Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Need Help - Many Processes not Loading at StartUp.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 05-04-2007, 12:12 AM   #1 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Need Help - Many Processes not Loading at StartUp.
I have a Dell Laptop-Inspiron XPS-Gen2 running Windows XP Media Center 2005 Operating System. It was running fine then when I turned it on 2 days ago it failed to load all the processes it normally loads. This gives me extremely limited functionality. I now have 43 processes running whereas before I had about 68 running. My sound, printer, wireless connection, Internet Explorer browser, Windows Media and several other things don't work. Outlook Express e-mail can receive messages, but I can't create messages or send. FireFox browser works - I'm using it now. McAfee and Webroot SpySweeper don't load on startup, as they used to do. It will not allow me to install programs that I download via Internet.

The computer takes longer than usual to turn on. After Dell screen is displayed there is a "Welcome" screen for windows. Normally it is displayed for a few seconds, now it displays for 2 or 3 minutes. Then a pic on my desktop appears, but no icons until after about another 2 or 3 minutes. Normally the pic and icons pop-up very quickly.

Below are two "HiJack This" Logs. First is a present day one, and the other is from Nov 19, 2006 when the computer was running OK.

Please advise me how to fix these problems.
Thanks,
Rich in Phoenix.







Logfile of HijackThis v1.99.1
Scan saved at 11:27:39 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\dell printers\Additional Color

Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.ex

e
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program

Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National

Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program

Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program

Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Iomega\Automatic Backup

Pro\LiveSystem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\HOMECO~1\X10COM32.EXE
C:\Documents and

Settings\RICH\Desktop\DAILY\hijackthis\HijackThi

s.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext =

http://us.mcafee.com/apps/mpfplus/en-us/mpfplus6

/default.asp?affid=105-56&dtag=h65gs71
R3 - URLSearchHook: (no name) -

{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no

file)
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy -

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: FlashFXP Helper for Internet Explorer

- {E5A1691B-D188-4419-AD02-90002030B8EE} -

C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray]

C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program

Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE"

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe"

/installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program

Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program

Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel

PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program

Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup]

"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.e

xe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program

Files\Common

Files\InstallShield\UpdateService\issch.exe"

-start
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell

printers\Additional Color Laser Software\Status

Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program

Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP

CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace

Daemon] "C:\Program Files\Hewlett-Packard\HP

Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize

Scheduler] "C:\Program

Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program

Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Connect 2]

"C:\Program Files\Windows Media Connect

2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program

Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program

Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [SpySweeper] "C:\Program

Files\Webroot\Spy Sweeper\SpySweeperUI.exe"

/startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program

Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro]

"C:\Program Files\Iomega\Automatic Backup

Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Startup: X10 Communications Link.lnk =

C:\Program Files\Home Control\X10BURST.EXE
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader

Synchronizer.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource

Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: QuickBooks Update Agent.lnk

= C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search -

file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/30

00
O8 - Extra context menu item: Yahoo! &Dictionary

- file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -

file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -

file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL]

International*
O20 - Winlogon Notify: IntelWireless -

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier -

C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems

- C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Dell Printer Status Watcher

(DLPWD) - Dell Inc. - c:\program files\dell

printers\Additional Color Laser Software\Status

Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database

(DLSDB) - Dell Inc. - c:\program files\dell

printers\Additional Color Laser Software\Status

Monitor\DLSDBNT.EXE
O23 - Service: DSBrokerService - Unknown owner -

C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) -

McAfee, Inc. -

C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer,

Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server

(LkCitadelServer) - National Instruments, Inc. -

C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server

Locator (lkClassAds) - National Instruments,

Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time

Synchronization (lkTimeSync) - National

Instruments, Inc. -

C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee HackerWatch Service -

McAfee, Inc. - C:\Program Files\Common

Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager

(mcmispupdmgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) -

McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) -

McAfee, Inc. - c:\program files\common

files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee,

Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager

(mcpromgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service

(McRedirector) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.ex

e
O23 - Service: McAfee Real-time Scanner

(McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) -

McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service

(MpfService) - McAfee, Inc. - C:\Program

Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program

Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. -

C:\Program

Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain

Service (NIDomainService) - National

Instruments, Inc. - C:\Program Files\National

Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) -

National Instruments Corp. -

C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service

(NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor

(S24EventMonitor) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation -

C:\Program Files\Intel\Wireless\

--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:14:19 AM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Perfect Codec\isamonitor.exe
C:\Program Files\Perfect Codec\pmsngr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Perfect Codec\pmmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Perfect Codec\isamini.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\HOMECO~1\X10COM32.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\RICH\Desktop\DAILY\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en...6&dtag=h65gs71
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Perfect Codec\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [XoftSpy] "C:\Program Files\XoftSpy\XoftSpy.exe" -s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: X10 Communications Link.lnk = C:\Program Files\Home Control\X10BURST.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 05-06-2007, 03:25 PM   #2 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
BUMP. I have received no reply in more than 48 hours.

