41

You’re doing fine. 8)

After you click server2, a download window should appear, click save.

In the next box that appear, make sure the top box (save in) is set to desktop, click save. To run the program, double click the file you have just downloaded.

42

Oh, I see what happened. Click right on server2 ;D

43

PLEASE note

when doing the combofix fix

A window may open with a warning. Type “1” (and Enter) to start the fix. When the scan completes Notepad will open with with your results log open. Click File, click Exit and answer ‘Yes’ to save changes

44

I am but being totally challenged!! Darn dial modem is going out of order on me again!!! If I dont get back to you after a lengthy time, its because the modem died… okay? I am scheduled to have “WildBlue” satelite installed shortly, we will continue then?

Yes, after leaving my last post, I realized that I was clking on the website itself rather then [Server2].

Do I need to disable "XP’s System Restore’? If I do, I dont know how to do that either… ???

45

No you can leave system restore on if you want.

We should do this asap, you have some downloaders, that must be removed, or you will have more problems.

Also in HJT please fix this line

O4 - HKLM..\Run: [NI.UGDC_0001_N122M2610] "c:\documents and settings\owner\application data\installer_en[1].exe

46

My dial up server disconnected while downloading ERUNT, I need to redo it as it is corrupted.

I did remove the file you last posted.

I will try my best, hopefully the dial modem will hold up for me.

47

Ok, do your best.

I’ll check this thread regularly to check on your progress and answr questions.

For the future, if you need it

To turn system restore off

Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.

Click to add a check mark beside Turn off System Restore on all Drives, and click Apply.

When you are warned that all existing Restore Points will be deleted, click Yes to continue.

To turn back on

Steps to turn on System Restore

  1. Click Start, right-click My Computer, and then click Properties.
  2. In the System Properties dialog box, click the System Restore tab.
  3. Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
  4. Click OK.

After a few moments, the System Properties dialog box closes

48

Thanks OLdman … trusting your judgements, and will follow your instructions.

I reinstalled ERUNT, and backup registry, hoping I had done that right. But now we have problems… see what came up in the notepad? I copied just a portsion of it, and I am assuming you will not be able to read this?

regf  òÞ‰Â9È   ð†  s a n d S e t t i n g s \ O w n e r \ n t u s e r . d a Hº÷î hbin  òÞ‰Â9È ÿÿÿnk, ‰xÂ9È 8   P (* € è € ÿÿÿÿ8  H ŽFE $$$PROTO.HIVaÇkèþÿÿsk

49

Was this after the combofix or have you got that far yet?

In notepad is word wrap unchecked? open a notepade , click format and make sure there is no checkmark beside word wrap.

50
I copied just a portsion of it
From what? What is 'it' here?
51

If you have all ready done the combofix fix and can’t view the log. Open it from here.

Open windows explorer, click on the c:\ drive. Look in the right hand panel for combofix3.txt Double click it open it. Copy and paste the contents in your next reply.

52

Thank you for making things easier for me Oldman, appreciated. Hope this is what you are looking for. In my last two rebootings, I have not had any files or links missing when opening. And I also am not getting pop ups, so far!!!

ComboFix 07-12-07.3 - Owner 2007-12-07 21:05:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.134 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

  • Created a new restore point
    .

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Owner\Favorites\Online Security Guide.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\WINDOWS\cookies.ini
C:\WINDOWS\ms042771381691.exe
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rev1
C:\WINDOWS\system32\rMa02yy
C:\WINDOWS\system32\t21
C:\WINDOWS\system32\v2
D:\Autorun.inf

53

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.

2007-12-07 18:22 . 2007-12-07 18:22 d-------- C:\Deckard
2007-12-07 16:49 . 2007-12-07 16:49 d-------- C:\Program Files\Trend Micro
2007-12-06 23:10 . 2007-12-07 05:41 832,875 --ahs---- C:\WINDOWS\system32\ioftvujv.ini
2007-12-06 23:02 . 2007-12-06 23:34 d-------- C:\Program Files\XoftSpySE
2007-12-05 09:02 . 2007-12-05 09:02 d-------- C:\Program Files\Windows Defender
2007-12-04 19:03 . 2007-12-06 07:50 804,720 --ahs---- C:\WINDOWS\system32\oyypgmcg.ini
2007-12-03 17:39 . 2007-12-03 17:40 d-------- C:\WINDOWS\system32\bmv2
2007-12-03 17:29 . 2007-12-03 17:29 d-------- C:\WINDOWS\system32\daSgo06
2007-12-03 17:29 . 2007-12-03 17:33 d-------- C:\temp\bkR11
2007-12-03 17:23 . 2007-12-03 16:28 801,367 --ahs---- C:\WINDOWS\system32\npmfetef.ini
2007-12-03 16:08 . 2007-12-03 16:08 801,367 --ahs---- C:\WINDOWS\system32\npmfetef.tmp
2007-12-03 13:32 . 2007-12-03 08:42 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-02 14:29 . 2007-12-03 14:32 801,306 --ahs---- C:\WINDOWS\system32\pqpycxtv.ini
2007-12-01 14:42 . 2007-12-01 21:01 800,861 --ahs---- C:\WINDOWS\system32\tedqcoyv.ini
2007-11-30 14:31 . 2007-12-01 07:35 800,768 --ahs---- C:\WINDOWS\system32\evseffuq.ini
2007-11-30 10:46 . 2007-11-30 10:46 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-30 10:45 . 2007-12-07 21:15 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-30 10:45 . 2007-11-30 10:45 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-30 10:45 . 2007-11-30 10:45 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-30 08:49 . 2007-11-30 13:10 800,570 --ahs---- C:\WINDOWS\system32\oclyfepm.ini
2007-11-29 08:45 . 2007-11-30 07:48 793,760 --ahs---- C:\WINDOWS\system32\poxvlnmh.ini
2007-11-28 18:52 . 2007-11-29 08:41 789,960 --ahs---- C:\WINDOWS\system32\fmwokixo.ini

