[resolved]Can't open My Computer and Control Panel etc

Unknown · January 2007

I can't open things like "My Documents", "My Computer", "Control Panel" etc. I think it is explorer that has some problems/virus. But i can see the desktop, the "Start" button down at the left corner, and the prosess "explorer.exe" is running. I have tried to kill explore.exe in "Task Manager", and start it again. But that doesn't help.

The wierd thing is that "My Computer" and the other things (in explorer) workes great when i boot in safemode. I myself think it is a virus, but who knows?(not me)

So I'm looking for help.

Thanks!

PS: When i tries to open files like "My Documents", nothing happons (not even an error)

Here is my HijackThis LOG:

Logfile of HijackThis v1.99.1
Scan saved at 16:22:23, on 24.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\hjk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Last ned alle med FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Last ned med FlashGet - C:\Program Files\FlashGet\jc_link.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A56C373E-B3A3-4B6C-A625-3FAC0B9CB318}: NameServer = 217.13.4.21,217.13.7.136
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

mania · January 2007

Today I saw that I had 6 or more svchost.exe prosesses. I tried to kill one of them (with NETWORK SERVICE as "User Name") and explorer worked and I could go into things like "My Computer", "My Documents" etc.

But also a message came up and said the computer were going to restart in 60 seconds.

Does this help anyone finding out whats wrong with my explorer?

jmoney3457 · January 2007

hi mania,1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

mania · January 2007

"name" - 07-01-25 22:04:03 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\kjartan\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\Installer\1c48c6d6.msi
C:\WINDOWS\system32\SVKP.sys
C:\WINDOWS\system32\drivers\npf.sys

((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))

