Okay, so when I go to add/remove programs there's this program named Shopping Wizard. (Never let your mom use your computer when you're not home)

Anywhoo when I tried to remove it, it linked me to a website instead, and told me to download this .exe file to uninstall the program. (Yeah right)

So I ran the latest versions of CWShredder, Spybot S&D, and Adaware and it's still there. Anyway here's my HijackThis! log: (Of particular note is the large number of Windows updates active.)

Logfile of HijackThis v1.98.0
Scan saved at 1:19:57 AM, on 15/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Documents and Settings\Geeeeeeeeeeoff\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.ca/"); (C:\Documents and Settings\Geeeeeeeeeeoff\Application Data\Mozilla\Profiles\default\5sre4roc.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Cs earchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Geeeeeeeeeeoff\Application Data\Mozilla\Profiles\default\5sre4roc.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4DB64B88-0933-55E1-5343-261A238D2B60} - C:\WINDOWS\ntfk32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ngqaxdi] "C:\WINDOWS\System32\ngqaxdi.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [netfu.exe] C:\WINDOWS\system32\netfu.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] winupdate32.exe
O4 - HKLM\..\RunServices: [windowsupdate] RPCX1sq234.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] winupdate32.exe
O4 - HKLM\..\RunOnce: [ntdj32.exe] C:\WINDOWS\ntdj32.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows Update] winupdate32.exe
O4 - Startup: MTS.lnk = ?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/ente...secall_pre.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patche.../en-us/nhl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file...CallButton.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2CC0AA8-3864-4072-A2C7-987E89EEE469}: NameServer = 142.161.130.155 142.161.2.155
O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Jnmgog32.dll (file missing)

Restart HijackThis and put checks next to the following, close all browser windows (including this one) then click on 'Fix Checked':

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {4DB64B88-0933-55E1-5343-261A238D2B60} - C:\WINDOWS\ntfk32.dll


O4 - HKLM\..\Run: [ngqaxdi] "C:\WINDOWS\System32\ngqaxdi.exe"
O4 - HKLM\..\Run: [netfu.exe] C:\WINDOWS\system32\netfu.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] winupdate32.exe
O4 - HKLM\..\RunServices: [windowsupdate] RPCX1sq234.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] winupdate32.exe
O4 - HKLM\..\RunOnce: [ntdj32.exe] C:\WINDOWS\ntdj32.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] winupdate32.exe

Run a search on all of those .exe files listed above and delete them.

Click here to make sure that you have the latest patches for Windows. Click here to get the latest version of Internet Explorer. It's very important to keep your system up to date to avoid unnecessary security risks.

Thanks! You guys are quick! I'm at work right now, so I can't try this, but I will as soon as I get home. This must be a fairly new trojan if neither Adaware or Spybot recognize it.

I never use IE, but when I did yesterday the trojan had changed my homepage to a online shopping site. I guess I will download the newest version of IE.

Even if you don't use IE, it is present on your system by default and whether its used or not, the vulnerabilities are still there and leave a hole in your systems security.