Please help me. Thanks
Rich in Phoenix
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-07-2007, 06:50 AM   #3 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Need Help - Many Processes not Loading at StartUp.
Hi Starjock,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

First of all, please turn off Word Wrap in Notepad. It will make the logs easier to read: :)
  • To turn off Word Wrap, please open Notepad (Start -> Run -> type notepad in the Open field -> OK).
  • Then go to the Format menu and uncheck Word Wrap.
  • Exit Notepad.


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:


BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download Dr.Web CureIt and save it to your desktop.

NOTE: In the event you already have Dr.Web CureIt, this is a new version that I need you to download.

Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the Safe Mode menu item, and then press Enter.

Now scan with Dr.Web CureIt:
  • Double-click the drweb-cureit.exe file. It will then suggest to run an "Express Scan" -- this you should allow.
  • After this (Dr.Web writes "Done" at the bottom left), you click "Options" menu -> "Change settings".
  • Choose the "Scan" tab, uncheck the mark at "Heuristic analysis".
  • Choose the "Actions" tab, and choose "Rename" under all the "Malware" issues. Then click "OK".
  • Back at the main window, you should now mark the drives that you want to scan (a red dot shows which drives have been chosen).
  • Click the green arrow at the right, and the scan will start. The first time Dr.Web finds something, you click "Yes to All", and it will after this automatically fix what is found.
  • After the scan, go to the "View" menu -> "Report list".
  • Then go to the "File" menu -> "Save report list".
  • Save the report to your desktop. The report will be called DrWeb.csv. Copy and paste the contents of the report in your next reply.
  • Close Dr.Web CureIt.
  • REBOOT your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

After reboot, post the contents of the log from Dr.Web you saved previously in your next reply, together with a new HijackThis log.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:

Please download System Repair Engineer by Smallfrogs and save it to your desktop:
  • Right-click sreng2.zip, select Extract All, and extract it to its own folder.
  • Double-click SREng.exe to run it.





  • Select Smart Scan and check (tick) Verify the digital signatures of process modules.
  • Click on the Scan button.
  • When the scan is complete, click on the Save Reports button and save the log to your desktop.
  • Please attach the log in your next reply. Don’t post it.

Note: You would have to rename SREngLog.log to SREngLog.txt before attaching it. If you cannot attach the log, then please copy and paste its contents into your next reply.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The log from the Dr.Web CureIt scan.
  2. The log from the ComboFix scan.
  3. The log from the SREng scan.
  4. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 05-07-2007 at 06:53 AM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-08-2007, 09:55 AM   #4 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
Thanks for help Sempurna.

I have completed your instructions through the Dr. Web Curelt step and am now posting it's report list and a new hijackthis file. It wasn't clear if I should continue on with the other actions (ComboFix) now, or wait until you review these and reply. So, I'm waiting for your next reply.

Dr.Web Report:

mcupdmgr.exe;c:\program files\mcafee\msc;Probably DLOADER.Trojan;;
GTDownDE_87.ocx;C:\i386;Adware.Gdown;Renamed.;
A0113434.ocx;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP676;Adware.Gdown;Renamed.;
A0118218.ocx;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP699;Adware.Gdown;Renamed.;

HiJackThis Report:

Logfile of HijackThis v1.99.1
Scan saved at 9:34:05 AM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\HOMECO~1\X10COM32.EXE
C:\Documents and Settings\RICH\Desktop\DAILY\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en...6&dtag=h65gs71
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: X10 Communications Link.lnk = C:\Program Files\Home Control\X10BURST.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

The system still operates the same as it did and as I described in my first post. No changes so far.

Rich in Phoenix
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-08-2007, 08:41 PM   #5 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Need Help - Many Processes not Loading at StartUp.
Hi Rich,

You're most welcome, Rich.