2007-01-25 07:50 <DIR> d

C:\Program Files\RegistrySmart
2007-01-24 22:37 <DIR> d

C:\Program Files\Uniblue
2007-01-24 22:37 <DIR> d

C:\DOCUME~1\kjartan\Application Data\Uniblue
2007-01-24 22:24 <DIR> d

C:\DOCUME~1\ALLUSE~1\Application Data\SecTaskMan
2007-01-24 22:23 <DIR> d

C:\Program Files\Security Task Manager
2007-01-24 22:14 <DIR> d

C:\Program Files\Registry Firewall
2007-01-24 22:06 <DIR> d

C:\Program Files\ErrorKiller
2007-01-24 21:54 <DIR> d

C:\Program Files\RegCure
2007-01-24 21:22 24,072 --a

C:\WINDOWS\system32\uxtuneup.dll
2007-01-24 21:21 <DIR> d

C:\Program Files\TuneUp Utilities 2007
2007-01-24 21:14 <DIR> d

C:\Program Files\RegistryFix
2007-01-24 19:53 36,352

C:\WINDOWS\system32\tsgqec.dll
2007-01-24 19:53 288,768

C:\WINDOWS\system32\rhttpaa.dll
2007-01-24 19:53 116,736

C:\WINDOWS\system32\aaclient.dll
2007-01-23 21:10 3,968 --a

C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-22 18:11 <DIR> d

C:\HJK
2007-01-22 18:01 <DIR> d

C:\Program Files\RegScrubXP
2007-01-22 15:46 <DIR> d

C:\WINDOWS\system32\quicktime
2007-01-20 22:34 <DIR> d

C:\Program Files\ratDVD
2007-01-20 21:04 <DIR> d

C:\DOCUME~1\Guest\Application Data\Sun
2007-01-20 21:00 <DIR> d

C:\DOCUME~1\Guest\Application Data\Talkback
2007-01-20 19:59 <DIR> d

C:\DOCUME~1\Guest\Application Data\DivX
2007-01-20 19:47 <DIR> d

C:\DOCUME~1\Guest\Application Data\LockTime
2007-01-20 19:47 <DIR> d

C:\DOCUME~1\Guest\Application Data\AVG7
2007-01-16 17:30 <DIR> d

C:\Program Files\Gamelio Client
2007-01-15 23:42 <DIR> d

C:\DOCUME~1\LOCALS~1\Application Data\DivX
2007-01-10 19:35 <DIR> d

C:\WINDOWS\ie7updates
2007-01-08 17:41 <DIR> d

C:\Program Files\VTX
2007-01-07 19:50 <DIR> d

C:\Program Files\TVersity
2006-12-31 19:37 <DIR> d

C:\DOCUME~1\ALLUSE~1\Application Data\TrackMania United
2006-12-31 14:31 <DIR> d

C:\Program Files\TrackMania United
2006-12-31 13:48 <DIR> d

C:\Program Files\Aspyr Media, Inc
2006-12-31 13:25 <DIR> d

C:\Program Files\Project Snowblind
2006-12-25 11:44 2,560

C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-25 11:44 2,432

C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-25 11:44 129,784

C:\WINDOWS\system32\pxafs.dll
2006-12-25 11:44 <DIR> d

C:\Program Files\Winamp
2006-12-25 11:30 <DIR> d

C:\Program Files\EphPod
2006-12-25 01:00 <DIR> d

C:\DOCUME~1\ALLUSE~1\Application Data\FLEXnet
2006-12-25 00:48 <DIR> d

C:\Program Files\Common Files\Macrovision Shared
2006-12-25 00:47 <DIR> d

C:\Program Files\Bonjour

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-25 22:03

d

C:\Program Files\microsoft antispyware
2007-01-25 22:00

d

C:\DOCUME~1\kjartan\Application Data\openoffice.org2
2007-01-25 20:58

d

C:\Program Files\steam
2007-01-25 20:00

d

C:\Program Files\mozilla firefox
2007-01-25 16:20

d

C:\Program Files\mirc
2007-01-24 23:14

d

C:\Program Files\mozilla thunderbird
2007-01-24 21:29

d

C:\Program Files\Common Files\wise installation wizard
2007-01-23 21:10

d

C:\Program Files\grisoft
2007-01-23 21:05

d---s---- C:\DOCUME~1\kjartan\Application Data\microsoft
2007-01-22 16:58

d

C:\Program Files\flashget
2007-01-22 07:47

d

C:\Program Files\mirc2k
2007-01-21 22:33

d

C:\Program Files\hlsw
2007-01-20 16:35

d

C:\Program Files\flashfxp
2007-01-20 16:08

d

C:\Program Files\dc++
2007-01-12 20:46

d

C:\DOCUME~1\kjartan\Application Data\limewire
2007-01-10 07:56

d

C:\DOCUME~1\kjartan\Application Data\avg7
2007-01-08 17:41

d

C:\DOCUME~1\kjartan\Application Data\ventrilo
2007-01-07 19:57

d

C:\Program Files\ezlink
2007-01-01 15:12

d

C:\Program Files\d-link media server
2006-12-31 14:24 98304 --a

C:\WINDOWS\system32\cmdlineext.dll
2006-12-31 12:41

d

C:\Program Files\fraps
2006-12-26 15:46

d

C:\DOCUME~1\kjartan\Application Data\azureus
2006-12-25 10:57

d

C:\DOCUME~1\kjartan\Application Data\adobe
2006-12-25 00:50

d

C:\Program Files\Common Files\adobe
2006-12-24 11:57

d

C:\Program Files\Common Files\raxco
2006-12-21 23:41

d

C:\Program Files\k-lite codec pack
2006-12-21 07:33

d

C:\Program Files\gspot
2006-12-20 14:34

d

C:\Program Files\java
2006-12-20 12:17 227856 --a

C:\WINDOWS\system32\pdboot.exe
2006-12-18 16:34

d

C:\Program Files\octoshape streaming services
2006-12-17 12:08

d

C:\Program Files\ogm to avi
2006-12-17 12:04

d

C:\Program Files\videomach-3.4.1
2006-12-16 00:21

d

C:\Program Files\pokerstars
2006-12-14 15:56 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll
2006-12-14 15:56 17212 --a----t- C:\WINDOWS\system32\sintf32.dll
2006-12-14 15:56 12067 --a----t- C:\WINDOWS\system32\sintf16.dll
2006-12-14 15:10

