I am having trouble with my lap top. I have downloaded ewido, avast, sb s&d, advanced spyware remover. but I still get web pages opening automatically and homepage changes. Also when I remove threats with the various programs they keep reappearing. Can anybody help? Here is my hijack log file:

Logfile of HijackThis v1.99.1
Scan saved at 15:26:24, on 18/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kensington\Kensington Mouse 1.1\MOUSE32A.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\windows\winsysban9.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Real\RealJukebox\tsystray.exe
C:\WINDOWS\System32\msoftconf1.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcafee.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Kensington\Kensington Mouse 1.1\MOUSE32A.EXE
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..\Run: [RealJukeboxSystray] “c:\Program Files\Real\RealJukebox\tsystray.exe”
O4 - HKLM..\Run: [Microsoft Configure1 32] msoftconf1.exe
O4 - HKLM..\Run: [gimmygames] C:\gimmygames9.exe
O4 - HKLM..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKLM..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM..\RunServices: [Microsoft Configure1 32] msoftconf1.exe
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [uzwf] C:\Program Files\Common Files\uzwf\uzwfm.exe
O4 - HKCU..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU..\Run: [Microsoft Configure1 32] msoftconf1.exe
O4 - HKCU..\Run: [Microsoft Configure12] msoftconf12.exe
O4 - HKCU..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000228.exe
O4 - HKCU..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?c75a02a13a6a413db9454e6bc868695d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?c75a02a13a6a413db9454e6bc868695d
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra ‘Tools’ menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136923822889
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37510.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c17.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab
O17 - HKLM\System\CCS\Services\Tcpip..{BB32C4A1-EA75-4B06-94B0-23D73E972393}: NameServer = 80.225.255.185 80.225.255.177
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\ktrql7951.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SURFQVM\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINDOWS\System32\winjava.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Winkbco - Unknown owner - C:\WINDOWS\System32\Winkbco.exe (file missing)
O23 - Service: Winkbd - Unknown owner - C:\WINDOWS\System32\Winkbd.exe (file missing)
O23 - Service: Winkera - Unknown owner - C:\WINDOWS\System32\Winkera.exe (file missing)
O23 - Service: Winkzaq - Unknown owner - C:\WINDOWS\System32\Winkzaq.exe (file missing)

thanks, Seathach

Welcome to the forum.
Please, only post a HJT log if asked to do so.
There are many on-lin HJT analyzers. Here’s just one of them:
http://hjt.networktechs.com/

General data

You are using the latest version of HijackThis.
Old version of Internet Explorer detected. Update required.
IMMEDIATLY visit http://windowsupdate.microsoft.com
and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended that you install one.

There are many free software firewalls availabe. My personal choice is ZoneAlarm (Free)

Hi Seathach :

 You have at least 1 "serious" piece of spyware on your
 machine; would recommend you go to an antiSPYWARE
 forum, such as www.landzdown.com .

Your OS (and subsequently your IE browser) is well out of date, this leaves you more vulnerable to expliots of vulnerabilities long since patched by MS XP Service Packs (SP2) and further security updates.

Thanks to all who replied.

I’ve been away from home for a while so have not been able to post.

I have installed a a zonealarm firewall.

However when I tried to update windows with sp2 it said my product key was blocked. Windows was already installed when I got the laptop. Is there a way of unblocking my product key?

Slan Seathach

Hi Seathach :

  You should NEVER download or install XP SP2 with
  spyware on your computer; did you ever go to an
  antiSPYWARE forum, such as the one I suggested,
  to have them guide you in removing the spyware I
  saw in the HijackThis log you posted about 2 weeks ago ?

However when I tried to update windows with sp2 it said my product key was blocked.

Sooner or later, all keys that aren't legitamate wind up being blocked. [b]Even the ones that are foating around for avast! Pro.[/b]