Yes, please continue with the ComboFix and SREng scans. Let's see if we can pick up what might be causing your problem. If it is not malware, then it would be likely a corrupt system configuration or hardware (i.e. RAM) problem.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 05-08-2007 at 08:42 PM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-09-2007, 01:35 AM   #6 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
Here are the results from the tests you wanted me to run:
Dr. Web:
mcupdmgr.exe;c:\program files\mcafee\msc;Probably DLOADER.Trojan;;
GTDownDE_87.ocx;C:\i386;Adware.Gdown;Renamed.;
A0113434.ocx;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP676;Adware.Gdown;Renamed.;
A0118218.ocx;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP699;Adware.Gdown;Renamed.;
-------------------------------------------------------------------
ComboFix:
"RICH" - 2007-05-08 23:16:56 Service Pack 2 [SAFE MODE]
ComboFix 07-05.07.3.V - Running from: "C:\Documents and Settings\RICH\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\RICH\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))


2007-05-08 01:01 <DIR> d-------- C:\DOCUME~1\RICH\DoctorWeb
2007-05-01 23:25 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-05-01 23:25 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-05-01 23:25 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-05-01 23:25 <DIR> d-------- C:\Program Files\Webroot
2007-05-01 23:23 <DIR> d-------- C:\DOCUME~1\RICH\APPLIC~1\Webroot
2007-04-20 11:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-04-20 11:56 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-04-20 11:56 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-04-20 11:56 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-04-20 11:56 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-04-20 11:56 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-04-20 11:55 <DIR> d-------- C:\Program Files\McAfee
2007-04-20 11:55 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-04-20 11:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-04-14 18:30 <DIR> d-------- C:\Program Files\Chessmaster 8000
2007-04-09 14:51 <DIR> d-------- C:\Program Files\DellSupport


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-06 06:42:37 -------- d-----w C:\Program Files\CBLIGHT
2007-05-03 08:47:20 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-02 06:23:18 -------- d-----w C:\DOCUME~1\RICH\APPLIC~1.\Webroot
2007-04-29 09:34:06 -------- d-----w C:\Program Files\Napster
2007-04-26 19:16:43 -------- d-----w C:\DOCUME~1\RICH\APPLIC~1.\Iomega Automatic Backup Pro
2007-04-25 08:58:43 -------- d-----w C:\Program Files\On2 Technologies
2007-04-20 19:07:03 -------- d-----w C:\Program Files\McAfee.com
2007-04-09 22:02:33 -------- d--h--w C:\DOCUME~1\RICH\APPLIC~1.\Gtek
2007-04-03 07:07:15 -------- d-----w C:\Program Files\Easiestutils
2007-04-01 06:56:56 -------- d-----w C:\DOCUME~1\RICH\APPLIC~1.\Opera
2007-03-30 02:46:18 1,054,448 ----a-w C:\Program Files\YouTubeFLVtoAVIconverterPro.exe
2007-03-19 19:52:07 76,978 ----a-w C:\WINDOWS\system32\nvModes.dat
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 02:01:32 -------- d-----w C:\Program Files\dvdSanta
2007-03-16 14:58:17 -------- d--h--r C:\DOCUME~1\RICH\APPLIC~1.\yahoo!
2007-03-10 19:18:55 -------- d-----w C:\DOCUME~1\RICH\APPLIC~1.\Azureus
2007-03-10 07:40:41 -------- d-----w C:\Program Files\NewsLeecher
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll"
"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"="C:\Program Files\Yahoo!\Common\yiesrvc.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"="c:\program files\mcafee\virusscan\scriptcl.dll"
"{E5A1691B-D188-4419-AD02-90002030B8EE}"="C:\PROGRA~1\FlashFXP\IEFlash.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"Apoint"="\"C:\\Program Files\\Apoint\\Apoint.exe\""
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /installquiet"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
@=""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLPSP"="\"c:\\program files\\dell printers\\Additional Color Laser Software\\Status Monitor\\DLPSP.EXE\""
"DVDBitSet"="\"C:\\Program Files\\HP CD-DVD\\Umbrella\\DVDBitSet.exe\" /NOUI"
"DVDTray"="\"C:\\Program Files\\HP CD-DVD\\Umbrella\\DVDTray.exe"
"Share-to-Web Namespace Daemon"="\"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe\""
"NWEReboot"=""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"PC Pitstop Optimize Scheduler"="\"C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe\" -boot"
"Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\""
"NapsterShell"="\"C:\\Program Files\\Napster\\napster.exe\" /systray"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"Iomega Automatic Backup Pro"="\"C:\\Program Files\\Iomega\\Automatic Backup Pro\\LiveSystem.exe\" -s"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uniblue registry booster
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
QWAVE QWAVE\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\LaunchU3.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 23:23:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s?????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-08 23:24:35
C:\ComboFix-quarantined-files.txt ... 2007-05-08 23:24

-----------------------------------------------------------------------
SREng file attached.
---------------------------------------------------------------------
New HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 01:14, on 2007-05-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\HOMECO~1\X10COM32.EXE
C:\Documents and Settings\RICH\Desktop\DAILY\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en...6&dtag=h65gs71
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] ; C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: X10 Communications Link.lnk = C:\Program Files\Home Control\X10BURST.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--------------------------------------------------------------------
I ran a Dell diagnostic disk test on the hardware, including RAM and it all passed OK.
---------------------------------------------------------------------
Please review all this and let me know what to do next. The system still operates as I described in my first post. No changes yet.

