Posts by dlh6213

Try IEFix from here:
http://www.majorgeeks.com/download4467.html

Go to Windows Update to get the Critical Updates for your system, at least SP1.

Crunchie, what about the WeatherBug?

You probably need to unzip it :)

To unzip it, right-click on the hijckthis.zip file, and then choose the "Extract All..." option from the menu; this will start XP's extraction Wizard. Follow the Wizard's steps using the default selections. This will create a sub-folder named HijackThis, which contains the actual hijackthis.exe program.

Oh, by the way, it's caperjack (not camperjack :) )

Go to Add/Remove Programs in your Control Panel and remove these (if found):

180solutions
Rjrant

You may need to use Pocket Killbox for some of these, but let's see how hijackthis does with them first. Scan with HJT and have it fix the following entries:

O4 - HKLM\..\Run: [Windows Compliant] winole.exe
O4 - HKLM\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\Run: [Microsoft is Gay] nesse69.exe
O4 - HKLM\..\Run: [dBbFUobc] D:\WINDOWS\doreymf.exe
O4 - HKLM\..\Run: [sais] d:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Asaha] C:\Program Files\Rjrant\Mmmskk.exe
O4 - HKLM\..\Run: [Dns Server] dnswn.exe
O4 - HKLM\..\Run: [Microsoft Update] Svhost.exe
O4 - HKLM\..\Run: [PPPOEO] pingppac.exe
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKLM\..\RunServices: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\RunServices: [Microsoft is Gay] nesse69.exe
O4 - HKLM\..\RunServices: [Dns Server] dnswn.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
O4 - HKLM\..\RunServices: [PPPOEO] pingppac.exe
O4 - HKCU\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKCU\..\Run: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [Dns Server] dnswn.exe
O4 - HKCU\..\Run: [Microsoft Update] Svhost.exe

Be sure all windows are closed other that HJT before hitting the Fix button

Go to the following locations and delete the highlighted file or folder:

D:\WINDOWS\doreymf.exe
D:\Program Files\180solutions
C:\Program Files\Rjrant

Reboot

Close all browser windows, scan with HJT, and post a new log please.

This thread needs moving across to the correct forum. Apologies for that. Any help would be very much appreciated.

Here you go :)

First try System Restore to go back to a time before you had the problem.

Click Start, All Programs, Accessories, System Tools, System Restore

If that doesn't work, try an in-place upgrade (aka repair installation); instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Disable Ad-aware's Ad-watch before making the changes noted in the last post, and leave it disabled until your system is clean.

Hey Catweazle, any idea what causes these things to change on their own? I recently had a similar problem that my son helped me resolve -- had to go to Tools, Internet Options, Accessibility, and under Formatting, I had to uncheck "Ignore colors specified on web pages." I had never even opened this 'Accessibility' area before, let alone make any changes to it!

Go to Add/Remove Programs and remove (if found):

AproposClient
slmss
ISTsvc

Do a search for New.net. Note its locations for use later in these instructions

Scan with HJT and have it fix the following entries, be sure all windows other then HJT are closed before hitting the Fix button:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\LIQUID~1\LOCALS~1\Temp\~compoundinst0\auto_update_loader.exe"
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [zqxkryv] C:\WINDOWS\zqxkryv.exe
O4 - HKLM\..\Run: [yrzbtp] C:\WINDOWS\system32\earmmw.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

Reboot into Safe Mode and delete the highlighted file or folder (if found):

C:\WINDOWS\Belt.exe
C:\Program Files\Web_Rebates
C:\WINDOWS\System32\bridge.dll
C:\WINDOWS\zqxkryv.exe
C:\WINDOWS\system32\earmmw.exe
C:\WINDOWS\fash.exe
C:\Program Files\Common Files\slmss
C:\WINDOWS\mwsvm.exe
C:\Program Files\ISTsvc

Go to the location noted before and delete the folder New.net is found in

Empty your Recycle Bin

Reboot normally

Follow the instructions here:

http://securityresponse.symantec.com/avcenter/venc/data/spyware.apropos.b.html (don't skip the registry backup part)

Do you know what Ante less itch.exe is for? If not, right-click on it, go to Properties, and give us all the info you …

Go to Add/Remove Programs in your Control Panel and remove the following (if found):

FlashGet
Web_Rebates (or similar)
ISTsvc
DAP

Before fixing anything with HJT, do a search for these, note their location, and let us know in your next post:

itch.exe
auto_update_loader.exe
NewDotNetStartup
DAP

After noting those locations, scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jietprhcjua.us/aalco6RSZ...ACWIc95vrA.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R3 - Default URLSearchHook is missing
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll (file missing)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [yrzbtp] C:\WINDOWS\system32\earmmw.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\LIQUID~1\LOCALS~1\Temp\~compoundinst0\auto_update_loader.exe"
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [zqxkryv] C:\WINDOWS\zqxkryv.exe
O4 - HKLM\..\Run: [HECKBODY] C:\PROGRA~1\PLATFO~1\Ante less itch.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

Follow the advice in BOTH posts :)

Then do this:
Remove Newdotnet, either from Add/Remove programs in your Control Panel, or go here and scroll down to the uninstall tool:
http://www.newdotnet.com/#remove

And there will still be more to do so don't forget to post a new HJT log after you've done all that!

