NEED HELP - HIJACKTHIS LOG

Viruses and worms
1

Problems:

Windows Updates wouldnt turn on – problem fixed (somehow) after running malwarebytes

Firefox Crashes on startup – wont run in firefox safe mode or if I boot the computer in safemode. Troubleshooted other ways such as making a new profile, installing older verions, etc and it still crashes. I think my problem is “Other malware: viruses or spyware”

(this is one of the site I used to troubleshoot the firefox problem)
http://support.mozilla.com/it/kb/Firefox+crashes+when+you+open+it

Internet explorer has random pop-ups and runs slow.

These are the programs that I have used to scan the computer:

Avast!
Malwarebytes
Spybot S&D
Adaware - Lavasoft
SuperAntiSpyware
CCleaner

HIJACKTHIS LOG in next post…

2

HIJACKTHIS LOG Pt.1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:50 PM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

3

HIJACKTHIS LOG Pt.2

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM..\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide
O4 - HKLM..\RunOnce: [SpybotDeletingA4610] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE”
O4 - HKLM..\RunOnce: [SpybotDeletingC4158] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE”
O4 - HKLM..\RunOnce: [SpybotDeletingA3415] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR”
O4 - HKLM..\RunOnce: [SpybotDeletingC3398] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR”
O4 - HKLM..\RunOnce: [SpybotDeletingA8232] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR”
O4 - HKLM..\RunOnce: [SpybotDeletingC2482] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR”
O4 - HKLM..\RunOnce: [SpybotDeletingA4252] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST”
O4 - HKLM..\RunOnce: [SpybotDeletingC4413] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST”
O4 - HKLM..\RunOnce: [SpybotDeletingA611] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST”
O4 - HKLM..\RunOnce: [SpybotDeletingC6035] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST”
O4 - HKLM..\RunOnce: [SpybotDeletingA4093] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL”
O4 - HKLM..\RunOnce: [SpybotDeletingC9219] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL”
O4 - HKLM..\RunOnce: [SpybotDeletingA1818] command /c del “C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL”
O4 - HKLM..\RunOnce: [SpybotDeletingC3669] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL”
O4 - HKLM..\RunOnce: [SpybotDeletingA4313] command /c del “C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL”
O4 - HKLM..\RunOnce: [SpybotDeletingC1579] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL”
O4 - HKLM..\RunOnce: [SpybotSnD] “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” /autocheck
O4 - HKCU..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\Run: [RegFixPro] C:\Program Files\RegFixPro\RegFixPro.exe -boot
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU..\RunOnce: [SpybotDeletingB5836] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE”
O4 - HKCU..\RunOnce: [SpybotDeletingD9867] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE”
O4 - HKCU..\RunOnce: [SpybotDeletingB1960] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR”
O4 - HKCU..\RunOnce: [SpybotDeletingD7239] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR”
O4 - HKCU..\RunOnce: [SpybotDeletingB2806] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR”
O4 - HKCU..\RunOnce: [SpybotDeletingD9749] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR”
O4 - HKCU..\RunOnce: [SpybotDeletingB8684] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST”
O4 - HKCU..\RunOnce: [SpybotDeletingD5303] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST”
O4 - HKCU..\RunOnce: [SpybotDeletingB4409] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST”
O4 - HKCU..\RunOnce: [SpybotDeletingB4515] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL”
O4 - HKCU..\RunOnce: [SpybotDeletingD5209] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL”
O4 - HKCU..\RunOnce: [SpybotDeletingB8758] command /c del “C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL”
O4 - HKCU..\RunOnce: [SpybotDeletingD9405] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL”
O4 - HKCU..\RunOnce: [SpybotDeletingB9243] command /c del “C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL”
O4 - HKCU..\RunOnce: [SpybotDeletingD968] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL”
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

4

HIJACKTHIS LOG Pt.3

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v46/solitairerush/solitairerush.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232171051640
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\program,files\relevantknowledge\rlai.dll,C:\program,files\relevantknowledge\rlai.dll,C:\program,files\relevantknowledge\rlai.dll,C:\program,files\relevantknowledge\rlai.dll,C:\program files\relevantknowledge\rlai.dll sorprf.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


End of file - 16580 bytes

Thank you for the help!

