On normal start up my screen has been taken over by an advertisement for a system tool removal software. I have a persistant pop up on the tool bar saying my antivirus (avast) is infected and then a box appears and "runs" a system check which finds numerous trojans and virus's. I am also having dificulty logging on to the internet. I have followed the instructions in the guidance regarding the prep work but I have had to do this in "Safe Mode" as the computor does nothing in normal mode. I would be most grateful for you help....again.
Thanks in anticipation
Dave
DDS Log
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Dave at 19:24:01.89 on 05/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.503.169 [GMT 0:00]
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uWindow Title =
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRunOnce: [lAkEp09000] c:\programdata\lakep09000\lAkEp09000.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2007-1-29 451072]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2007-8-12 2599936]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 293968]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-26 51280]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-2 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-30 1343400]
=============== Created Last 30 ================
2011-01-05 19:31:28 -------- d-----w- c:\users\dave\appdata\roaming\HTC
2011-01-05 18:43:27 -------- d-----w- c:\progra~2\lAkEp09000
2010-12-21 21:40:10 -------- d-----w- c:\users\dave\appdata\local\Downloaded Installations
2010-12-21 21:39:15 -------- d-----w- c:\program files\Spirent Communications
2010-12-21 21:38:18 -------- d-----w- c:\program files\HTC
2010-12-21 21:37:14 -------- d-----w- c:\program files\MSXML 4.0
2010-12-16 10:02:03 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-16 10:01:49 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 09:58:34 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 09:58:29 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 09:58:22 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 09:58:17 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 09:58:14 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 09:58:09 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-16 09:57:51 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 09:57:49 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 09:57:35 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-16 09:57:25 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-16 09:56:58 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-10 16:52:46 -------- d-----w- c:\program files\Yahoo!
2010-12-10 16:36:19 -------- d-----w- C:\ef65b8ad84bb4cc4b714b17c156741e8
2010-12-10 16:34:46 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-10 16:34:40 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-10 16:29:59 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-10 16:29:58 3181568 ----a-w- c:\windows\system32\mf.dll
2010-12-10 16:29:54 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-12-10 16:29:07 469256 ----a-w- c:\program files\common files\windows live\.cache\5711ae911cb988708\InstallManager_WLE_WLE.exe
2010-12-10 16:28:16 15712 ----a-w- c:\program files\common files\windows live\.cache\3f364abf1cb988707\MeshBetaRemover.exe
2010-12-10 16:28:08 94040 ----a-w- c:\program files\common files\windows live\.cache\39d0f44f1cb988706\DSETUP.dll
2010-12-10 16:28:08 525656 ----a-w- c:\program files\common files\windows live\.cache\39d0f44f1cb988706\DXSETUP.exe
2010-12-10 16:28:08 1691480 ----a-w- c:\program files\common files\windows live\.cache\39d0f44f1cb988706\dsetup32.dll
2010-12-10 16:28:03 525656 ----a-w- c:\program files\common files\windows live\.cache\2d5009311cb988705\DXSETUP.exe
2010-12-10 16:27:58 1691480 ----a-w- c:\program files\common files\windows live\.cache\2d5009311cb988705\dsetup32.dll
2010-12-10 16:27:55 94040 ----a-w- c:\program files\common files\windows live\.cache\2d5009311cb988705\DSETUP.dll
2010-12-10 16:27:01 6260088 ----a-w- c:\program files\common files\windows live\.cache\894cea11cb988704\Silverlight.4.0.exe
2010-12-10 16:24:54 -------- d-----w- c:\users\dave\appdata\local\Windows Live
2010-12-10 16:24:40 -------- d-----w- c:\program files\common files\Windows Live
2010-12-09 09:13:04 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
==================== Find3M ====================
2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
============= FINISH: 19:25:10.46 ===============