54

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 05:33 --------- d-----w C:\Program Files\Yahoo!
2007-12-05 05:33 --------- d-----w C:\Program Files\Common Files\Scanner
2007-12-03 18:47 --------- d-----w C:\Program Files\Google
2007-12-03 07:05 --------- d-----w C:\Program Files\IncrediGames
2007-12-02 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-25 01:13 --------- d-----w C:\Program Files\Microsoft Home Publishing 2000
2007-11-07 20:33 --------- d-----w C:\Program Files\Microsoft Picture It! 7
2007-10-27 02:34 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-12 18:52 53,248 ----a-w C:\WINDOWS\hg173.exe

55

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{24A41A0B-4D59-4FA3-86F6-A5EE3C482313}]
C:\Program Files\Windows NT\mevojuliC:\WINDOWS\system32\v2\swdrv83122.exe.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{62179339-1920-4AED-A272-A889231DE4A5}]
C:\Program Files\Windows NT\mevojuliC:\DOCUME~1\Owner\LOCALS~1\Temp\CEMG555077.exe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:56]
“DW4”=“”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 03:06]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2005-12-06 05:43]
“FLMOFFICE4DMOUSE”=“C:\Program Files\Micro Innovations\Wireless Optical Mouse\mouse32a.exe” [2006-06-21 19:30]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41]
“QuickFinder Scheduler”=“c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE” [1996-10-16 00:02]
“RCSystemTray”=“C:\Program Files\Registry Cleaner\RCSystemTray.exe” [2006-11-28 15:18]
“KBD”=“C:\HP\KBD\KBD.EXE” [2005-02-02 16:44]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-02-17 13:58]
“NI.UGDC_0001_N122M2610”=“c:\documents and settings\owner\application data\installer_en[1].exe”
“TMT”=“C:\WINDOWS\Gwang.exe”
“64ced7fd”=“C:\WINDOWS\system32\vjuvtfoi.dll”
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20]

56

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
PerfectPrint.LNK - C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE [2006-11-17 12:51:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Instant Update.lnk - C:\Program Files\U.S. Robotics\Instant Update\InstUpDt.exe [2007-09-12 12:00:22]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2007-09-06 03:06 79224 --a------ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
1999-10-10 10:00 41984 -----c— C:\WINDOWS\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
2005-11-07 15:49 601200 --a------ C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-27 02:34 172032 --a–c— C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 17:04 52736 --a–c— c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 16:44 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-12 20:13 98304 --a–c— C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2003-11-03 17:50 221184 --a–c— C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-01-26 03:24 32881 --a–c— C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
2003-10-29 10:17 135168 --a–c— C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMX]
C:\Program Files\WinMX\WinMX.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpy]
C:\Program Files\XoftSpy\XoftSpy.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

R1 UdfReadr;UdfReadr;C:\WINDOWS\system32\drivers\UdfReadr.sys
S3 SNDP610;Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\sndp610.sys

57

Contents of the ‘Scheduled Tasks’ folder
“2007-12-07 23:30:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job”

  • C:\Program Files\Windows Defender\MpCmdRun.exe
    “2005-04-15 21:04:29 C:\WINDOWS\Tasks\XoftSpy.job”
  • C:\Program Files\XoftSpy\XoftSpy.exe
    .

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 21:15:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2007-12-07 21:16:57 - machine was rebooted
.
— E O F —

58

Rescanned HJT again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:05 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Micro Innovations\Wireless Optical Mouse\mouse32a.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Registry Cleaner\RCSystemTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\U.S. Robotics\Instant Update\InstUpDt.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

59

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {24A41A0B-4D59-4FA3-86F6-A5EE3C482313} - C:\Program Files\Windows NT\mevojuliC:\WINDOWS\system32\v2\swdrv83122.exe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Optical Mouse\mouse32a.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [RCSystemTray] C:\Program Files\Registry Cleaner\RCSystemTray.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Instant Update.lnk = C:\Program Files\U.S. Robotics\Instant Update\InstUpDt.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ctctel.com/
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.digzag.com/ImageUploader4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip..{070B5D4F-B732-48E6-B93E-4F9AE8CC58B0}: NameServer = 72.20.64.11 72.20.64.12
O17 - HKLM\System\CS1\Services\Tcpip..{070B5D4F-B732-48E6-B93E-4F9AE8CC58B0}: NameServer = 72.20.64.11 72.20.64.12
O17 - HKLM\System\CS2\Services\Tcpip..{070B5D4F-B732-48E6-B93E-4F9AE8CC58B0}: NameServer = 72.20.64.11 72.20.64.12
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


End of file - 9081 bytes

60

Looking better, but I need a new DSS log. (Deckards)