Thanks for your help.
Rich in Phoenix
Attached Files
File Type: txt SREngLOG.txt (32.6 KB, 3 views)
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-09-2007, 03:21 AM   #7 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Need Help - Many Processes not Loading at StartUp.
Hi Starjock,

You’re most welcome, Starjock.

OK, let’s do this next.

Please download HostsXpert and save it to your desktop:
  • Extract the zip file to your desktop or a permanent folder on your hard drive.
  • Open the folder and double-click on HostsXpert.exe.
  • Click "Backup / Restore" and select "Create Backup".
  • Click "Restore MS Hosts File".
  • Click "OK" and exit the program.


NEXT:

No malware in the latest logs that could be causing your problem. Let’s check for rootkits and see if anything pops up.

Please download and save F-Secure BlackLight to your desktop.
  • Click the I Accept button at the bottom of the page.
  • Download the Blacklight Beta graphical user interface version.
  • Double-click the fsbl.exe program that you downloaded to run BlackLight.
  • Click Scan -> Next.
  • After the scan you'll see a list of all items found. Please click Next and then Exit. Do NOT choose rename for any items yet! I need to see the log first, because legitimate items can also be present there...
  • A log will be created on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx are numbers)
  • Please post the contents of the log in your next reply.


NEXT:

Please download GMER and save it to your desktop:
  • Unzip (extract) it to your desktop.
  • Disconnect from Internet and close all running programs.
  • There is a small chance this application may crash your computer so save any work you have open.
  • Double-click gmer.exe to run it.
  • Let the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan... click NO.
  • Click the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Then click the Scan button. Wait for the scan to finish.
  • Once done, click the Copy button.
  • This will copy the results to the clipboard. Open Notepad and press CTRL + V to paste the log, and save it to your desktop. Paste the results in your next reply.

If you're having problems with running gmer.exe, try it in Safe Mode.
This tool works in Safe Mode… other rootkit revealers don't.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The log from the BlackLight scan.
  2. The log from the GMER scan.
  3. A new ComboFix log.
  4. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 05-09-2007 at 03:28 AM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-09-2007, 03:38 PM   #8 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
I ran your latest list of programs and had no problem with them. My computer still operates as when I first posted - same problems.

Below are logs you requested.

BlackLight:
05/09/07 14:10:27 [Info]: BlackLight Engine 1.0.61 initialized
05/09/07 14:10:27 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/09/07 14:10:27 [Note]: 7019 4
05/09/07 14:10:27 [Note]: 7005 0
05/09/07 14:10:38 [Note]: 7006 0
05/09/07 14:10:38 [Note]: 7011 2020
05/09/07 14:10:38 [Note]: 7026 0
05/09/07 14:10:38 [Note]: 7026 0
05/09/07 14:10:42 [Note]: FSRAW library version 1.7.1021
05/09/07 14:36:39 [Note]: 7007 0