d

C:\Program Files\acclaim entertainment
2006-12-14 08:09

d

C:\Program Files\7-zip
2006-12-13 15:20

d

C:\Program Files\world of warcraft
2006-12-12 19:50

d

C:\DOCUME~1\kjartan\Application Data\vlc
2006-12-11 14:59

d--h

C:\Program Files\installshield installation information
2006-12-11 14:56

d

C:\Program Files\id software
2006-12-10 12:23

d

C:\Program Files\msbuild
2006-12-10 12:18

d

C:\Program Files\microsoft visual studio 8
2006-12-09 20:08

d

C:\Program Files\silkroad
2006-12-08 04:57 77312 --a

C:\WINDOWS\system32\twain_32.dll
2006-12-08 04:57 69632 --a

C:\WINDOWS\system32\twunk_32.exe
2006-12-08 04:57 48560 --a

C:\WINDOWS\system32\twunk_16.exe
2006-12-04 21:00

d

C:\DOCUME~1\kjartan\Application Data\dvdcss
2006-12-03 15:07 44808 --a

C:\DOCUME~1\kjartan\Application Data\gdipfontcachev1.dat
2006-12-03 09:43

d

C:\Program Files\allok avi divx mpeg to dvd converter
2006-12-02 09:23

d

C:\Program Files\nmap
2006-11-29 18:31

d

C:\Program Files\windows ident server
2006-11-27 17:08

d

C:\Program Files\alcohol soft
2006-11-27 16:53 639224 --a

C:\WINDOWS\system32\drivers\sptd.sys
2006-11-27 14:55

d

C:\Program Files\lavalys
2006-11-27 14:13

d

C:\Program Files\powerstrip
2006-11-27 09:45 60416

C:\WINDOWS\system32\tzchange.exe
2006-11-25 10:46 2829 --a

C:\WINDOWS\war3unin.pif
2006-11-25 10:46 139264 --a

C:\WINDOWS\war3unin.exe
2006-11-25 10:46

d

C:\Program Files\warcraft iii
2006-11-25 09:33

d

C:\Program Files\microsoft.net
2006-11-25 09:33

d

C:\Program Files\microsoft works
2006-11-20 09:42 33280 --a

C:\WINDOWS\system32\snmp.exe
2006-11-14 14:18 46 --a

C:\Program Files\setup.ini
2006-11-14 07:32 0 --a

C:\Program Files\sfv.log
2006-11-13 07:02 1866240 --a

C:\WINDOWS\system32\mstscax.dll
2006-11-08 06:06 679424 --a

C:\WINDOWS\system32\inetcomm.dll
2006-11-07 09:06 600576 --a

C:\WINDOWS\system32\mstsc.exe
2006-11-04 14:14 1245696 --a

C:\WINDOWS\system32\msxml4.dll
2006-10-26 19:56 32592 --a

C:\WINDOWS\system32\msonpmon.dll
2006-10-26 14:10 33088 --a

C:\WINDOWS\system32\fm20enu.dll
2006-10-26 14:10 1190688 --a

C:\WINDOWS\system32\fm20.dll
2006-10-26 13:45 293376 --a

C:\WINDOWS\system32\wisptis.exe
2006-10-26 13:45 207360 --a

C:\WINDOWS\system32\inked.dll
2006-10-26 10:43 40960 --a

C:\WINDOWS\system32\frapsvid.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphupd05.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"PowerStrip"="c:\\program files\\powerstrip\\pstrip.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"NetLimiter"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Setup]
"Registering MS MPEG4 ActiveX filter..."="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\mpg4ds32.ax"
"Registering WMA ActiveX filter..."="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\msadds32.ax"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TaskBar"="\"C:\\Program Files\\Creative\\SBAudigy\\TaskBar\\CTLTask.exe\""
"TaskTray"="\"C:\\Program Files\\Creative\\SBAudigy\\TaskBar\\CTLTray.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorkiller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="errorkiller"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\errorkiller\\errorkiller.exe\" -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezlink]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezlink"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\EzLink\\ezlink.exe\" -service_start -background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistrySmart"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\RegistrySmart\\RegistrySmart.exe\" -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
Shell\AutoRun\command I:\Autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\AUTORUN.EXE

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\dvdcheck.exe

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070122-223239-340
O17 - HKLM\System\CCS\Services\Tcpip\..\{A56C373E-B3A3-4B6C-A625-3FAC0B9CB318}: NameServer = 217.13.4.21,217.13.7.136
backup-20070122-182311-588
O11 - Options group: [INTERNATIONAL] International*

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HP Usg Daily.job

Completion time: 07-01-25 22:11:20

jmoney3457 · January 2007

please post new HJT log along with if your task mgr/control panel etc work..

mania · January 2007

I killed one of the two prosesses called svchost.exe (NETWORK SERVICE) and explorer worked for 1 minute, before the computer restarted.

