\Program Files\IESurfBar\SurfLite Toolbar\tbu03102\dyn_surflite_aff_1000.dll
O9 - Extra 'Tools' menuitem: SurfLite Toolbar - {6226ba26-c017-4007-928c-de9715c6fa68} - C:\Program Files\IESurfBar\SurfLite Toolbar\tbu03102\dyn_surflite_aff_1000.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA6F4CDD-3E32-406B-9462-64BF4F31977F}: NameServer = 85.255.116.126,85.255.112.119
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCB10B88-B74F-416B-B93E-CAF87DEC338D}: NameServer = 85.255.116.126,85.255.112.119
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.36,85.255.112.75
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.126,85.255.112.119
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.126,85.255.112.119
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.126,85.255.112.119
O20 - Winlogon Notify: bbcddcaacfef - C:\Windows\system32\bbcddcaacfef.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hgfdge4unjdfdg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
--
End of file - 8828 bytes

Please anything you can do will be most appriciated guys :-)))

I look forward to your response :-)

Kindest regards

Martin

tetonbob · 02-04-2009, 01:31 PM

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a

Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

02-02-2009, 12:51 PM	#1 (permalink)
tingting44 Registered User Join Date: Mar 2008 Posts: 9 OS: vista home premium	Trojans, Spyware, pop ups Hey guys i am writing a post for my girlfriends laptop, it is a Novatech L51AI0 running on Vista O/S. Right where to start it is a total mess when i turn it on it comes up with a windows defender warning saying there is a trojan horse! :-( the name of it is "TrojanDownloader:Win32/Renos.AW" with a high level alert. Also get so many rediculous pop ups, also i get a microsoft windows alert saying "Host Process for windows services has stopped working" it beats me, it really is doing my head in :-( I really hope you guys can help me out :-) i just ran a hijackthis log on the laptop....... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:03:28, on 30/01/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Users\Darran\AppData\Local\Temp\winlogin.exe C:\Windows\System32\rs32net.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rs32net.exe C:\Users\Darran\AppData\Local\Temp\csrssc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\svchost.exe c:\program files\winamp toolbar\WinampTbServer.exe C:\Users\Darran\AppData\Local\Temp\Low\466460906.exe C:\Windows\system32\WerFault.exe C:\Users\Darran\AppData\Local\Temp\jzrBA6.tmp C:\Windows\system32\lssa.exe C:\Windows\system32\svchost.exe C:\Users\Darran\AppData\Local\Temp\zsh40EE.tmp C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: C:\Windows\system32\hgfdge4unjdfdg.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hgfdge4unjdfdg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\tbu03102\dyn_surflite_aff_1000.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\Users\Darran\AppData\Local\Temp\winlogin.exe O4 - HKLM\..\Run: [rs32net] C:\Windows\System32\rs32net.exe O4 - HKLM\..\Run: [Windows Service Processor] lssa.exe O4 - HKLM\..\RunServices: [Windows Service Processor] lssa.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\Users\Darran\AppData\Local\Temp\winlogin.exe O4 - HKCU\..\Run: [rs32net] C:\Windows\System32\rs32net.exe O4 - HKCU\..\Run: [Lsass Service] C:\20905.exe O4 - HKCU\..\Run: [Windows Update] "C:\Windows\system32\Updater.exe" O4 - HKCU\..\Run: [Adobe System Update] C:\Users\Darran\AppData\Local\Temp\IXP002.TMP\Adobe_Update.exe O4 - HKCU\..\Run: [Java Runtime Update] C:\Users\Darran\AppData\Local\Temp\IXP002.TMP\Java Update.exe O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\Users\Darran\AppData\Local\Temp\csrssc.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZRman000 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: SurfLite Toolbar - {6226ba26-c017-4007-928c-de9715c6fa68} - C:\Program Files\IESurfBar\SurfLite Toolbar\tbu03102\dyn_surflite_aff_1000.dll O9 - Extra 'Tools' menuitem: SurfLite Toolbar - {6226ba26-c017-4007-928c-de9715c6fa68} - C:\Program Files\IESurfBar\SurfLite Toolbar\tbu03102\dyn_surflite_aff_1000.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CA6F4CDD-3E32-406B-9462-64BF4F31977F}: NameServer = 85.255.116.126,85.255.112.119 O17 - HKLM\System\CCS\Services\Tcpip\..\{DCB10B88-B74F-416B-B93E-CAF87DEC338D}: NameServer = 85.255.116.126,85.255.112.119 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.36,85.255.112.75 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.126,85.255.112.119 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.126,85.255.112.119 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.126,85.255.112.119 O20 - Winlogon Notify: bbcddcaacfef - C:\Windows\system32\bbcddcaacfef.dll O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hgfdge4unjdfdg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe -- End of file - 8828 bytes Please anything you can do will be most appriciated guys :-))) I look forward to your response :-) Kindest regards Martin