Yeah, what he said :)

Do you have a CD or DVD burner? If so, anything you would like to keep long term should be stored that way.

What size flash drive you get depends on how much you're willing to spend and how much data you intend to put on it. I have a 256MB that I carry around with me, but have never even come close to filling it even half way. I recently purchased a 4GB the I intend to keep near my computer for backups (not connected all the time, only when I want to save something).

Did you read this thread yet?
http://www.daniweb.com/techtalkforums/thread7370.html

If you have a CD (or DVD) burner, you can do that; floppies will work too, but may take several depending on how much data you have to store. What I prefer these days is a USB flash drive, they're inexpensive and can hold a lot of information!

Can't boot into Safe Mode? Here's a thread that should help:

http://www.daniweb.com/techtalkforums/thread17368-boot.ini.html

Looks like you went ahead and fixed a few things on your own there :)

Looks good to me, let us know if you have any more problems

hey guys you have to help me , this is very important.
I dont know how suddenly my "folder options" tab inside the "tools" dropdown is gone missing.Not just "folder options" but all the standard options of "Tools" are missing, instead i see options like "Map N/w drive...", "Disconnect n/w drive..." and "Synchronize..."
Please help me, i have my very important files that were made hidden!!

What OS do you have?

Okay, Windows Me is your OS; you can right-click on the "My Computer" icon, and then click on Properties, click on the General tab and it should show what Service Pack you have. But I was just asking because SP2 (XP) has a popup blocker in it, since you don't have that, a popup blocker may be a good idea.

I'm not that familiar with all the popup blockers available, before you start using one, I would suggest you ask for recommendations in the Software forum.

Remember to close all browser windows when scanning with hijackthis (you had IE and Mozilla open when you did that scan).

Do you have any idea what this is?
C:\Documents and Settings\Brian\Application Data\bf????.exe <---

I strongly suspect it's not good; if you're not sure, find it, right-click on it, go to Properties, and post all the info on it you can find.

Scan with HJT and have it fix the following entries:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)

Close all windows other then hijackthis before hitting the Fix button

Reboot into Safe Mode

Go to the indicated folder and delete the highlighted files:
C:\WINDOWS\System32\qnjtji.exe
C:\WINDOWS\System32\dktime.exe
C:\WINDOWS\System32\m?iexec.exe

Do a search for, and delete any instances found of:
videosd32.exe
scvhosting.exe

Reboot …

Try running ScanDisk (and DiskDefrag) from Safe Mode.

You can get all the protection you need by following the advice, and getting the tools, suggested here:

http://www.daniweb.com/techtalkforums/thread16365.html

http://www.daniweb.com/techtalkforums/thread5690.html

http://subratam.org/?page=software

If you do the things suggested, one popup blocker should be adequate. In most cases I don't think there will be a problem running more than one, but there may be conflicts with some.

Here is one review of AdSubtract:

http://computercops.biz/reviews-134.html

What OS and Service Pack (SP) do you have? Is it XP with SP2?

It sounds like your browser has been hijacked; get Hijackthis from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.

I'd wait for some advice from crunchie or DMR on the Mirc.exe (unless you've done something with it already?); other than that, your log looks clean to me, are you still having trouble with the backdoor thing?

Mirc.exe (Found trojan file: F:\Program Files\Kickchat$cript[2.0]\Mirc.exe (Csr.100) )
is a legit file, but could be infected (I don't think it should have that Csr.100 with it); not sure what to do about that one other than to delete and reinstall it:

http://startup.iamnotageek.com/srch-mirc.exe.html

http://www.liutilities.com/products/wintaskspro/processlibrary/mirc/

http://www.anti-spy.info/process/mirc.exe.html

See this thread for the trojan found on your "C" drive:

http://www.daniweb.com/techtalkforums/thread13362.html

Oh, and you should still follow the recommendations in my previous post, those same entries were found by Trojan Hunter