5

An analysis of your HJT log :

These are all considered to be bad …

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)

(for the above 3)
http://www.threatexpert.com/files/a9srchas.dll.html
http://www.spywareterminator.com/item/30410/AdwareMyWebSearchDW.html

The below are related to the above …

O4 - HKLM..\RunOnce: [SpybotDeletingA4610] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE”

O4 - HKLM..\RunOnce: [SpybotDeletingC4158] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE”

O4 - HKLM..\RunOnce: [SpybotDeletingA3415] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR”

O4 - HKLM..\RunOnce: [SpybotDeletingC3398] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR”

O4 - HKLM..\RunOnce: [SpybotDeletingA8232] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR”

O4 - HKLM..\RunOnce: [SpybotDeletingC2482] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR”

O4 - HKLM..\RunOnce: [SpybotDeletingA4252] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST”

O4 - HKLM..\RunOnce: [SpybotDeletingC4413] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST”

O4 - HKLM..\RunOnce: [SpybotDeletingA611] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST”

O4 - HKLM..\RunOnce: [SpybotDeletingC6035] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST”

O4 - HKLM..\RunOnce: [SpybotDeletingC6035] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST”

O4 - HKLM..\RunOnce: [SpybotDeletingC9219] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL”

O4 - HKLM..\RunOnce: [SpybotDeletingA1818] command /c del “C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL”

O4 - HKLM..\RunOnce: [SpybotDeletingC3669] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL”

O4 - HKLM..\RunOnce: [SpybotDeletingA4313] command /c del “C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL”

O4 - HKLM..\RunOnce: [SpybotDeletingC1579] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL”

O4 - HKCU..\RunOnce: [SpybotDeletingB5836] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE”

O4 - HKCU..\RunOnce: [SpybotDeletingD9867] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE”

O4 - HKCU..\RunOnce: [SpybotDeletingB1960] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR”

O4 - HKCU..\RunOnce: [SpybotDeletingD7239] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR”

O4 - HKCU..\RunOnce: [SpybotDeletingB2806] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR”

O4 - HKCU..\RunOnce: [SpybotDeletingD9749] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR”

O4 - HKCU..\RunOnce: [SpybotDeletingB8684] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST”

O4 - HKCU..\RunOnce: [SpybotDeletingD5303] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST”

O4 - HKCU..\RunOnce: [SpybotDeletingB4409] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST”

O4 - HKCU..\RunOnce: [SpybotDeletingB4515] command /c del “C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL”

O4 - HKCU..\RunOnce: [SpybotDeletingD5209] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL”

O4 - HKCU..\RunOnce: [SpybotDeletingB8758] command /c del “C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL”

O4 - HKCU..\RunOnce: [SpybotDeletingD9405] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL”

O4 - HKCU..\RunOnce: [SpybotDeletingB9243] command /c del “C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL”

O4 - HKCU..\RunOnce: [SpybotDeletingD968] cmd /c del “C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL”

O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html (The entry &AIM Search has been identified as bad but this would be your decision.)

Check if you know these sites and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should be fixed.

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab

O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v46/solitairerush/solitairerush.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

The next one is bad …

O20 - AppInit_DLLs: C:\program,files\relevantknowledge\rlai.dll,C:\program,files\relevantknowledge\r lai.dll,C:\program,files\relevantknowledge\rlai.dll,C:\program,files\relevantkno wledge\rlai.dll,C:\program files\relevantknowledge\rlai.dll sorprf.dll

http://www.prevx.com/filenames/170467188590500646-X2051405650/RLAI2EDLL.html

The next one seems to be bad but it is not completely been determined …

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

http://www.prevx.com/filenames/X440057533835162322-0/BOONTY2EEXE.html