Also see my previous problem from http://www.d-a-l.com/help/showthread...477#post120477

I am back with the same problem from that thread.. after scaning with the BitDefender scan a few months back, my computer was back to normal.. then after changing my dial-up provider to AT&T the problem ha returned.. I tried all the same solutions provided by Neal (they worked before).. attempting all those solutions have not worked.. it seems this problem returns every time I switch internet providers..

My new HijackTHis log file is as follows..

Logfile of HijackThis v1.99.1
Scan saved at 10:47:47 PM, on 3/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\defaultppp\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152567830\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM (R) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O12 - Plugin for .wvx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{087ADD13-766B-4677-8EFB-CF2F12BFE7AF}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{087ADD13-766B-4677-8EFB-CF2F12BFE7AF}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Remote Procedure Call (RPC) Locator (Locator) - Unknown owner - C:\WINDOWS\SYSTEM32\ppp.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe (file missing)


THanks in advance for any help anyone can provide.. as it is much appreciated and if I ever meet any of you in real life one day if fate allows, I will buy you a beer at the local pub

John

ALSO HERE ARE MY SYSTEM SPECS.. if those help with anything..

Operating System System Model
Windows XP Home Edition Service Pack 1 (build 2600) Compaq Compaq PC
System Serial Number: 3333333333333333
Enclosure Type: Mini-Tower
Processor a Main Circuit Board b
600 megahertz Intel Celeron
32 kilobyte primary memory cache
128 kilobyte secondary memory cache Board: Compaq 06C0h
Bus Clock: 66 megahertz
BIOS: Compaq 686C3 06/02/2000
Drives Memory Modules c,d
19.99 Gigabytes Usable Hard Drive Capacity
10.02 Gigabytes Hard Drive Free Space

CDWRITER IDE5224 [CD-ROM drive]
COMPAQ SC-140S [CD-ROM drive]
3.5" format removeable media [Floppy drive]

WDC WD200EB-00BHF0 [Hard drive] (20.02 GB) -- drive 0, s/n WD-WMA6K6062485, rev 15.15M15, SMART Status: Healthy 256 Megabytes Installed Memory

Slot 'DIMM1' has 128 MB
Slot 'DIMM2' has 128 MB
Local Drive Volumes

c: (FAT32 on drive 0) 16.09 GB 7.29 GB free
d: (FAT32 on drive 0) 3.90 GB 2.73 GB free

Network Drives
None detected
Users (mouse over user name for details) Printers
local user accounts last logon
defaultppp 3/22/2007 10:41:40 PM (admin)
local system accounts
Administrator never (admin)
ASPNET never
Guest never
HelpAssistant never
SUPPORT_388945a0 never


Marks a disabled account; Marks a locked account Acrobat PDFWriter on LPT1:

Controllers Display
Standard floppy disk controller
Intel(r) 82801AA Bus Master IDE Controller
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] Intel(r) 82810E Graphics Controller [Display adapter]
COMPAQ MV720 [Monitor] (16.3"vis, s/n 932CE48BVJV8, August 1999)
Bus Adapters Multimedia
Intel(r) 82801AA USB Universal Host Controller ESS Allegro PCI Audio (WDM)
MPU-401 Compatible MIDI Device
Standard Game Port
Communications Other Devices
U.S. Robotics 56K Fax Host Int [Modem]


RAS Async Adapter
IP Address: 12.74.142.96 / 32
Gateway: 12.74.142.96
Physical Address: 00:53:45:00:00:00
HID-compliant consumer control device (2x)
HID-compliant device (6x)
USB Human Interface Device (3x)
HID Keyboard Device
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
HID-compliant mouse
PS/2 Compatible Mouse
Generic USB Hub
USB Composite Device
USB Root Hub

You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.

• Create a new folder in your C: Drive.
• Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and
• Move the HijackThis.exe file into the newly created FOLDER.
• Run HJT from there (and revise your shortcut accordingly).

