Spyware help please, hijackthis log included

[mandimay]

Hello everyone...I'm new here so I hope I am in the right place! I have a 1.2 ghz Gateway with 256 MB RAM. I have always considered myself a spyware expert, cleaning this computer of 412 viruses and (get this) 1084 spyware components with adaware when I first started using it (It was my boyfriends, now husbands). I was recently surfing the net and came across an Alicia Silverstone fan page that installed a ton of spyware and trojans on my computer and I have had trouble ever since. The trojans were in my java cache and could not be cleaned so I resorted to uninstalling java, deleting the viruses and reinstalling java. I have also ran Spybot S&D, Adaware and Spyware Doctor, all of which find the spyware (one being Hotsearchbar) and they claim to delete it but an immediate follow up scan shows they are still there. System restore is turned off. After all of this the pop ups continue. Recently I tried to download a trial of Norton. While it was installing the computer shut down on it's own. I also tried to run a PCcillin Housecall scan...Just as it was about to find something the computer shut down. When Adaware says there are components that cannot be removed and wants to run on system restart, I click yes. I restart and then Adaware pops up to run...But just as it starts up the computer shuts down. I can't restart the computer without cancelling the Adaware scan. Whatever this is it is much smarter than me. I am now running Mozilla Firefox browser with no pop ups and protection from SpywareBlaster but when using Internet Explorer the pop ups are still present! Can anyone help? My hijackthis log is attached. I would much appreciate it!

 

[RealBlackStuff]

First off, move HJT to its OWN directory (read my signature), NOT in Temp!
C:\Documents and Settings\xxxxxxx\Local Settings\Temp\hijackthis 2\HijackThis.exe

Second, your PC is top-heavy with too much AntiVirus etc. junk (Symantec/Norton, SpywareDoctor=rubbish, Avast (incomplete) and AVG).
You should dump everything, except AVG. Believe me, your PC will be much better off.

Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
bgbaaalkr.exe
regsync.exe
VCMnet11.exe
wupdater.exe

Next, click Start/Run and type services.msc and click OK. Look for the service:
ccEvtMgr.exe
ccPwdSvc.exe
ccSetMgr.exe
hnaoyac.exe
SAVScan.exe
SBServ.exe
symlcsvc.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

Next, UNinstall anything to do with (if you can):
C:\PROGRA~1\SPYWAR~1\tools\ ==>> Spyware Doctor
C:\Program Files\Common Files\updater\wupdater.exe
C:\Program Files\Alwil Software\Avast4
Any Symantec/Norton rubbish

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\WINNT\system\bgbaaalkr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: SDWin32 Class - {11801B7C-D3F0-4F53-BDCE-CF121B4F8C7A} - C:\WINNT\system32\jtmny.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINNT\system32\vbrundll.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINNT\system32\nsy2094.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O3 - Toolbar: (no name) - {460A8A2A-97F2-4D98-BEAE-35B647C00966} - (no file)
O4 - HKLM\..\Run: [regsync] C:\WINNT\system32\regsync.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: ppctlcab - http://www.my-etrust.com/includes/pscanner/ppctlcab.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.my-etrust.com/includes/pscanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0011.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hnaoyac - Unknown owner - C:\WINNT\system32\hnaoyac.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Boot normal. When all OK, switch System Restore back on.

When you are done (after cleaning up), get the free firewall from http://soho.sygate.com and switch XPs firewall off.

And never EVER use Internet Explorer again, other than for Windoze updates!
Stick with Firefox.