After reading the previous post, I believe I'm having the same problem with my computer. I've worked for days at trying to fix it, but it's proven to be a particularly stubborn bug. I would greatly appreciate any help. Here are the details:

1. I realized I had some sort of virus when I was receiving a bogus balloon (similar to the Windows Update balloon) saying "Your computer might be at risk. Your security protection is bad. Click on this baloon to fix the problem." I ran my arsenal of spyware/antivirus programs & although the balloon doesn't popup anymore, I have new issues:

2. SpyBot is taking more than a day & a half to complete a scan. It's found half a dozen problems, which I thought were fixed, but to no avail.

3. Norton AntiVirus, AVG Virus Scan are not finding any problems.

4. Ewido spyware is not finding any problems.

5. My system doesn't function in normal mode (only runs in Safe Mode). Upon start-up in normal mode i get an error message relating to "lcfinst.exe" - something about memory being referenced that cannot be found (?). After clicking 'OK' to that error message, my system freezes.

I just completed running HJT; please see the log below:

Logfile of HijackThis v1.99.1
Scan saved at 6:59:10 PM, on 10/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\Explorer.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\FreezeScreenSaver.exe
C:\LDClient\LOCALSCH.EXE
C:\WINNT\system32\cba\pds.exe
C:\LDClient\tmcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\NALNTSRV.EXE
C:\PROGRA~1\NavNT\rtvscan.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\WINNT\System32\wdfmgr.exe
C:\LDClient\wuser32.exe
C:\WINNT\system32\fxssvc.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\notepad.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://ww

w.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://ww

w.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://ww

w.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://ww

w.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://ww

w.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://ww

w.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell="Explorer.exe"
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class -

{65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program

Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class -

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program

Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager]

%SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINNT\System32\hgqhp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware

4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe"

/background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update

Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel

FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program

Files\KillAndClean\KillAndClean.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe
O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE
O4 - Global Startup: Software Monitoring.LNK = C:\LDClient\SoftMon.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan

Object) -

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI

Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m

uweb_site.cab?1140320516387
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime

Environment 1.5.0) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime

Environment 1.4.1_02) -
O17 -

HKLM\System\CCS\Services\Tcpip\..\{0136DCF4-192E-4ED8-8ACF-F07FCF

BB5631}: NameServer = 85.255.116.125,85.255.112.109
O17 -

HKLM\System\CCS\Services\Tcpip\..\{5DFFC782-F070-4C9B-A54F-935960D

97DF5}: NameServer = 85.255.116.125,85.255.112.109
O17 -

HKLM\System\CCS\Services\Tcpip\..\{8D30FF83-97BB-41FE-BC14-D2BCB3

AFF38C}: NameServer = 85.255.116.125,85.255.112.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =

85.255.116.125 85.255.112.109
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer =

85.255.116.125 85.255.112.109
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer =

85.255.116.125 85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =

85.255.116.125 85.255.112.109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ideusr50 - ideusr50.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation -

C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -

C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FreezeScreenSaver - Unknown owner -

C:\WINNT\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation

- C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Intel File Transfer - Intel® Corporation -

C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel Local Scheduler Service - LANDesk® Software Ltd. -

C:\LDClient\LOCALSCH.EXE
O23 - Service: Intel PDS - Intel® Corporation -

C:\WINNT\system32\cba\pds.exe
O23 - Service: Intel Targeted Multicast - LANDesk® Software Ltd. -

C:\LDClient\tmcsvc.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. -

C:\WINNT\System32\NALNTSRV.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec

Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program

Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program

Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: TMA Distribution - Unknown owner -

C:\WINNT\system32\cba\lcfinst.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDesk® Software Ltd.

- C:\LDClient\wuser32.exe


Thanks again for any help!
AT

Hello and sorry for the wait.
If you are still in need of assistance please go here and post a link back to this topic to flag a helper.

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)


Please see:
You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)

Hi atran

Could we see a fresh Hijackthis log , try turning off (or on) word wrap so the formating doesnt get messed up.

sorry about the delayed response :blush:

below is a new HJT log (hopefully less jumbled).

btw, i have since re-run AVG antivirus & my system seems to be working at about 80% of what it was before. i still have a few glitches (eg. spybot still takes more than a day to run, system still freezes sometimes on restart) but i can at least run it in normal mode (instead of safe mode).

thanks again for your help!

Logfile of HijackThis v1.99.1
Scan saved at 7:19:15 PM, on 18/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINNT\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\FreezeScreenSaver.exe
C:\LDClient\LOCALSCH.EXE
C:\WINNT\system32\cba\pds.exe
C:\LDClient\tmcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\NALNTSRV.EXE
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\System32\NWTRAY.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\LDClient\SoftMon.exe
C:\LDClient\wuser32.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell="Explorer.exe"
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINNT\System32\hgqhp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [dmjcw.exe] C:\WINNT\System32\dmjcw.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Task Completion.LNK = C:\LDClient\AMCLIENT.EXE
O4 - Global Startup: Software Monitoring.LNK = C:\LDClient\SoftMon.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140320516387
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0136DCF4-192E-4ED8-8ACF-F07FCFBB5631}: NameServer = 85.255.116.125,85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DFFC782-F070-4C9B-A54F-935960D97DF5}: NameServer = 85.255.116.125,85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D30FF83-97BB-41FE-BC14-D2BCB3AFF38C}: NameServer = 85.255.116.125,85.255.112.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ideusr50 - ideusr50.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINNT\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel Local Scheduler Service - LANDesk® Software Ltd. - C:\LDClient\LOCALSCH.EXE
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Intel Targeted Multicast - LANDesk® Software Ltd. - C:\LDClient\tmcsvc.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINNT\System32\NALNTSRV.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: TMA Distribution - Unknown owner - C:\WINNT\system32\cba\lcfinst.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDesk® Software Ltd. - C:\LDClient\wuser32.exe

Hi

It might be best to uninstall that FreezeScreenSaver is see in your logs
Unless your possitive its safe.

Uninstall all but one antivirus program, they conflict with eachother.


Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

This topic is closed due to lack of a response.
If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.




You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)