O23 - Service: Remote Procedure Call (RPC) Locator (Locator) - Unknown owner - C:\WINDOWS\SYSTEM32\ppp.exe (file missing)
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe (file missing)

HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here


Please check if either of the above FILES are still on your hard drive and advise accordingly.


Stop and Disable a Service

• Go to Start » Run » type: Services.msc » OK.
• Scroll down and find this service: (any bracketed service name{s})
• Double-click on it.
• Under the General tab, click the Stop button.
• Then change the Startup Type to Disabled.
• Click Apply and then OK.

Next:

• Run HijackThis.
• Click on ’Open the Misc Tools section’.
• Click on ’Delete an NT Service’.
• Enter the (service name identified in brackets) into that field (make sure there are NO spaces before or after the name):
  service name(s)
• Click OK and select NO when asked to reboot.

REBOOT when finished and post a revised HijackThis LOG.

Sup VopThis.. thanks for your response too.

I enabled viewing of Hidden Folders and also navigated to the C:\WINDOWS\SYSTEM32\ppp.exe and C:\WINDOWS\wordpad.exe and both files are not there. They are missing.

I also ran services.msc and it showed NO services in brackets..

pain and agony plague my computer aaaaaaaaa

But, as requested, here is a revised HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 5:18:49 PM, on 3/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sysmgr64.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\mstskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152567830\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MS Task Manager 32] C:\WINDOWS\System32\mstskmgr.exe
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM (R) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O12 - Plugin for .wvx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{087ADD13-766B-4677-8EFB-CF2F12BFE7AF}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{087ADD13-766B-4677-8EFB-CF2F12BFE7AF}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Remote Procedure Call (RPC) Locator (Locator) - Unknown owner - C:\WINDOWS\SYSTEM32\ppp.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe (file missing)

I also ran services.msc and it showed NO services in brackets..

You were to look for the words in the brackets on this line and verify sufficent other words to identify the correct service was found, if there:

O23 - Service: Remote Procedure Call (RPC) Locator (Locator) - Unknown owner - C:\WINDOWS\SYSTEM32\ppp.exe (file missing)

Please do not allow 'BitTorrent' to load or run while trying to fix your problem.




Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

• In Safe Mode, right click the SDFix.zip folder and choose Extract All,
• Open the extracted folder and double click RunThis.bat to start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.

VopThis: Thanks for your continued attention.. as it is very much appreciated..

I uninstalled BitTorrent so it wouldn't interfere with any repair processes..



I successfully completed a SDFix.bat repair.. thanks to MS-DOS, haha..

the following log file was created after the SDFix.bat system repair:

SDFix: Version 1.76

Run by defaultppp - Tue 04/03/2007 - 21:16:21.01

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\defaultppp\Desktop\SDFIX\SDFix

Safe Mode:
Checking Services:

Name:
Locator

ImagePath:
C:\WINDOWS\SYSTEM32\ppp.exe

Locator Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\ERASEM~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\eraseme_27786.exe - Deleted
C:\DOCUME~1\DEFAUL~2\LOCALS~1\Temp\ICD1.tmp\ObjSaf e.tlb - Deleted
C:\DOCUME~1\DEFAUL~2\LOCALS~1\Temp\ICD1.tmp\m67m.i nf - Deleted
C:\WINDOWS\sysmgr64.exe - Deleted
C:\WINDOWS\system32\svcchosst.exe - Deleted
C:\WINDOWS\system32\TFTP1484 - Deleted
C:\WINDOWS\system32\TFTP180 - Deleted
C:\WINDOWS\system32\TFTP1072 - Deleted
C:\WINDOWS\system32\TFTP1936 - Deleted
C:\WINDOWS\system32\TFTP1972 - Deleted
C:\WINDOWS\system32\TFTP1508 - Deleted
C:\WINDOWS\system32\TFTP1268 - Deleted
C:\WINDOWS\system32\TFTP172 - Deleted
C:\DOCUME~1\DEFAUL~2\LOCALS~1\Temp\tmp*.tmp - Deleted