Btw: explorer workes great in safemode too.

Here is my HJT LOG when explorer worked (for 1 min)

Logfile of HijackThis v1.99.1
Scan saved at 07:33:59, on 26.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
c:\hjk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Last ned alle med FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Last ned med FlashGet - C:\Program Files\FlashGet\jc_link.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A56C373E-B3A3-4B6C-A625-3FAC0B9CB318}: NameServer = 217.13.4.21,217.13.7.136
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

jmoney3457 · January 2007

You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act?
  - Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
  - All checkboxes should be ticked.
- Under Possibly unwanted software:
  - All checkboxes should be ticked.
- Under Reports:
  - Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
  - Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot back into Normal Mode please post back the AVG log and new HJT log

mania · January 2007

Ok jmoney3457, I'm doing it right now (on the other computer)

But should I post the HJT log from safemode or normal mode, or even both?

mania · January 2007

AVG Anti-Spyware

AVG Anti-Spyware - Scan Report

+ Created at: 21:53:53 26.01.2007

+ Scan result:

:mozilla.97:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.99:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.104:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\kjartan\Cookies\kjartan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\kjartan\Cookies\kjartan@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.131:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.128:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.84:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.90:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.91:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.92:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.110:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.27:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.50:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.130:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.125:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.126:C:\Documents and Settings\kjartan\Application Data\Mozilla\Firefox\Profiles\c763onxg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 22:06:19, on 26.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\mIRC\mirc.exe
c:\hjk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Last ned alle med FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Last ned med FlashGet - C:\Program Files\FlashGet\jc_link.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A56C373E-B3A3-4B6C-A625-3FAC0B9CB318}: NameServer = 217.13.4.21,217.13.7.136
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

jmoney3457 · January 2007

should always do HJT in normal unless asked otherwise,Please download Rootkit Revealer (link is at the very bottom of the page)

Unzip it to your desktop.
Open the RootkitRevealer folder and double-click RootkitRevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go to File > Save. Choose to save the log to your desktop.
Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

Please don't surf or do anything else during the scan with RootkitRevealer, or it may interfere with the results and show legitimate entries.

