PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!
   
 
Become a Member Today!
Search PC Help Forum for Answers
 
Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [Fixed] Hijackthis! Logs
Reload this Page [Answered] Explorer problems
[Fixed] Hijackthis! Logs - [Answered] Explorer problems posted in the Spyware / AdWare forums; About a week ago, I started my PC and after everything loaded, I clicked on the start menu and there was nothing in the left side of the pop-up ...

REGISTER NOW to remove these Ads

Reply
 
LinkBack Thread Tools Display Modes Language
  #1  
Old 4 Weeks Ago
chim's Avatar
Bronze Member
  
Posts: 7
PC Experience: Some Experience
chim - See this Members User comments on their Profile page
Default [Answered] Explorer problems
About a week ago, I started my PC and after everything loaded, I clicked on the start menu and there was nothing in the left side of the pop-up menu where the recently used programs usually reside. About that time I look down and windows defender has an X on it so I check it and it says there is a trojan in spy sweeper "trojan/agent". Check spy sweeper and it didn't show any infection, so I scan my PC and now it shows a trojan. I delete it but now, the explorer bar across the bottom of my desktop is frozen. I rebooted and in the first 15 seconds it is ok, but then it locks up again. All of my desktop icons still work though and when I open the task manager, Explorer.exe is running at a solid 51% continuously no matter what. Then earlier in the week, I booted up my PC and it said that my copy of windows wasn't valid. I managed to get that corrected. I ran CCleaner and AVG and it removed tons of stuff and everything is loading faster but the explorer bar is still frozen. Here is my Hijack this log. Hopefully you guys can figure this out. Im getting behind on my work because Im hesistant to do anything sensitive on this PC.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:32 AM, on 4/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - d:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 200
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe" /ScheduleSweep=HPCeeScheduleForOwner
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: MRI_DISABLED
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - D:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7485 bytes

Thanks for any help you can provide
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #2  
Old 3 Weeks Ago
ih8bills's Avatar
US Mule
My PC
 
Posts: 3,586
PC Experience: More Stubborn than any PC
Location: coastal Rhode Island
ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page
Default Re: Explorer problems
Hi... Welcome to PCHF.

Forum Rules require that HJT logs must be analyzed by experienced Security Team Analysts. This is for your protection... and to give you our best service.

Our Security Team is always very busy-- and as we live all over the Earth...
Time-Zones are also an important factor.

Your patience is greatly appreciated.

Thank You
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #3  
Old 3 Weeks Ago
chim's Avatar
Bronze Member
  
Posts: 7
PC Experience: Some Experience
chim - See this Members User comments on their Profile page
Default Re: Explorer problems
also wanted to note that I've seen that alot of times an analyst wants to run combo fix. I read over the instructions for combofix and it says that I need the windows CD to boot up into the Vista recovery Environment. I do not have the CD as I am out of town on business. Is there another way to boot into the VRE so that I can run Combo fix?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #4  
Old 3 Weeks Ago
chim's Avatar
Bronze Member
  
Posts: 7
PC Experience: Some Experience
chim - See this Members User comments on their Profile page
Default Re: Explorer problems
Tried to run SDFix in safe mode like the directions say, but the program wouldn't load. A window would pop-up very briefly then disappear. I tried it a couple times and even tried to run it as admin. but nothing would get it to load. When I rebooted into normal mode, a window popped open briefly that looked similar to the one that opened for SDFix but it didn't do anything like the instructions said it was supposed to do.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #5  
Old 3 Weeks Ago
valis's Avatar
Senior Security Analyst
My PC
 
Posts: 2,480
Location: texas, USA
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Explorer problems
hello chim, welcome to the forums....

first things first, we need to fix your lsp entries.

Download LSPFix.exe

Instructions for using LSPFix
  1. Double click on LSPFix.exe to run it.
  2. Once running, you will be required to tick the disclaimer - "I know what I'm doing".
  3. You'll find a windows with 2 columns. In the left column which is labeled 'Keep', click once to select the entry:
    • tmlsp.dll
  4. Then click on the arrow pointing to the right, >>.
    This will move the entry to the right column labeled 'Remove'
  5. Click the Finish button to complete the fix.