------------------------------------------------------------------
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-09 15:03:35
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050189C 7 Bytes JMP B3CD353D \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtCreateFile 8056D3CA 5 Bytes JMP B3CD34FF \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A6206 7 Bytes JMP B3CD3553 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A701C 5 Bytes JMP B3CD3569 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805AC78E 7 Bytes JMP B3CD3513 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcess 805C5F8E 5 Bytes JMP B3CD3529 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C776C 5 Bytes JMP B3CD34EB \SystemRoot\system32\drivers\mfehidk.sys
? C:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C5003B
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C5002A
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C50F46
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C50F61
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C50F83
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C50073
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C50056
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C50EFC
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C50095
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C50EE1
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C50F72
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C50FCA
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C50F35
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C50F9E
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C50FB9
.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C50084
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C4005B
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C40FCA
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C40036
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C40FDB
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C4007D
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C4006C
.text C:\WINDOWS\system32\svchost.exe[208] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E60F66
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E60F81
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E6005B
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E6004A
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E60FB9
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E60F33
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E60F44
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E600A7
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E60F0E
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00E60EFD
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00E60FA8
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00E60FD4
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00E60F55
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00E60025
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00E60096
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0099002C
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00990058
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00990FE5
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0099001B
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00990FA5
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00990FB6
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0099003D
.text C:\WINDOWS\system32\services.exe[1196] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C10F6D
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C10F7E
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C10FA5
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C10062
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C10FCA
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C10F2E
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C10F3F
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C100B6
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C100A5
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C100C7
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C10F5C
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C10FDB
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C10F1D
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C0005B
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007E00B5
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007E009A
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007E0073
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007E0062
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007E0036
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007E0F74
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007E00C6
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007E00E8
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007E0F4F
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 007E0F34
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 007E0047
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 007E0F9B
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 007E0011
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 007E0FC0
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 007E00D7
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 007D0FD4
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 007D0062
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 007D0025
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 007D0FA5
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 007D0051
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 007D0036
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00850F57
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00850F68
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00850F79
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00850036
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00850FB9
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00850F29
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00850071
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008500B1
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00850F0E
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008500C2
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00850F94
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00850FE5
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00850F46
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00850FCA
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0085001B
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00850082
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006E0FB9
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006E0F94
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006E000A
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006E0FD4
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006E0051
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006E0036
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006E0FE5
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006E0025
.text C:\WINDOWS\system32\svchost.exe[1640] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\system32\svchost.exe[1640] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\svchost.exe[1640] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 006C0025
.text C:\WINDOWS\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[1640] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 006C004A
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B90000
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B90051
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B90F5C
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B90F83
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B90040
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B90FAF
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B90F41
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B90089
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B90F0B
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B90F26
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00B900BF
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00B90F94
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00B90011
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00B9006C
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00B90FCA
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00B90FDB
.text C:\WINDOWS\explorer.exe[2020] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00B900A4
.text C:\WINDOWS\explorer.exe[2020] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B80025
.text C:\WINDOWS\explorer.exe[2020] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B80F9E
.text C:\WINDOWS\explorer.exe[2020] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B8000A
.text C:\WINDOWS\explorer.exe[2020] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\explorer.exe[2020] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\explorer.exe[2020] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B80051
.text C:\WINDOWS\explorer.exe[2020] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\explorer.exe[2020] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B80040
.text C:\WINDOWS\explorer.exe[2020] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\explorer.exe[2020] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00B60FDE
.text C:\WINDOWS\explorer.exe[2020] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00B60014
.text C:\WINDOWS\explorer.exe[2020] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00B60025
.text C:\WINDOWS\explorer.exe[2020] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 011E0FEF

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-453546596-1854136969-3205899074-1005\Software\Google\NavClient\1.1\History@"More Information Mobile Mass Pay Money Market ATM/Debit Card Referrals About Us Accounts Fees Privacy Plus Card Security Center Contact Us User Agreement Developers Shops About SSL Certificates Copyright ? 1999-2006 PayPal. All rights reserved. Information about FDIC pass-through insurance" 0x2D 0x35 0x31 0x45

---- EOF - GMER 1.0.12 ----

----------------------------------------------------------------------
ComboFix:

"RICH" - 2007-05-08 23:16:56 Service Pack 2 [SAFE MODE]
ComboFix 07-05.07.3.V - Running from: "C:\Documents and Settings\RICH\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\RICH\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))


2007-05-08 01:01 <DIR> d-------- C:\DOCUME~1\RICH\DoctorWeb
2007-05-01 23:25 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-05-01 23:25 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-05-01 23:25 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-05-01 23:25 <DIR> d-------- C:\Program Files\Webroot
2007-05-01 23:23 <DIR> d-------- C:\DOCUME~1\RICH\APPLIC~1\Webroot
2007-04-20 11:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-04-20 11:56 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-04-20 11:56 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-04-20 11:56 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-04-20 11:56 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-04-20 11:56 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-04-20 11:55 <DIR> d-------- C:\Program Files\McAfee
2007-04-20 11:55 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-04-20 11:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-04-14 18:30 <DIR> d-------- C:\Program Files\Chessmaster 8000
2007-04-09 14:51 <DIR> d-------- C:\Program Files\DellSupport


