Hello.. I finally got everything you wanted done, ( i think)... here are logs for combofix, hijack this and smithfraud one. The computer is beginning to come back, the virus alert has gone away...and it seems better now. Hopefully me mess is behind? Ty againSmitFraudFix v2.335
Scan done at 11:16:00.39, Tue 08/12/2008
Run from C:\Documents and Settings\Valued Customer\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINNT\lnvegaow.exe Deleted
C:\Program Files\PCHealthCenter\ Deleted
C:\Program Files\VAV\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
ComboFix 08-08-11.01 - Valued Customer 08/12/2008 11:36:11.4 - NTFSx86 MINIMAL
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.158 [GMT -4:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\275V53EC\interclick.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\275V53EC\interclick.com\ud.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINNT\cookies.ini
C:\WINNT\edlb.exe
C:\WINNT\system32\cyytdteh.ini
C:\WINNT\system32\gtwnahrd.dll
C:\WINNT\system32\hetdtyyc.dll
C:\WINNT\system32\ndvtgs.dll
C:\WINNT\system32\sex1.ico
C:\WINNT\system32\sex2.ico
C:\WINNT\system32\tdssl.dll
C:\WINNT\system32\UtBdLRqr.ini
C:\WINNT\system32\UtBdLRqr.ini2
C:\WINNT\system32\vav.cpl
C:\WINNT\xokvrpwg.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
2008-08-12 11:43 . 16,384 C:\WINNT\system32\Perflib_Perfdata_44c.dat
2008-08-12 11:16 . 08-08-12 11:16 1,880 --a------ C:\WINNT\system32\tmp.reg
2008-08-11 23:08 . 08-08-11 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-11 23:07 . 08-08-11 23:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-11 23:06 . 08-08-11 23:06 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\SUPERAntiSpyware.com
2008-08-11 18:05 . 08-08-11 18:05 <DIR> d-------- C:\Program Files\Avira
2008-08-11 18:05 . 08-08-11 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-03 21:04 . 08-08-03 21:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-08-02 20:30 . 08-08-02 20:30 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-02 20:26 . 08-08-02 20:26 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-07-31 15:55 . 08-07-31 16:25 <DIR> d-------- C:\WINNT\system32\Adobe
2008-07-30 10:31 . 07-07-30 19:19 207,736 --a------ C:\WINNT\system32\muweb.dll
2008-07-30 10:31 . 07-07-30 19:19 203,096 --a------ C:\WINNT\system32\wuweb.dll
2008-07-28 14:47 . 08-08-05 17:47 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-07-28 14:47 . 08-07-28 14:47 1,409 --a------ C:\WINNT\QTFont.for
2008-07-27 22:49 . 08-07-27 22:49 <DIR> d-------- C:\Program Files\CCleaner
2008-07-22 12:12 . 08-07-29 05:10 196,013 --a------ C:\WINNT\system32\system32
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 09:34 --------- d-----w C:\Program Files\Boingo
2008-08-12 09:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-12 03:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 19:07 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\LimeWire
2008-08-07 22:10 --------- d-----w C:\Program Files\iTag
2008-07-31 20:39 --------- d-----w C:\Program Files\Lavasoft
2008-07-28 06:02 --------- d-----w C:\Program Files\Google
2008-07-27 23:33 --------- d-----w C:\Program Files\Trend Micro
2008-07-24 01:51 --------- d-----w C:\Program Files\Java
2008-07-02 17:37 --------- d-----w C:\Documents and Settings\Valued Customer\Application Data\MP3Rocket
2008-06-30 18:35 --------- d-----w C:\Program Files\Common Files\Java
2008-06-30 15:59 --------- d-----w C:\Program Files\LimeWire
2008-06-27 23:32 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-25 09:41 64,784 ----a-w C:\WINNT\system32\mswsock.dll
2008-06-25 09:41 105,744 ----a-w C:\WINNT\system32\msafd.dll
2008-06-24 09:41 --------- d-----w C:\Program Files\HyperSnap 6
2008-06-18 10:05 320,528 ----a-w C:\WINNT\system32\drivers\tcpip.sys
2008-06-17 16:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 15:58 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
2008-04-21 22:20 82 ----a-w C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2008-01-04 22:58 71,928 -c--a-w C:\Documents and Settings\Valued Customer\Application Data\GDIPFONTCACHEV1.DAT
2006-05-24 00:19 8 -c--a-w C:\Documents and Settings\Valued Customer\Application Data\usb.dat.bin
2006-02-16 18:07 7,708,704 -c-h--r C:\Documents and Settings\Valued Customer\SYSTEM.DAT
2006-02-16 16:28 1,318,946 -c-h--r C:\Documents and Settings\Valued Customer\USER.DAT
2006-02-15 21:13 271 ---h--w C:\Program Files\desktop.ini
2006-02-15 21:13 21,952 ---h--w C:\Program Files\folder.htt
2005-02-27 15:06 0 -c--a-w C:\Documents and Settings\Valued Customer\nsreg.dat
2004-05-23 15:52 513 -c----w C:\Documents and Settings\Valued Customer\netzero.dat
2004-01-25 21:19 9,118 -c--a-w C:\Documents and Settings\Valued Customer\hh.dat
2002-11-17 01:28 327,712 -c-h--r C:\Documents and Settings\Valued Customer\HWINFO.DAT
2001-02-22 11:13 16,384 -c--a-w C:\Documents and Settings\Valued Customer\MSIMGSIZ.DAT
2001-01-12 21:10 6,550 -c--a-w C:\Documents and Settings\Valued Customer\JAUTOEXP.DAT
1999-12-07 12:00 32,528 -c--a-w C:\WINNT\inf\wbfirdma.sys
1999-07-30 16:48 1,020 -c--a-w C:\Documents and Settings\Valued Customer\TRUESOFT.DAT
1999-04-24 03:22 229,680 -c--a-w C:\Documents and Settings\Valued Customer\SUBACK.BIN
1999-04-24 03:22 168,096 -c--a-w C:\Documents and Settings\Valued Customer\W98SETUP.BIN
1998-11-26 15:11 456 -c--a-w C:\Documents and Settings\Valued Customer\PTHSP.DAT
2007-08-15 22:33 479,232 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-08-15 22:33 548,864 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-08-15 22:33 626,688 -c--a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
.