Reboot your computer, then perform the following please:

 Go here: http://www.bleepingcomputer.com/comb...o-use-combofix
Follow the instructions for ComboFix, then paste the results along with a new HJT log.

Thanks,

v

Comments on this post
ih8bills agrees: Thanks V ... !
__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #6  
Old 3 Weeks Ago
chim's Avatar
Bronze Member
  
Posts: 7
PC Experience: Some Experience
chim - See this Members User comments on their Profile page
Default Re: Explorer problems
Mr. V,

Here are the logs. I did the first program where you wanted that file removed as well. I do want to note that when combo fix was done running, my windows explorer did not come back. When I rebooted, it was back, but is still the same as before, locked up and not allowing me to access the start menu or any icons in sys-tray.



ComboFix 08-04-20.2 - Owner 2008-04-20 22:50:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1251 [GMT -4:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-19 21:49 . 2008-04-18 09:45 <DIR> d-------- C:\SDFix
2008-04-18 14:28 . 2008-04-18 14:28 1,169 --a------ C:\Windows\mozver.dat
2008-04-18 08:09 . 2008-04-18 08:09 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Grisoft
2008-04-18 08:09 . 2008-04-18 08:09 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-18 08:09 . 2008-04-18 08:09 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-18 08:09 . 2007-05-30 08:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-17 21:13 . 2008-04-17 21:13 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Talkback
2008-04-17 21:13 . 2008-04-17 21:13 0 --a------ C:\Windows\nsreg.dat
2008-04-15 22:39 . 2008-04-17 22:07 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Uniblue
2008-04-15 21:02 . 2008-01-10 11:44 10,533 --a------ C:\Windows\System32\drivers\tmcomm.cat
2008-04-15 21:02 . 2007-12-24 17:36 2,487 --a------ C:\Windows\System32\drivers\tmcomm.inf
2008-04-14 20:39 . 2008-04-20 22:28 1,856 --ah----- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2008-04-14 20:39 . 2008-04-20 22:28 1,856 --ah----- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2008-04-13 18:18 . 2008-04-13 18:18 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-13 14:35 . 2008-04-13 15:10 <DIR> d-------- C:\Users\All Users\SecTaskMan
2008-04-13 14:35 . 2008-04-13 15:10 <DIR> d-------- C:\ProgramData\SecTaskMan
2008-04-13 14:35 . 2008-04-13 14:35 <DIR> d-------- C:\Program Files\Security Task Manager
2008-04-12 20:00 . 2008-04-13 14:47 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{76ce29f0-08ec-11dd-9fdb-007a455b6a70}.TMContainer00000000000000000002.regt rans-ms
2008-04-12 20:00 . 2008-04-13 14:47 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{76ce29f0-08ec-11dd-9fdb-007a455b6a70}.TMContainer00000000000000000001.regt rans-ms
2008-04-12 20:00 . 2008-04-13 14:47 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {76ce29f4-08ec-11dd-9fdb-007a455b6a70}.TMContainer00000000000000000002.regt rans-ms
2008-04-12 20:00 . 2008-04-13 14:47 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {76ce29f4-08ec-11dd-9fdb-007a455b6a70}.TMContainer00000000000000000001.regt rans-ms
2008-04-12 20:00 . 2008-04-13 14:47 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{76ce29f0-08ec-11dd-9fdb-007a455b6a70}.TM.blf
2008-04-12 20:00 . 2008-04-13 14:47 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {76ce29f4-08ec-11dd-9fdb-007a455b6a70}.TM.blf
2008-04-11 08:05 . 2008-04-11 08:15 <DIR> d-------- C:\Users\Owner\AppData\Roaming\HouseCall 6.6
2008-04-11 08:03 . 2008-04-11 08:03 <DIR> d-------- C:\Windows\Sun
2008-04-08 21:48 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-08 21:48 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-08 21:48 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-08 21:48 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 21:48 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 21:48 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 21:48 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 21:48 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-08 21:48 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 06:20 . 2008-04-08 06:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-27 18:43 . 2008-03-27 18:43 <DIR> d-------- C:\Users\Owner\AppData\Roaming\iWinArcade
2008-03-25 22:42 . 2008-03-25 22:42 <DIR> d-------- C:\Users\Owner\AppData\Roaming\iWin
2008-03-25 22:42 . 2008-03-27 18:43 <DIR> d-------- C:\Users\All Users\iWin Games
2008-03-25 22:42 . 2008-03-27 18:43 <DIR> d-------- C:\ProgramData\iWin Games
2008-03-21 10:27 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-21 10:27 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-21 02:20 --------- d-----w C:\Users\Owner\AppData\Roaming\uTorrent
2008-04-16 20:58 41,662 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat
2008-04-11 11:26 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-09 04:13 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 04:07 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-08 02:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-26 02:38 --------- d-----w C:\Users\Owner\AppData\Roaming\Media Center Programs
2008-03-25 01:56 --------- d-----w C:\ProgramData\Roxio
2008-03-21 23:47 278 ----a-w C:\Users\Owner\AppData\Roaming\wklnhst.dat
2008-03-09 21:27 --------- d-----w C:\ProgramData\NVIDIA
2008-03-09 17:58 --------- d-----w C:\Users\Owner\AppData\Roaming\Skype
2008-03-03 08:10 182,272 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-02-23 22:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-23 22:34 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-23 22:34 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-23 22:34 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-23 22:34 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-23 22:34 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-23 22:34 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-23 22:34 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-23 22:34 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-23 22:30 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-23 22:30 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-23 22:30 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-23 22:30 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-23 22:30 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-23 22:30 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-23 22:30 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-23 00:30 --------- d-----w C:\ProgramData\PopCap Games