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-06 06:42:37 -------- d-----w C:\Program Files\CBLIGHT
2007-05-03 08:47:20 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-02 06:23:18 -------- d-----w C:\DOCUME~1\RICH\APPLIC~1.\Webroot
2007-04-29 09:34:06 -------- d-----w C:\Program Files\Napster
2007-04-26 19:16:43 -------- d-----w C:\DOCUME~1\RICH\APPLIC~1.\Iomega Automatic Backup Pro
2007-04-25 08:58:43 -------- d-----w C:\Program Files\On2 Technologies
2007-04-20 19:07:03 -------- d-----w C:\Program Files\McAfee.com
2007-04-09 22:02:33 -------- d--h--w C:\DOCUME~1\RICH\APPLIC~1.\Gtek
2007-04-03 07:07:15 -------- d-----w C:\Program Files\Easiestutils
2007-04-01 06:56:56 -------- d-----w C:\DOCUME~1\RICH\APPLIC~1.\Opera
2007-03-30 02:46:18 1,054,448 ----a-w C:\Program Files\YouTubeFLVtoAVIconverterPro.exe
2007-03-19 19:52:07 76,978 ----a-w C:\WINDOWS\system32\nvModes.dat
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 02:01:32 -------- d-----w C:\Program Files\dvdSanta
2007-03-16 14:58:17 -------- d--h--r C:\DOCUME~1\RICH\APPLIC~1.\yahoo!
2007-03-10 19:18:55 -------- d-----w C:\DOCUME~1\RICH\APPLIC~1.\Azureus
2007-03-10 07:40:41 -------- d-----w C:\Program Files\NewsLeecher
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll"
"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"="C:\Program Files\Yahoo!\Common\yiesrvc.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"="c:\program files\mcafee\virusscan\scriptcl.dll"
"{E5A1691B-D188-4419-AD02-90002030B8EE}"="C:\PROGRA~1\FlashFXP\IEFlash.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"Apoint"="\"C:\\Program Files\\Apoint\\Apoint.exe\""
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /installquiet"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
@=""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLPSP"="\"c:\\program files\\dell printers\\Additional Color Laser Software\\Status Monitor\\DLPSP.EXE\""
"DVDBitSet"="\"C:\\Program Files\\HP CD-DVD\\Umbrella\\DVDBitSet.exe\" /NOUI"
"DVDTray"="\"C:\\Program Files\\HP CD-DVD\\Umbrella\\DVDTray.exe"
"Share-to-Web Namespace Daemon"="\"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe\""
"NWEReboot"=""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"PC Pitstop Optimize Scheduler"="\"C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe\" -boot"
"Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\""
"NapsterShell"="\"C:\\Program Files\\Napster\\napster.exe\" /systray"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"Iomega Automatic Backup Pro"="\"C:\\Program Files\\Iomega\\Automatic Backup Pro\\LiveSystem.exe\" -s"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uniblue registry booster
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
QWAVE QWAVE\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\LaunchU3.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 23:23:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s?????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-08 23:24:35
C:\ComboFix-quarantined-files.txt ... 2007-05-08 23:24
-----------------------------------------------------------------------

Latest HiJack This will be in next post - it makes this message too long.

Thanks for your help. Please tell me what to do next and if you can, include a little dialogue on what your feel/opinion of the problem is so far and a prognosis, if you have any yet.

Rich in Phoenix
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-09-2007, 03:41 PM   #9 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
Here is the latest HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 15:25, on 2007-05-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\HOMECO~1\X10COM32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\RICH\Desktop\DAILY\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en...6&dtag=h65gs71
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] ; C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: X10 Communications Link.lnk = C:\Program Files\Home Control\X10BURST.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

I'm awaiting your reply.
Rich in Phoenix
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-09-2007, 08:45 PM   #10 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Need Help - Many Processes not Loading at StartUp.
Hi Starjock,

All I’m sure is that it is not malware that is causing your problem. Did you install anything new before all this happened?

Try using system restore and go back to a previous good configuration.

Use System Restore to undo changes you’ve made to your computer:
  • Go to Start Menu -> All Programs -> Accessories -> System Tools -> System Restore.
  • Select Restore my computer to an earlier time.
  • Click the Next button and follow the wizard.


NEXT:

For this next step, please have your original Windows XP installation CD handy.

Then, please go to Start -> My Computer:
  • Right-click on Local Disk (C:) (or whichever is your primary drive), and select Properties.
  • Now go to the Tools tab, and click the Check Now button.
  • Put a checkmark next to:
    • Automatically fix file system errors.
    • Scan for and attempt recovery of bad sectors.
  • Then click the Start button.
  • You will receive a prompt to reboot your computer. Select Yes or OK, and please reboot your computer if it doesn’t do so automatically.
  • The Check Disk utility will now scan your hard drive for any damaged system files and/or hard drive sectors. Please be patient, as this scan may take awhile to complete.
  • Follow any prompts that may appear.

