You are running two antivirus programs Norton/Symantec and Avira. One has to go. Decide which you want to keep and uninstall the other:
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
If you decide to remove Symantec/Norton, use the Norton Removal tool:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Do NOT use System Restore. There is malware in the restore points. After the system is clean, you will be instructed to drop the old restore points and set a new clean one.
Please re-open HiJackThis > click on /System Scan Only> scan. Check the boxes next to all the entries listed below.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D66DDB7A-727D-4F53-89C4-3F8211D452E2} - C:\WINDOWS\system32\khfEXrPh.dll (file missing)
O2 - BHO: (no name) - {DB7C413D-1D74-4126-9681-ACB618E1575C} - C:\WINDOWS\system32\urqRKBRh.dll (file missing)
O20 - AppInit_DLLs: c:\windows\system32\godamuwe.dll nrcpdy.dll>>
Fraudulent Security Program,
NOTE: This is a legitimate program. But unless you use it every day and frequently, I suggest having HijackThis remove entries, then uninstall.
Rogers Yahoo! Leading Edge Services:
http://www.rogers.com/web/content/i...t10=le_customer&setLanguage=en&setProvince=NB
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\Rogers\SelfHealing\shs.exe
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot.
Please run SDFix:
* Download SDFix
HERE and save it to your Desktop.
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Boot into Safe Mode
* Restart your computer and start pressing the F8 key on your keyboard.
* Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run SDFix
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
* Attach Report.txt back here
Run a new scan with HijackThis after SDFix and include a new log with SDFix report.