2007-08-30 07:10 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 01:01 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"RunSpySweeperScheduleAtStartup"="C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe" [2007-03-23 17:23 86016]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-25 04:56 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-08-07 04:51 4609288]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"NvSvc"="RUNDLL32.exe" [2006-11-02 05:45 44544 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 05:45 44544 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 05:45 44544 C:\Windows\System32\rundll32.exe]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-03-12 14:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 16:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
%WINDIR%\SMINST\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-11-07 08:05 8534560 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-07 08:05 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-11-07 08:05 86016 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-02-13 14:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-03-28 20:45 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-04-20 04:44 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 19:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"ccSetMgr"=2 (0x2)
"CLSched"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"Com4Qlb"=3 (0x3)
"comHost"=3 (0x3)
"HP Health Check Service"=2 (0x2)
"hpqwmiex"=2 (0x2)
"IDriverT"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"LiveUpdate"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"stllssvr"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SymAppCore"=2 (0x2)
"Vongo Service"=2 (0x2)
"XAudioService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{981CFFA3-9427-4709-97C8-B19E11A3E100}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{56D6BE56-AF94-49FD-A837-96D2E9729C9B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27C7DD8C-DE25-44E2-AFAA-3C39BAD6D94A}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{62AE469B-FC3E-482F-88B9-DE6101EC1741}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9850DBF2-A867-47A6-A467-A34444477A47}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E1094CCC-9147-4145-A6B1-12D5ADA16576}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A522C3AB-2467-4115-9D41-4CC97790C5ED}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4F0C39B0-4C88-4C96-AC2C-4F245039729B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96D26B41-9B01-475C-9A9C-EB2F8D437737}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{284BF33D-7530-40CE-96AD-B622CE1FB05B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{FA0FF1D8-B77D-4FCC-B01B-84C1904A1033}C:\\users\\owner\\desktop\\utorrent.e xe"= UDP:C:\users\owner\desktop\utorrent.exe:utorrent.e xe
"UDP Query User{2326606B-4368-4326-AA5A-156EA1CE6EEB}C:\\users\\owner\\desktop\\utorrent.e xe"= TCP:C:\users\owner\desktop\utorrent.exe:utorrent.e xe
"{406EE0F7-D663-4FE1-B3A1-D97B467B9733}"= Profile=Private|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{61634A42-B93D-4323-A56C-5E1FCCECCB94}"= TCP:6004|D:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{DE4A4C8C-D107-4B9C-83ED-2D0F2D6E7B9E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{A280FA92-BAFC-4E96-83EB-DA685905810E}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{A3C280D4-9809-45E6-99B2-12386912AFE1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{28D8F785-6224-477B-939D-242C405DC61A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B46C24A3-CE00-4542-A721-19CB68AA8BC5}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{EEA686C8-203D-49F2-9B86-E8D0515B0C61}"= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{99E613E1-7E01-409C-9265-E59AE8C58A2B}"= Disabled:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{9FAA7BF0-3542-4A24-941F-A7BC868163AC}C:\\users\\owner\\desktop\\utorrent.e xe"= Disabled:UDP:C:\users\owner\desktop\utorrent.exe:u torrent.exe
"UDP Query User{1627F583-0EB7-4AE0-8412-3362E35C9942}C:\\users\\owner\\desktop\\utorrent.e xe"= Disabled:TCP:C:\users\owner\desktop\utorrent.exe:u torrent.exe
"TCP Query User{A593A995-C37B-4593-A30B-15D81576B7D3}C:\\program files\\windows sidebar\\sidebar.exe"= Disabled:UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{4BF16B09-6CB3-4994-ACF1-BF657F6352CE}C:\\program files\\windows sidebar\\sidebar.exe"= Disabled:TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{AB1FE85B-4B57-49D0-BDB3-B219B8EB0BC2}C:\\users\\owner\\desktop\\applicatio ns\\utorrent.exe"= UDP:C:\users\owner\desktop\applications\utorrent.e xe:utorrent.exe
"UDP Query User{C8F9B3C8-0DF3-405E-80C5-CD6D3579842E}C:\\users\\owner\\desktop\\applicatio ns\\utorrent.exe"= TCP:C:\users\owner\desktop\applications\utorrent.e xe:utorrent.exe
"TCP Query User{42B6B561-773D-4BDE-B4F6-005B2BB34DE7}C:\\users\\owner\\desktop\\applicatio ns\\utorrent.exe"= UDP:C:\users\owner\desktop\applications\utorrent.e xe:utorrent.exe
"UDP Query User{B51ED166-8649-4606-97E7-24439C3502A7}C:\\users\\owner\\desktop\\applicatio ns\\utorrent.exe"= TCP:C:\users\owner\desktop\applications\utorrent.e xe:utorrent.exe
"{1F162AFA-C96B-41BE-8E0E-ACF2FB078A87}"= UDP:\Program Files\iWin Games\iWinGames.exe:iWin Games application.
"{A8A4C779-077C-45FD-99BF-462128D34A46}"= TCP:\Program Files\iWin Games\iWinGames.exe:iWin Games application.
"{50DC705C-12B4-4EF4-9B2B-4B277C3172C8}"= UDP:\Program Files\iWin Games\WebUpdater.exe:iWin Games updater.
"{B865A3B0-9CD1-4FDC-9989-B280C34C9C97}"= TCP:\Program Files\iWin Games\WebUpdater.exe:iWin Games updater.