Folder C:\DOCUME~1\DEFAUL~2\LOCALS~1\Temp\ICD1.tmp - Removed

ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\DEFAUL~2\Desktop\SDFIX\SDFix\backups\b ackups.zip

Checking For Files with Hidden Attributes :

C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
C:\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
C:\WINDOWS\ifyf.exe.tmp
C:\WINDOWS\zwnux.exe.tmp
C:\WINDOWS\ler.exe.tmp
C:\WINDOWS\nobyz.exe.tmp
C:\WINDOWS\sncnghoh.exe.tmp
C:\WINDOWS\hyx.exe.tmp
C:\WINDOWS\vuzmjsf.exe.tmp
C:\LOGO.SYS
C:\3hoja6hw.sys
C:\WINDOWS\COMMAND\EBD\winboot.sys
C:\WINDOWS\ifyf.exe.tmp
C:\WINDOWS\zwnux.exe.tmp
C:\WINDOWS\ler.exe.tmp
C:\WINDOWS\nobyz.exe.tmp
C:\WINDOWS\sncnghoh.exe.tmp
C:\WINDOWS\hyx.exe.tmp
C:\WINDOWS\vuzmjsf.exe.tmp

Finished


My new HijackThis report is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 9:32:37 PM, on 4/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\mstskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152567830\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MS Task Manager 32] C:\WINDOWS\System32\mstskmgr.exe
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Microsoft Works\wksss.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM (R) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O12 - Plugin for .wvx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{087ADD13-766B-4677-8EFB-CF2F12BFE7AF}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{087ADD13-766B-4677-8EFB-CF2F12BFE7AF}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe (file missing)



Also, as requested, I ran services.msc and compared it to my HijackThis log to see which services are found..

The following services were listed in HijackThis log as (file missing) but DO NOT appear in the services.msc list..

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)



The following services were listed in HijackThis log as (file missing) but DO appear in the services.msc list..

O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe (file missing)



EDIT: My system has been sluggish after connecting to the internet, programs are becoming increasingly unresponsive, and my whole system will then lock up and freeze. It's happening more than ever.. I also am receiving this error message when I connect to the internet:

I am assuming that this one is a toughie.. blah.. I don't know what to do.. I run Spybot Search & Destroy and AVG like 4 or 5 times a week.. aight then.. get at me.

Yes, your infection is a potentially very very serious infection. I have been giving it some more research.




PLEASE CONSIDER THIS: Your system has likely been compromised to a point where even cleaning it does not promise you a trustworthy machine. There is lot of serious concern about the SDBOT infection family and its known updateable/installable capabilities whether currently in use or not - SEE:
(20K hits for inclusive search terms SDBOT, banking, and password).


If you do online banking or have passwords that would be a serious concern in the hands of others (identity theft or compromise of confidential information), then more serious action is likely advisable and potentially warranted (backup user files, do a clean re-install, and change all user passwords while off-line). More often than not they want your PC as a compromised zombie (a botnet/spambot member to do evil deeds) – but who is to know.

Nevertheless, initial and further cleaning may still be warranted to give you some renewed degree of control and then time to more fully consider your options. Let us know how you wish to proceed.

I have had this computer for almost seven years now.. and have been constantly upgrading since its purchase in 2000.. this machine is my pride.. I would do anything to save it from an infection/security breach.. as it means alot to me.. I am sure you guys understand my dilemma.. I am willing to try further procedures to vaccinate and clense Her insides.. even if it means backing up all files on it and starting new..

I always stray away from online banking, tax returns, etc.. and any other potentially identifiable and personal information online, as I prefer to do all of those things in person nad not with the Net.. especially having dial-up.. it is tedious and not worth it..

I will agree to any costs necessary to resue Her. Let me know how YOU want to proceed, haha.. THANKS .. YOU DON'T UNDERSTAND HOW MUCH YOUR HELP MEANS TO ME AND MY MACHINE, VopThis.. it means a ton and a donation will be put towards D-A-L's site in a week or so (as your help in my tech problems is priceless)..

thanks again,

John