------- Sigcheck -------
01-02-20 14:09 8192 d36a33c21eeed5a6c1daecb7c80a1909 C:\WINNT\system32\CTFMON.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [05-09-03 16:18 94208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07-08-30 18:43 4670704]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05-05-31 00:04 1415824]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [08-07-08 16:41 2828184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [08-05-28 10:33 1506544]
"ctfmon.exe"="ctfmon.exe" [01-02-20 14:09 8192 C:\WINNT\system32\CTFMON.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-08-16 20:24 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [04-10-15 20:40 2577632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [08-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-06-12 14:28 266497]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 111376 C:\WINNT\system32\mobsync.exe]
"LTWinModem1"="ltmsg.exe" [03-10-28 03:00 40960 C:\WINNT\system32\ltmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [07-08-30 18:43 4670704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 14:05 186640]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-17 12:24:40 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Boingo.lnk - C:\WINNT\Installer\{736CAD5F-0944-4498-BF9E-0E75549854C7}\Icon736CAD5F5.exe [2006-08-01 18:24:52 7680]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-02-25 01:09:12 106560]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2006-08-21 21:58:20 4784640]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [08-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
06-09-01 01:49 140048 C:\WINNT\system32\NWPROVAU.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
R1 ATMhelpr;ATMhelpr;C:\WINNT\system32\drivers\ATMhelpr.sys [97-06-17 04:00 ]
R3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;C:\WINNT\system32\BWNDIS5.SYS [03-01-11 13:20 ]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINNT\system32\DRIVERS\rtl8180.sys [03-10-01 10:54 ]
R3 trid3d;trid3d;C:\WINNT\system32\DRIVERS\trid3dm.sys [99-11-19 10:11 ]
S3 MMIndexer;Media Manager Indexer;C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe [97-08-04 00:00 ]
S3 SAUSBHW;%SAUSBHW.SvcDesc%;C:\WINNT\system32\Drivers\sausb.sys [01-11-07 13:27 ]
S3 TDW2K;WavePlus 802.11b Wireless PCI/PCMCIA Card Driver;C:\WINNT\system32\DRIVERS\wpndis5.sys [04-08-03 17:24 ]
S3 Wdm1;USB Bridge Cable Driver;C:\WINNT\system32\Drivers\usbbc.sys [03-07-01 13:51 ]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{33B66CB6-BDF6-83C4-0708-030007010604}]
C:\WINNT\system32\system32.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\pe4n7a6x.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 11:45:03
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\explorer.exe
-> ?:\WINNT\system32\rsabase.dll
.
Completion time: 2008-08-12 11:58:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 15:57:35
ComboFix2.txt 2008-07-30 01:51:07
Pre-Run: 14,703,157,248 bytes free
Post-Run: 14,669,328,384 bytes free
172 --- E O F --- 2008-08-11 18:07:53Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:07, on 08/12/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Boingo\Boingo.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1417001333-1060284298-1343024091-500\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Administrator')
O4 - HKUS\S-1-5-21-1417001333-1060284298-1343024091-500\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User 'Administrator')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - S-1-5-21-1417001333-1060284298-1343024091-500 Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe (User 'Administrator')
O4 - S-1-5-21-1417001333-1060284298-1343024091-500 User Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe (User 'Administrator')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Boingo.lnk = C:\Program Files\Boingo\Boingo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINNT\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.localnet.com/
O15 - Trusted Zone: http://www.animalpassion.com
O16 - DPF: Yahoo! Euchre -
O16 - DPF: Yahoo! Literati -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 9261 bytes
Ty again...where to now please??
button,then click the "Accept" button.