Close all browser windows, scan with HJT, and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O4 - HKLM\..\Run: [F:\WINDOWS\System32\ope6A1.exe ] F:\WINDOWS\System32\ope6A1.exe
O4 - HKLM\..\Run: [WinDSNX] F:\WINDOWS\System32\ope6B4.exe
O4 - HKLM\..\Run: [F:\WINDOWS\System32\ope6AA.exe ] F:\WINDOWS\System32\ope6AA.exe
O4 - HKLM\..\Run: [F:\WINDOWS\System32\ope6B3.exe ] F:\WINDOWS\System32\ope6B3.exe
O4 - HKLM\..\Run: [dxset.exe] F:\WINDOWS\dxsetu.exe

Reboot into Safe Mode

Delete the highlighted files in these locations:

F:\WINDOWS\System32\ope6A1.exe
F:\WINDOWS\System32\ope6B4.exe
F:\WINDOWS\System32\ope6AA.exe
F:\WINDOWS\System32\ope6B3.exe
F:\WINDOWS\dxsetu.exe

Open Windows Explorer, go to Tools, and in the Folder Options, select "Show hidden files and folders," and uncheck "Hide protected operating system files."

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Cookies
History
Local Settings\Temp
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Empty your Recycle Bin.

Reboot normally, close all browser windows, scan with HJT, and post a new log please. (Let us know if you still have the problem too)

So I did what was recommended and both Adaware and Norton (along with the Panda and TrendMicro) scams all come up clean.

Thank you so much for your help!

Where's the hijackthis log? There may be problems hiding...

I ran in safe mode and answered "no" to three surprise questions about merging things into the registry.

What were the questions and why did you answer "no"?

First, you need to remove Newdotnet, either from Add/Remove programs in your Control Panel, or go here and scroll down to the uninstall tool:
http://www.newdotnet.com/#remove

Second, go here to get hijackthis:
http://www.merijn.org/files/hijackthis_sfx.exe

Next, close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.

O4 - HKCU\..\Run: [BPK] C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE
NO.....I downloaded that for my personal use. Any other suggestions?

I have a question, why do you have a keylogger?

Unzip the remv3.zip files to a permanent folder and run it in SAFE MODE ONLY.

Then, after rebooting , post the results from c:\log.txt.

Oh by the way can any of you recommend any antivirus software.

Here are some discussions on antivirus programs here at DaniWeb:

http://www.daniweb.com/techtalkforums/thread17349-nod32.html

http://www.daniweb.com/techtalkforums/thread12883-nod32.html

http://www.daniweb.com/techtalkforums/thread3330-nod32.html

Hey Turnip, you may want to have your parents read this as it's kind of related:

http://www.daniweb.com/techtalkforums/thread16365.html

You can find Hijackthis tutorials at these sites (and more if you do a google search):

http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
http://hjt.wizardsofwebsites.com/
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
http://www.spywareinfo.com/~merijn/htlogtutorial.html

By the way, I don't see anything bad in that log either, but since XP is where you are having problems, that is where you need to scan with HJT.

Go here:

http://forums.skads.org/index.php?showtopic=80

Get the file that is attached in post #3

Then get Hijackthis (as Caperjack suggested) from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, then copy and past it here.

Go to this thread:

http://www.daniweb.com/techtalkforums/thread5690.html

1.) Download and install, Ad-Aware SE. In addition to the default settings, check these and make any necessary adjustments:

A.) Close ALL windows except Ad-Aware SE

B.) Click on the ‘world’ icon (at the top right of the Ad-Aware SE window) to let Ad-Aware SE update.

C.) Once the update is finished, click on the ‘Gear’ icon (second from the left at the top of the window) to access the Preferences/Settings window.

a.) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

b.) Under Definitions:
*Prompt to udate outdated definitions - set the number of days

B.) Click on the ‘Scanning’ button on the left and select in green:

a.) Under Driver, Folders & Files:
*Scan Within Archives

b.) Under Select drives & folders to scan:
*choose all hard drives

c.) Under Memory & Registry, all green:
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

C.) Click on the ‘Advanced’ button on the left and select in green:

a.) Under Shell Integration:
*Move deleted files to recycle bin

b.) Under Logfile Detail Level, all green:
*include addtional object information
*DESELECT - include negligible …

Hi, So Since the red washer is on the top side of mobo, I'm good to go? Getting ready to turn it on and see how it goes.

Catweazle, if the red (fiber) washer is on the top side of the mobo, under the screw head, how can it ground properly?

Oh! Good question!

My thoughts are that you should NEVER use metal washers of any form when fitting a motherboard.

If you are using a case which has metal 'stand-offs', I'd advise that you religiously use fibre washers between the stand-off and the underside of the motherboard.

Also be careful that you use screws that don't have large heads for locations where the circuitboard tracks come realy close to the mounting hole.

How can you get fibre washers to stay in place on the metal standoffs while putting the motherboard in place? Glue them on?

Maybe I haven't seen enough motherboards, but all of them I've seen have large bonded surfaces, larger than any screw head would ever be.

