I got the SVCpack.exe. I ran norton and it delete it. I checked and modified the Win.INI. However, My pc is slow and low in resources. What else can i do? Do i need to do anything in MS dos..? how do you do that? I would really appreaciate any help. Thanks. Regards,

Don't touch DOS unless you are very good with it. There are easier ways. See if this process can help you. First – please download and run Spybot Search & Destroy; http://www.safer-networking.org Short tutorial and download link here: http://tomcoyote.org/SPYBOT/ *check for updates*; and then scan, and fix all RED items that Spybot finds. Reboot when done. Then download/update 'Hijack This!' 1.97.0.7 new version http://www.spywareinfo.com/~merijn/files/hijackthis.zip Unzip/extract all… Double click on hijackthis.exe..and complete the install. Close All browser windows and Run HijackThis, Press Scan, and wait, Save the log, (the ‘scan’ button changes to ‘save log’) Edit>select All > copy and paste its contents here. Most of what it lists will be harmless or even essential, so don't fix anything yet. Post the full log including header info in reply. With luck it will be reviewed by someone here. Take your time; there is rarely any need to rush; its better to get it right.

Here is my log file. I would really appreciate any help to get my system working like before..it is very slow. Thanks. Logfile of HijackThis v1.97.7 Scan saved at 10:41:12 PM, on 12/14/03 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v5.50 (5.50.4134.0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\MDM.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.exe C:\WINDOWS\SYSTEM\RPCSS.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\3RD WORKS\4DMAIN.exe C:\WINDOWS\SYSTEM\ATICWD32.exe C:\WINDOWS\SYSTEM\ATITASK.exe C:\PROGRAM FILES\WINAMP\WINAMPA.exe C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.exe C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.exe C:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.exe C:\WINDOWS\SYSTEM\QTTASK.exe C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.exe C:\WINDOWS\LOADQM.exe C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.exe C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.exe C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\PASSWORD MANAGER\ACCTMGR.exe C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.exe C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.exe C:\PROGRAM FILES\ADSUBTRACT\ADSUB.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.exe C:\SMARTDSK\FLASH\SDSTAT.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.exe C:\WINDOWS\SYSTEM\SPOOL32.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:/// R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sureseeker.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://drvvv.com/jf-home.phtml R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie-search.com/home.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-search.com/home.html (obfuscated) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated) N1 - Netscape 4: user_pref("browser.startup.homepage", "http://netscape.com"); (C:\Program Files\Netscape\Users\loppek\prefs.js) O1 - Hosts: 206.161.200.105 auto.search.msn.com O1 - Hosts: 206.161.200.105 sitefinder.verisign.com O1 - Hosts: 206.161.200.105 sitefinder-idn.verisign.com O1 - Hosts: 206.161.200.103 www.smutserver.com O1 - Hosts: 206.161.200.103 www1.smutserver.com O1 - Hosts: 206.161.200.103 www2.smutserver.com O1 - Hosts: 206.161.200.103 www3.smutserver.com O1 - Hosts: 206.161.200.103 www4.smutserver.com O1 - Hosts: 206.161.200.103 www5.smutserver.com O1 - Hosts: 206.161.200.103 www6.smutserver.com O1 - Hosts: 206.161.200.103 www7.smutserver.com O1 - Hosts: 206.161.200.103 www8.smutserver.com O1 - Hosts: 206.161.200.103 www9.smutserver.com O1 - Hosts: 206.161.200.103 www10.smutserver.com O1 - Hosts: 206.161.200.103 www11.smutserver.com O1 - Hosts: 206.161.200.103 www12.smutserver.com O1 - Hosts: 206.161.200.103 www13.smutserver.com O1 - Hosts: 206.161.200.103 www14.smutserver.com O1 - Hosts: 206.161.200.103 www15.smutserver.com O1 - Hosts: 206.161.200.103 www16.smutserver.com O1 - Hosts: 206.161.200.103 www17.smutserver.com O1 - Hosts: 206.161.200.103 www18.smutserver.com O1 - Hosts: 206.161.200.103 www19.smutserver.com O1 - Hosts: 206.161.200.103 www20.smutserver.com O1 - Hosts: 206.161.200.103 www21.smutserver.com O1 - Hosts: 206.161.200.103 www22.smutserver.com O1 - Hosts: 206.161.200.103 www23.smutserver.com O1 - Hosts: 206.161.200.103 www24.smutserver.com O1 - Hosts: 206.161.200.103 www25.smutserver.com O1 - Hosts: 206.161.200.103 www26.smutserver.com O1 - Hosts: 206.161.200.103 www27.smutserver.com O1 - Hosts: 206.161.200.103 www28.smutserver.com O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - (no file) O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\3rd Works\4DMAIN.exe -startup O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe" O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.exe /t O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.exe /q O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [Cydoor] CD_Load.exe O4 - HKCU\..\Run: [svchost] c:\windows\explore.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: EReg.lnk = C:\WINDOWS\EReg206\Reg32.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe O4 - Startup: TextBridge Instant Access OCR.lnk = C:\Program Files\TextBridge Classic\Bin\TBMENU.exe O4 - Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.exe O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe O4 - Startup: FlashPath Status.lnk = C:\SMARTDSK\FLASH\SDSTAT.exe O8 - Extra context menu item: Web Search - c:\windows\ex.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra 'Tools' menuitem: Block This Popup (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: ComcastHSI (HKCU) O9 - Extra button: Help (HKCU) O9 - Extra button: Support (HKCU) O12 - Plugin for .SWF: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - http://208.232.7.192/pcdownload/download/Uncensored_Sex.exe O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://209.132.192.13/pcvideo4/FreeVideo.exe O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometcursor2x/comet.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/developerzone/download/vet_install_popup.html?1&false O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://sales.sunbeam.com/CFIDE/classes/CFJava.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30e1a00947e7c2ac8a23/netzip/RdxIE601.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O19 - User stylesheet: c:\windows\system.css

ok: lots of bugs.. first download and install CWShredder from this site: Normal form, will work for most people: http://www.spywareinfo.com/~merijn/files/cwshredder.zip Boot into safe and run the CWShredder program. Click 'Next', not just 'scan' and allow the program to finish. {download a new file if you have to run it again} Reboot normally. Go to windows updates and load up any new security related updates that you can find, including IE6 and SP1 updates. Reboot as told. Download and runSpybot Search and Destroy <http://spybot.eon.net.au/index.php?lang=en&page=download> Download and run Housecall AV scan<http://housecall.trendmicro.com/housecall/start_corp.asp> Reboot and rescan with HijackThis, and repost here in reply. ciao, Ice Windowsupdates Notes: CoolWebSearch is part of a new strain of trojans that have recently been identified that all have one thing in common: they install through the ByteVerify <http://www.microsoft.com/technet/security/bulletin/MS03-011.asp> exploit in the MS Java VM and change the IE homepage, search page, search bar, etc. If you have Windows XP with Service Pack 1a, your system has no MS Java VM. Java removal http://www.winnetmag.com/Article/ArticleID/38206/38206.html some of the affiliates (Search-Meta has been verified) use another Java exploit to install their malware. It's classified as the JS.Exception.Exploit <http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html>, and a patch can be downloaded from this MS security bulletin <http://www.microsoft.com/technet/security/bulletin/ms00-075.asp>.