First off, move HJT to its OWN directory (read my signature), NOT in Temp!
C:\Documents and Settings\xxxxxxx\Local Settings\
Temp\hijackthis 2\HijackThis.exe
Second, your PC is top-heavy with too much AntiVirus etc. junk (Symantec/Norton, SpywareDoctor=rubbish, Avast (incomplete) and AVG).
You should dump everything, except AVG. Believe me, your PC will be much better off.
Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
bgbaaalkr.exe
regsync.exe
VCMnet11.exe
wupdater.exe
Next, click Start/Run and type
services.msc and click OK. Look for the service:
ccEvtMgr.exe
ccPwdSvc.exe
ccSetMgr.exe
hnaoyac.exe
SAVScan.exe
SBServ.exe
symlcsvc.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, UNinstall anything to do with (if you can):
C:\PROGRA~1\SPYWAR~1\tools\ ==>> Spyware Doctor
C:\Program Files\Common Files\updater\wupdater.exe
C:\Program Files\Alwil Software\Avast4
Any Symantec/Norton rubbish
Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\WINNT\system\
bgbaaalkr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: SDWin32 Class - {11801B7C-D3F0-4F53-BDCE-CF121B4F8C7A} - C:\WINNT\system32\
jtmny.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINNT\system32\
vbrundll.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\
SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINNT\system32\
nsy2094.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O3 - Toolbar: (no name) - {460A8A2A-97F2-4D98-BEAE-35B647C00966} - (no file)
O4 - HKLM\..\Run: [regsync] C:\WINNT\system32\
regsync.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\
VCMnet11.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\
updater\wupdater.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: ppctlcab -
http://www.my-etrust.com/includes/pscanner/ppctlcab.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://www.my-etrust.com/includes/pscanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} -
http://www.pacimedia.com/install/pcs_0011.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\
Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\
Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hnaoyac - Unknown owner - C:\WINNT\system32\
hnaoyac.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\
Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
...................................................................................................
Now click on the
Fix Checked button in HJT.
When done, from between the dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Boot normal. When all OK, switch System Restore back on.
When you are done (after cleaning up), get the free firewall from
http://soho.sygate.com and switch XPs firewall off.
And never EVER use Internet Explorer again, other than for Windoze updates!
Stick with Firefox.