mania · January 2007

This is my RootkitReveal.txt

HKU\.DEFAULT\Control Panel\International 25.01.2007 22:11 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 25.01.2007 22:11 0 bytes Security mismatch.
HKU\S-1-5-21-861567501-1547161642-725345543-1006\Control Panel\International 25.01.2007 22:11 0 bytes Security mismatch.
HKU\S-1-5-21-861567501-1547161642-725345543-1006\Control Panel\International\Geo 25.01.2007 22:11 0 bytes Security mismatch.
HKU\S-1-5-21-861567501-1547161642-725345543-1006\Software\Microsoft\Command Processor 25.01.2007 22:11 0 bytes Security mismatch.
HKU\S-1-5-21-861567501-1547161642-725345543-1006\Software\Valve\Steam\LastSteamExecutionTime 26.01.2007 23:58 4 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-18\Control Panel\International 25.01.2007 22:11 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 25.01.2007 22:11 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 08.01.2006 01:49 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 08.01.2006 01:49 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 14.01.2006 10:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Command Processor 25.01.2007 22:11 0 bytes Security mismatch.
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg 27.11.2006 17:11 0 bytes Access is denied.
C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf 08.03.2006 16:55 9.03 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\ATTRIB.EXE-15ACDFFE.pf 25.01.2007 22:08 32.15 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\AVGCC.EXE-02F8B9EE.pf 26.01.2007 14:53 29.56 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\AVGINET.EXE-0005112E.pf 26.01.2007 08:38 57.17 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\AVGW.EXE-30DE450D.pf 26.01.2007 08:38 64.14 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\BASH.EXE-1A6D1D31.pf 25.01.2007 07:07 8.09 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\CAT.EXE-233F2A22.pf 25.01.2007 07:07 6.80 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\CLEAR.EXE-0F0D5E32.pf 25.01.2007 07:07 6.29 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\COMBOFIX.EXE-0136E0DC.pf 25.01.2007 22:03 11.23 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\COMBOFIX.EXE-043BAAA0.pf 25.01.2007 22:10 9.92 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf 26.01.2007 14:53 14.86 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf 25.01.2007 20:43 42.23 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf 25.01.2007 20:43 26.46 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\ERRORKILLER.EXE-3211BBCB.pf 25.01.2007 17:33 38.59 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf 26.01.2007 14:53 87.51 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf 08.03.2006 17:06 73.34 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\FIXWELCH.EXE-2FDA74DE.pf 25.01.2007 07:49 12.47 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\GCASDTSERV.EXE-04B13CAF.pf 07.03.2006 22:26 28.69 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\GCASDTSERV.EXE-05A93754.pf 26.01.2007 14:54 28.24 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\GCASSERV.EXE-2AADC73F.pf 26.01.2007 14:53 10.13 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\GCASSERV.EXE-3660CD4E.pf 07.03.2006 22:26 28.83 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\GROOVEMONITOR.EXE-23AE9D0A.pf 26.01.2007 14:53 19.85 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HANDLE.EXE-2438B3AB.pf 25.01.2007 22:04 6.49 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf 26.01.2007 08:45 55.83 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HL.EXE-1365A93A.pf 08.03.2006 17:00 61.80 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HL2.EXE-34D0E555.pf 25.01.2007 20:44 61.24 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HPHMON05.EXE-1C7A07AD.pf 26.01.2007 14:53 13.14 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HPHPED05.EXE-0D413E83.pf 08.03.2006 16:55 20.60 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HPHUPD05.EXE-21ADACC2.pf 26.01.2007 14:53 6.92 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HPZENG09.EXE-0847757B.pf 26.01.2007 16:53 16.40 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HPZIPM12.EXE-02312CF9.pf 26.01.2007 12:55 8.60 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HPZSTC09.EXE-2AE3C4BB.pf 26.01.2007 16:53 13.88 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\HPZSTW09.EXE-10B7C1E8.pf 26.01.2007 16:53 7.16 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf 08.03.2006 13:21 118.20 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf 25.01.2007 07:40 72.84 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 07.03.2006 22:26 15.83 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\IS-8731L.TMP-391FCF24.pf 25.01.2007 07:50 17.80 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\JUSCHED.EXE-2ABC3D1B.pf 07.03.2006 22:26 8.35 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\JUSCHED.EXE-32330AF0.pf 26.01.2007 14:53 8.38 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\LAUNCHER.EXE-0EB8AD16.pf 25.01.2007 07:51 35.73 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf 08.03.2006 15:58 43.56 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf 08.03.2006 16:04 37.33 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\LS.EXE-11DBE880.pf 25.01.2007 07:07 8.58 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\LVCOMSX.EXE-30FB8DC0.pf 26.01.2007 14:53 13.75 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\MIRC.EXE-0661EC22.pf 08.03.2006 16:55 43.44 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\MSCONFIG.EXE-1EF1EA0F.pf 26.01.2007 14:53 27.20 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\MSNMSGR.EXE-3744B6D8.pf 25.01.2007 18:04 60.07 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\NEROCHECK.EXE-30941580.pf 26.01.2007 14:53 6.69 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\NETLIMITER.EXE-2062FD46.pf 26.01.2007 14:53 32.93 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\NIRCMD.EXE-23972F4A.pf 25.01.2007 22:10 8.31 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\NIRCMD.EXE-2F68E642.pf 25.01.2007 22:10 8.22 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\NIRCMD.EXE-366F9194.pf 25.01.2007 22:03 8.54 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf 07.03.2006 22:26 21.28 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\PDENGINE.EXE-01EC0714.pf 26.01.2007 04:00 82.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\PSDRVCHECK.EXE-2ABC771E.pf 26.01.2007 14:53 8.60 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\PSTRIP.EXE-05F5D615.pf 26.01.2007 14:53 14.97 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\REGEDIT.COM-3A76CFF2.pf 25.01.2007 22:10 15.90 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\REGISTRYSMART.EXE-1BCF441B.pf 25.01.2007 17:33 55.86 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-247FE6B9.pf 07.03.2006 22:26 16.03 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf 08.03.2006 17:38 14.27 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf 08.03.2006 17:38 14.16 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B866543.pf 26.01.2007 14:53 15.11 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C500167.pf 25.01.2007 15:10 17.40 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-42AE6660.pf 26.01.2007 16:45 35.21 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-437B13D7.pf 25.01.2007 14:53 16.88 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-49A353BC.pf 24.01.2007 22:00 12.28 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-576089D2.pf 25.01.2007 07:40 38.26 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-58B4D267.pf 25.01.2007 20:27 18.55 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-5D117AF4.pf 25.01.2007 17:35 34.72 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6182A418.pf 25.01.2007 17:44 21.93 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6ACD0C83.pf 26.01.2007 14:53 17.99 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SETUP.EXE-29466F2D.pf 25.01.2007 07:50 15.94 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SOFFICE.BIN-0D95F2B2.pf 25.01.2007 22:32 90.51 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SOFFICE.BIN-1CB0E218.pf 08.03.2006 14:34 87.98 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SOFFICE.EXE-05A65D8B.pf 25.01.2007 22:32 9.96 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SOFFICE.EXE-24A0773F.pf 08.03.2006 14:34 7.51 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SORT.EXE-19728AC5.pf 25.01.2007 22:11 10.75 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\STEAM.EXE-15609EA3.pf 08.03.2006 16:59 47.33 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf 25.01.2007 18:04 39.25 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SWREG.EXE-2E5F63B9.pf 25.01.2007 22:03 7.32 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SWRITER.EXE-08C2C0CC.pf 25.01.2007 22:00 6.92 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\SWSC.EXE-0350ECDB.pf 25.01.2007 22:10 4.33 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\TASKLIST.EXE-2F7A50B5.pf 25.01.2007 08:02 21.09 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf 26.01.2007 07:31 63.11 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\TOP.EXE-39CD2E94.pf 25.01.2007 07:06 12.98 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf 26.01.2007 14:53 19.26 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf 07.03.2006 22:26 25.99 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\VENTRILO 2.3.0.EXE-130806B9.pf 08.03.2006 16:55 27.33 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\VENTRILOMIX.EXE-045F3DBC.pf 08.03.2006 16:55 19.48 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\VFIND.EXE-1067E86F.pf 25.01.2007 22:10 47.10 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf 26.01.2007 14:52 42.95 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf 07.03.2006 22:26 39.04 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\WINWORD.EXE-2CD38384.pf 26.01.2007 16:52 63.89 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf 08.03.2006 17:17 38.94 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80A.pf 25.01.2007 17:44 55.89 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf 08.03.2006 07:57 20.13 KB Visible in Windows API, but not in MFT or directory index.