But that does bring up another point, if the mounting holes are bonded, using a non-metal washer would prevent the board from being grounded properly.

I always use screws that have a head that looks like it has a washer, but it's actually all one piece.

Are you talking about using washers under the heads of the screws to attach the motherboard?

If so, it shouldn't really matter as long as you don't overtighten the screws. Using washers, however, or screws with wide heads will reduce the chance of damage.

To help protect and repair your system (and hers), follow the advice in these threads:

http://www.daniweb.com/techtalkforums/thread16365.html

http://www.daniweb.com/techtalkforums/thread5690.html

Next time either of you have any trouble, try us first! :)

Crunchie had a good idea (as usual); set a System Restore point, and then delete the bad entries, explorer_cab (make sure you delete only the ones with the underscore " _ ").

I didn't expect Stinger to find it, but I was hoping.

Downloader.Small is a fairly common trojan (with different numbers and letters at the end), but they are usually in a different folder than the one you described. I've never seen C\explorer_cab (it should be C\explorer.cab), and can't find any info on it.

I'm thinking this whole folder, explorer_cab.vir:, should be deleted; but let's have someone else confirm this before you do it.

Download Stinger from here:
http://vil.nai.com/vil/stinger/

Save it to your desktop

Double-click on the stinger.exe file

Under 'Directories to scan' enter all hard drives/partitions in your system

Clink on Scan Now

Stinger will fix anything that it finds

When it's finished, click the File menu and select Save report to file

Post the log file results here in this thread

Looks good to me :)

Looks like someone merged the two threads so there is only one now.

See if this helps:
http://support.microsoft.com/?kbid=289022

That's interesting... I wonder if Nero or Microsoft are aware of this problem... :confused:

Glad you got it figured out and thanks for letting us know what it was in case it comes up again :)

By the way, there's nothing wrong with using msconfig to boot into Safe Mode (usually), that's what the option is there for.

Do you mind telling us what you did in case it comes up again?

Wow, that didn't sound like a hard drive problem to me. Thanks for letting us know how you fixed it :)

Marking this as solved, even though you did it on your own :D

For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:
Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire content of
C:\Windows\Temp folder
C:\Temp folder

Do a search for *.tmp and delete everything found

Empty your Recycle Bin

Here's a link to the spyware site crunchie mentioned if you care to see what they said about those programs:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Go to Add/Remove Programs in your Control Panel and remove (if found):
Viewpoint and/or Viewpoint Manager
WildTangent

Scan with HJT and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: IEHlprObj Class - {2096CA9F-76CB-469E-8D8E-8C41CB788D90} - C:\WINDOWS\system32\mo030414s.dll (file missing)
O2 - BHO: TChkBHO Class - {35C95DFE-E560-46FA-BF13-449C8466CD50} - C:\WINDOWS\system32\csxlw.dll (file missing)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [Sentry] C:\WINDOWS\Sentry.exe
O4 - HKLM\..\Run: [System Tray] C:\Documents and Settings\BARBARA\My Documents\Lindsay\screen_doc.pif
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [xrmjhxbvxz] C:\WINDOWS\System32\cjdcxn.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKCU\..\Run: [System Tray] C:\Documents and Settings\BARBARA\My Documents\Lindsay\screen_doc.pif
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - …

That was a pretty simple fix, Thanks for posting it. I'll try to remember that in case it comes up again!

I'm going to mark this as solved; even though we didn't help, there is a solution to the problem :D

WeatherBug is related to adware and, in my opinion, should be removed. You can decide for yourself; here are a couple of links:
http://sarc.com/avcenter/venc/data/adware.weathercast.html
http://www.auditmypc.com/process/weather.asp

If you decide to uninstall it, go to Add/Remove Programs in your Control Panel and remove WeatherBug

Regardless of your decision regarding WeatherBug, scan with HJT and have it fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

And these only if you don't want WeatherBug:
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/min...ransporter.cab?

Close all windows other than HJT before hitting the Fix button

Last step, again only if you don't want WeatherBug:
Reboot into Safe Mode
Go to C:\Program Files\AWS and delete the WeatherBug folder

Reboot normally

Close all browser windows, scan with HJT and post a new log

Did Microsoft give you the instructions you need once you get into the Registry Editor?

To get to the Registry Editor, go to Start, Run, and type in regedit; click OK and the Registry Editor will open.

Before you edit the registry, you should make a backup. At the top of the Registry window, click on the Registry menu, click Export Registry File. In the Export range panel, click All, then save your registry as Backup.

Make the changes you want, then exit the Registry Editor.

If you end up needing to reinstall, here are complete instructions:
http://www.daniweb.com/techtalkforums/thread6632.html

Since SP2 caused problems before, you may not want to try it again, but here is some info on it if you're interested:
http://www.daniweb.com/techtalkforums/thread10031.html