Let me know how things go and how things are running now.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-10-2007, 11:22 PM   #11 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
I have done the actions you requested and there is no change to my system from my first post.

My system will not System Restore. When I clicked on System Restore I receive a small message window titled"System Restore" and the message is "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again."

I did restart my computer, but I just get the same message again when I go to System Restore. I also tried running System Restore in Safe Mode, but also got the same message.
---------------------------------------------------------------------
Moving onward, I ran Check Now. It ran fine with no problems. The screen said: File system type NFTS.
Then it ran 5 stages of tests and verified each. The tests were named: File, Index, Security descriptions, File data, and Free space.

After this it started up and just before the "Welcome" screen, it flashed the Windows desktop with the green grass meadow. It hasn't done that before.

Also, my digital clock in the taskbar tray has switched from a 12 hr clock with am, pm - - to a 24 hr clock without am or pm. It did this yesterday or the day before; before I ran the tests described above. And I don't know how to get my 12 hr clock time setting back.

What do you suggest doing next?

Thanks for all your help with this problem.

Rich in Phoenix
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-11-2007, 12:54 AM   #12 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Need Help - Many Processes not Loading at StartUp.
Hi Rich in Phoenix,

A couple of questions first. How much space do you have left in your primary hard drive (the one with the Windows XP system running)?

How much space do you have in any other drives in your computer?

There are a couple of things for you to do below. Also, I’d like our experts to look over your thread and see if it is time to transfer you over to the XP or hardware forums for further advice.


Quote:
Also, my digital clock in the taskbar tray has switched from a 12 hr clock with am, pm - - to a 24 hr clock without am or pm. It did this yesterday or the day before; before I ran the tests described above. And I don't know how to get my 12 hr clock time setting back.
Yep, we can fix this.

To configure Time and Date Options in Windows XP:
  • Please go to Start -> Control Panel -> Date, Time, Language, and Regional Options -> Regional and Language Options.
  • Click the "Customize" button.
  • From there you should be able to change the format of the clock and calendar date to your preferred format.


NEXT:

Let’s see if this can fix your problem.

Please go to Start -> Run and type (or copy and paste):

devmgmt.msc

Click "OK".


Your system’s Device Manager will now open:
  • Double-click "IDE ATA/ATAPI controllers".
  • Right-click "Primary IDE Channel", select "Properties", then click on the "Advanced Settings" tab.
  • In the "Transfer Mode" dropdown list, please ensure that you have "DMA if available" for "Device 0" and "Device 1".
  • If the drop-down box already shows "DMA if available" but the current transfer mode is PIO, then you must toggle the settings. That is:
    • Change the selection from "DMA if available" to "PIO Only", then click "OK".
    • Then repeat the steps above to change the selection to "DMA if available".
  • Once you have completed the steps above for the Primary IDE Channel, then do the same for the Secondary IDE Channel.

Reboot your computer for the change to take effect.

NOTE: After reboot, please go back into the Device Manager and see whether the current transfer mode has been reset to DMA. If the current transfer mode remains PIO, then please right-click the Primary IDE or Secondary IDE channel, and select Uninstall. Reboot again, and let me know if the problem persists.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-11-2007, 12:52 PM   #13 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
I have one hard drive inside my laptop. It is 80 GB and designated drive C. When I click properties and get a pie chart, it says: Used space is 44 GB, free space 31 GB.

Externally, I have a 250GB Iomega Net HDD. The pie chart for it says: Used Space 202GB, free space 27 GB.

I went to "Device Manager", but after I Right-click and get a context menu that includes Properties, I left click on Properties and nothing happens. No Property Window comes up. This is the same for several of the devices listed in the Device Manager window, including the IDE Channel items.

The Property Window comes up for many other items on my computer, but not for items within the "Device Manager" window. For instance, If I Right-click a Desktop icon and get the context menu, then left click Properties which is at the bottom of the context menu list, I get a Properties window with no problem.

So, because of this I could not complete your last suggested procedure.

What do you suggest to do next?

Thanks again for your help.
Rich in Phoenix
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-11-2007, 09:38 PM   #14 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Need Help - Many Processes not Loading at StartUp.
OK, let's do this and see if Windows will repair itself.

Go back to the Device Manager, right-click your Primary IDE Channel and select Uninstall

Then reboot your system. See whether you can access the Properties of some of the devices in the Device Manager now.

It looks like there may also be some corrupt drivers. But, we can't do anything about those until we fix the Device Manager problem.


NEXT:

Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues.

Go to Start -> Run and type in eventvwr. Click OK.





This is a picture of what the Event Viewer looks like.

