When the computer starts up I get the error messages "DW caused an error in unkown" and "Popsrv 184 caused an error".
The START Button also does not show up and all the Icons by the clock do not show up, I can not click on the bottom bar, all I get is the hour glass.

How can I fix this. Thanx'

Try booting into Safe Mode (http://www.cybertechhelp.com/html/tutorials/tutorial.php/id/24) can you get into it okay? After getting into it go to Start>Run> type msconfig > Press enter > try making sure that the "Load startup group items" is unchecked (not grayed and checked but white and unchecked) Now try going back into windows normally (not safe mode) See if you can get there. (note: this will have disabled all the things that startup normally (such as an anti-virus or firewall or even the sound icon next to the clock, if it does work after doing this we can one by one reenable these things)

Good Luck:)

Hi mikoto - you have spyware/malware on your PC. If you want to get rid of it permanently, follow tb525's instructions here (http://www.cybertechhelp.com/forums/showthread.php?t=21384).

AM- How is she supposed to do so if she can't do anything in windows? (I think you skipped a part of her post...we all do that sometimes:))

Try following AM directions in safe mode...forget my instructions for now.:)

Good Luck:)

Good point enat. Hijack This will work in Safe Mode quite well. We need to see what's running though to remove it.

Thanx' for the help.
Windows works as far as I can see besides the problems I posted.
I ran Hijack This and got this.

__________________________________________________
Logfile of HijackThis v1.96.0
Scan saved at 10:39:40 PM, on 27/08/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\POP\POPSRV184.EXE
C:\PROGRAM FILES\TOPICKS\BIN\IDHOST.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\WINDOWS\WJVIEW.EXE
C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
C:\PROGRAM FILES\RVP\BPC.EXE
C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\PROGRAM FILES\SRNG\SRNG.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\PROGRAM FILES\POP\SYSMONN.EXE
C:\WINDOWS\SYSTEM\MSBB.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\KAZAA\KAZAA.EXE
C:\WINDOWS\SYSTEM\XCOMMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\INVENTION PILOT\SOUND PILOT\SNDPILOT.EXE
C:\PROGRAM FILES\BULLGUARD\MGUI.EXE
C:\PROGRAM FILES\BULLGUARD\AVXLIVE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\PROGRAM FILES\BULLGUARD\AVXNEWS.EXE
C:\PROGRAM FILES\TOPICKS\BIN\HTHOST.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;127.0.0.1;<local>
F1 - win.ini: load=ptsnoop.exe
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - C:\PROGRAM FILES\TOPICKS\BIN\HTCHECK2.DLL
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7778} - C:\PROGRAM FILES\POP\POP184.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\GR02.DLL
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\PROGRAM FILES\SRNG\SNHELPER.DLL
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\BS3.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: &POP - {645FD3BC-C314-4F7A-9D2E-64D62A0FDD78} - C:\PROGRAM FILES\POP\POP184.DLL
O3 - Toolbar: Topicks Categories - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - C:\PROGRAM FILES\TOPICKS\BIN\TPBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EX E -r
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [POP] C:\PROGRAM FILES\POP\POPSRV184.EXE
O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run: [AutoUpdater] c:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM FILES\SCBAR\V2\SCBAR.EXE" /U
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\BS3.DLL,DllRun
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\SYSTEM\MSBB.EXE
O4 - HKLM\..\Run: [OVFVPCGJT] C:\WINDOWS\OVFVPCGJT.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [BullGuard XComm ] C:\WINDOWS\SYSTEM\XCOMMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [BullGuardInit] C:\PROGRAM FILES\BULLGUARD\AVXINIT.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Sound Pilot] "C:\PROGRAM FILES\INVENTION PILOT\SOUND PILOT\SNDPILOT.EXE"
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [Sound Pilot] "C:\PROGRAM FILES\INVENTION PILOT\SOUND PILOT\SNDPILOT.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: BullGuard.lnk = C:\Program Files\BullGuard\mgui.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BullGuard Update.lnk = C:\Program Files\BullGuard\avxlive.exe
O4 - Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_scrip t0.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Ebates (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
________________________________________________
Hope you can help thanx' again =)

Jeepers mikoto - you have enough spyware on board to sink a ship and your browser has been hijacked! OK, before we start, go here (http://www.cexx.org/lspfix.htm) and download LSPFix.exe. There is a possibility that after we remove the spyware, you could lose your Internet Connection. If this happens, run LSPFix.exe and you should be fine.

You might as well uninstall KaZaA because after the spyware that is causing your problems is gone, it probably wont work anyway. Also uninstall Webhancer, POP and Medialoads/Downloadware if these entries are present.

Next download Spybot - Search & Destroy from here (http://spybot.eon.net.au/). If you already have Spybot on your PC, make sure that it is the latest version and go online and make sure that you have installed the latest updates.

After installing, launch Spybot from the Desktop Icon (Easy Mode),click on the Search For Updates button, search for and install all updates.

Now click on the Check for Problems button and the scan will start. Any Red entries indicate spyware problems that should be fixed to avoid security and/or privacy problems. This is the only kind of problem that is preselected to be fixed. If, after running the scan, Spybot displays red entries, click on the Fix Selected Problems button.

Now click on the Immunize button to protect your PC from known pests and exit.

If you have chosen to install an icon in your Quick Launch bar, Spybot will launch in Advanced Mode. I do not recommend this option for first time users of Spybot.

NOTE: SSD will sometimes not be able to remove all active components in the first 'run'. In that case you will get a dialog asking you to run SSD at next start. Click yes and reboot.
SSD will activate before the system puts these components 'in use', and it will then be able to 'fix' the rest.

When you have done this, go here (http://www.ravantivirus.com/scan/) and run an online scan. If RAV detects any malware, post the log back in this thread. Also post back a new Hijack This log.

Thanx' for all the help. The computer works again.

Here is the new log.
_________________________________________
Logfile of HijackThis v1.96.0
Scan saved at 6:15:26 PM, on 28/08/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\POP\POPSRV184.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SRNG\SRNG.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\INVENTION PILOT\SOUND PILOT\SNDPILOT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\PROGRAM FILES\POP\SYSMONN.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srng.net/search/9885/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;127.0.0.1;<local>
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7778} - C:\PROGRAM FILES\POP\POP184.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\BS3.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: &POP - {645FD3BC-C314-4F7A-9D2E-64D62A0FDD78} - C:\PROGRAM FILES\POP\POP184.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EX E -r
O4 - HKLM\..\Run: [POP] C:\PROGRAM FILES\POP\POPSRV184.EXE
O4 - HKLM\..\Run: [AutoUpdater] c:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\BS3.DLL,DllRun
O4 - HKLM\..\Run: [OVFVPCGJT] C:\WINDOWS\OVFVPCGJT.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Sound Pilot] "C:\PROGRAM FILES\INVENTION PILOT\SOUND PILOT\SNDPILOT.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

Hi mikoto - did you run the RAV scan? If not please do so and post back the log if RAV detects any malware. There is still some fixing to do but I want to see what RAV reports before I begin.

BTW...run LSPFix.exe too. You do have broken internet access and this could cause problems down the track.