jmoney3457 · January 2007

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this
In the main window, you will see each of the entries found by the scan (if any)
- If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
- Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
To clean up these entries click on the Clean up checked items button
If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now and also if the scanner removed anything

mania · January 2007

"No hidden items found by scan."

Nothing found by scan.

Will 'Repair' from an Windows Home Edititon CD (bootable) fix my problem?

jmoney3457 · January 2007

perhaps, but I'm first going to consult with 1 of the spyware Guru's here and get back to you:)

jmoney3457 · January 2007

ok my colleague didn't find anything either so yes try a repair install and let me know how that goes so I can mark this thread resolved:)

mania · January 2007

jmoney3457 wrote:

ok my colleague didn't find anything either so yes try a repair install and let me know how that goes so I can mark this thread resolved:)

I will.

Right now I'm working with fixing the Windows CD, because its to damaged.
I'm using a little machine "Repair Pro" or something, that will try to fix the CD.

I will post when I'm done!

mania · January 2007

Finally!

After a GOOD repair (read about the repair here) explorer and everything works great! Thanks guys!

Now I just need to install Service pack 2 and I'm back on track!

jmoney3457 · January 2007

Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips that Short-Media offers.

This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

If you are not the user who started this thread, you must start a new Thread instead

Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available at this link:
http://www.short-media.com/forum/showthread.php?t=29803

[resolved]Can't open My Computer and Control Panel etc

Comments