You will see Application, Security, and System listed in the left pane.
  1. In the left pane click on Application.
  2. Click the gray title Type at the top of the source name column in the right pane to sort by type name.
  3. Look for Error and double-click on the most recent 10, and evaluate the event description for any indication of the cause of the problem.
  4. Make note of the Description, EventID, and Source of these Event Properties.
  5. From the right pane, double-click on the line where it says Error and you should get a window like the example below:





  6. In the upper right corner of this picture, you should see 2 arrows. One is pointing up and the other, pointing down.
  7. There is another button below the 2 arrows. Click once on it. (this will copy some information to the clipboard).
  8. Open Notepad and paste the info in there. Paste the information for each event here.

Repeat steps 1-8 for System.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 05-11-2007 at 10:31 PM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2007, 12:54 PM   #15 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
I uninstalled the Primary IDE Channel and rebooted. At reboot I got a Warning about "New Hardware Installation" saying the software had not passed Windows Logo Test, and it advised to not load it. I didn't. There were two warnings. First for the Disk Drive and the second for the Primary IDE Channel.

Then my desktop came up and II went back to Device Manager but still could not get a Property Window to come up. Also there are two Yellow Exclamation marks over the IDE channel and the Disk Drive. There is also a Red X over the 1394 Net Adapter.

I went to Event Viewer and got the first screen shown in your message. Then I clicked on Application and got a list with 3 sections: Error, Warning and Information. But, when I double click on any itel listed, nothing happens. The second window you show in your message doesn't come up.

I looked at both the Application and System lists and have attached a list of the most recent items I saw. Perhaps this will help you.

Also, after doing these tests while I was using my computer to look at some websites and also looking at some of my documents via Explorer, the screen went completely Blue and I couldn't do anything except push the power button to shut off the computer and restart. This has happened about 3 times now.

I'm seriously considering just cleaning the disk and reinstalling the Operating System and Drivers. I had to do this 5 or 6 years ago on another computer I had, and sometimes it is the least painful method in the long run.

What do you think?

Rich in Phoenix
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2007, 01:05 PM   #16 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
Here's the Event Viewer Report, attached. I don't think it got attached to last message.

Rich in Phoenix
Attached Files
File Type: doc Event Viewer Report.doc (24.5 KB, 3 views)
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2007, 11:33 PM   #17 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Need Help - Many Processes not Loading at StartUp.
Hi Rich in Phoenix,

The experts have looked over your thread. There is some serious OS corruption there.

They agree that it would be best to reinstall Windows XP. You can try a repair reinstall first:
http://www.michaelstevenstech.com/XPrepairinstall.htm

If the repair reinstall fails, then you would have to do a clean reinstall:
http://www.winsupersite.com/showcase...p_sg_clean.asp

Please let me know how things go.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-14-2007, 04:52 PM   #18 (permalink)
Registered User
 
Join Date: May 2007
Location: Phoenix, Arizona
Posts: 11
OS: Windows XP Media Center 2005


Re: Need Help - Many Processes not Loading at StartUp.
Hi Sempura,

Well, I wiped the computer clean and then reloaded Windows XP Media Center OS. Things are running great now! I reinstalled my McAfee and Webroot SpySweeper programs for protection. I downloaded the HiJackThis application and ran a scan and generated a log for reference. Do you think these programs are sufficient to protect my computer in the future? I don't want to add too many malware and virus detector programs that may be conflicting with one another or slowing down the computer unnecessarily, but on the other hand I do want to be protected against another hassle starting up again.

Again thanks for all your help, I plan to contribute a few bucks to this website to keep you guys going.

Rich in Phoenix
Starjock is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-14-2007, 09:00 PM   #19 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: Need Help - Many Processes not Loading at StartUp.
Hi Rich in Phoenix,

You’re most welcome, Rich in Phoenix. I’m glad to hear that your system is running better now.

In terms of protection, you could add a firewall (Windows firewall is crappy). If your McAfee doesn’t have a firewall, then install one of these good and FREE firewalls.

Firewall (a must!)
It is definitely a must have. Some good FREE versions are Comodo, Outpost, or ZoneAlarm.

Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

You could also install these passive protection programs. They don’t take up any resources, won’t conflict with any active protection programs, and will make your surfing somewhat safer.

SpywareBlaster
This is a great FREE prevention tool to keep nasties from installing on your system.
Tutorial: How to use!

IE-SPYAD
This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Tutorial: How to use!

Thank you for considering a donation! We are all most appreciative of any support to keep this site up and running. Thank you!!
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:44 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84