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 iWinGamesInstaller;iWinGamesInstaller:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-03-27 18:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2006-11-28 17:44]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 04:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f6aeb9d3-35a7-11dc-83d5-001b2455b9ec}]
\shell\AutoRun\command - G:\mri.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 06:03:13 C:\Windows\Tasks\HPCeeScheduleForOwner.job"
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
"2008-04-18 14:01:39 C:\Windows\Tasks\wrSpySweeper_L98766304B13147D9A1E 2DC9272E731A2.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L98766304B13147D9A1E2DC 9272E731A2
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************
.
Completion time: 2008-04-20 22:55:21
ComboFix-quarantined-files.txt 2008-04-21 02:55:16

Pre-Run: 69,947,019,264 bytes free
Post-Run: 69,949,620,224 bytes free

239 --- E O F --- 2008-04-18 11:32:52

++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:17 PM, on 4/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 200
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe" /ScheduleSweep=HPCeeScheduleForOwner
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: MRI_DISABLED
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - D:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7066 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #7  
Old 3 Weeks Ago
valis's Avatar
Senior Security Analyst
My PC
 
Posts: 2,480
Location: texas, USA
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Explorer problems
You may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'

O4 - Global Startup: MRI_DISABLED

reboot, and post another log please.

thanks,

v

__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #8  
Old 3 Weeks Ago
chim's Avatar
Bronze Member